Report - www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=

Report Overview

Submitted URL
www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
IP
89.23.103.7
ASN
#48687 Noviton Ltd
Submitted
2022-12-18 00:58:05
Access
Website Title
Final URL
Tags
wellsfargo
urlquery detections
Phishing - Wells Fargo

Detections

urlquery
9
Network Intrusion Detection
0
Threat Detection Systems
62

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.149.156.115
www.wls-fargo-account.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	7.4 kB	273 kB	89.23.103.7
connect.secure.wellsfargo.com	11812	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	407 B	1.2 kB	23.36.79.34
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	7.1 kB	95.101.11.115
ajax.googleapis.com	12905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	32 kB	142.250.74.74
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
cdnjs.cloudflare.com	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	433 B	9.4 kB	104.17.25.14
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	686 B	1.4 kB	142.250.74.131
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.5 kB	93.184.220.29
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	61 kB	34.120.237.76
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-12-16	medium	www.wls-fargo-account.com/	Wells Fargo & Company
2022-12-16	medium	www.wls-fargo-account.com/	Wells Fargo & Company
2022-12-16	medium	www.wls-fargo-account.com/	Wells Fargo & Company
2022-12-16	medium	www.wls-fargo-account.com/	Wells Fargo & Company
2022-12-16	medium	www.wls-fargo-account.com/	Wells Fargo & Company
2022-12-16	medium	www.wls-fargo-account.com/	Wells Fargo & Company
2022-12-16	medium	www.wls-fargo-account.com/	Wells Fargo & Company
2022-12-16	medium	www.wls-fargo-account.com/	Wells Fargo & Company
2022-12-16	medium	www.wls-fargo-account.com/	Wells Fargo & Company
2022-12-16	medium	www.wls-fargo-account.com/	Wells Fargo & Company
2022-12-17	medium	www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=	Wells Fargo & Company
2022-12-16	medium	www.wls-fargo-account.com/	Wells Fargo & Company
2022-12-16	medium	www.wls-fargo-account.com/	Wells Fargo & Company
2022-12-16	medium	www.wls-fargo-account.com/	Wells Fargo & Company

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-18	medium	www.wls-fargo-account.com/Spox/Files/img/ba7t.svg	Phishing
2022-12-18	medium	www.wls-fargo-account.com/Spox/Files/img/tccc.svg	Phishing
2022-12-18	medium	www.wls-fargo-account.com/Spox/Files/img/WF_stagecoach_rgb_ylw_F1.svg	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-18	medium	wls-fargo-account.com	Sinkholed
2022-12-18	medium	wls-fargo-account.com	Sinkholed
2022-12-18	medium	wls-fargo-account.com	Sinkholed
2022-12-18	medium	wls-fargo-account.com	Sinkholed
2022-12-18	medium	wls-fargo-account.com	Sinkholed
2022-12-18	medium	wls-fargo-account.com	Sinkholed
2022-12-18	medium	wls-fargo-account.com	Sinkholed
2022-12-18	medium	wls-fargo-account.com	Sinkholed
2022-12-18	medium	wls-fargo-account.com	Sinkholed
2022-12-18	medium	wls-fargo-account.com	Sinkholed
2022-12-18	medium	wls-fargo-account.com	Sinkholed
2022-12-18	medium	wls-fargo-account.com	Sinkholed
2022-12-18	medium	wls-fargo-account.com	Sinkholed
2022-12-18	medium	wls-fargo-account.com	Sinkholed

JavaScript (4)

	URL	Size	First Seen	Last Seen
	cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js	29 kB	2023-03-07	2024-07-26
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:37 Last Seen2024-07-26 18:41:49 Times Seen4252 Hash 65d26571933bceaf63fb8cc76e7cbee3 ced024e4ee91e3b87f0d068c35008118c7fb60e8 f1264020dbe3f8813dceb1e15a7d5f4a48f2142e413cb310e7a256f4999d949a Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js	88 kB	2023-03-07	2024-07-27
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js IP 142.250.74.74 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-07-27 07:51:53 Times Seen109642 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=	207 B	2023-03-07	2023-04-01
Pretty URL www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso= IP 89.23.103.7 ASN #48687 Noviton Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:38:43 Last Seen2023-04-01 10:43:25 Times Seen5 Hash b9f653328d0baa41b5286b646a9f8a4c a6c04628070de88b4a831cd33e0136d38deb4eff 7bad145ebe9677d8ed7207317b6bc8627768c2dc3801a59b5d902fe01c627a40 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/toggleDisabled.js	1.5 kB	2023-03-07	2024-06-23
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/toggleDisabled.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17:38 Last Seen2024-06-23 11:34:15 Times Seen1986 Hash 63b5a507f54e01418d48f37a53d90896 2b80dcd3c5d18e56b35a451d09838fab7a506471 256a06c938ecc394af763d147219fa14033d3528b1ed9da5f1e2f2ddbc8d2b08 Loading...

HTTP Transactions (40)

URL IP Response Size

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ae86164fd9297dfdc05d67d69284d70e
5e5f27e3fd492f715baa6820f05c0fafde4040b3
be20f6ae6a51d20611cb4d350b52a5d0a339af6722fe9b2482ef58826c1e9de0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE20F6AE6A51D20611CB4D350B52A5D0A339AF6722FE9B2482EF58826C1E9DE0"
Last-Modified: Thu, 15 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3030
Expires: Sun, 18 Dec 2022 01:48:24 GMT
Date: Sun, 18 Dec 2022 00:57:54 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9f3cf7e36f17a535e53e5213c02cf2b4
e65acbc03135ce135b9e91b4f74b3e1439faa6f6
a2317476862acd0a92fe523454c3991752b07ba14e7667f421dd9624e0233758

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A2317476862ACD0A92FE523454C3991752B07BA14E7667F421DD9624E0233758"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18596
Expires: Sun, 18 Dec 2022 06:07:50 GMT
Date: Sun, 18 Dec 2022 00:57:54 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 18 Dec 2022 00:34:16 GMT
content-type: application/json
age: 1418
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5b38399fcc8246505e5e6b0f62803a5a
bb374f8d97b2bd798873d74c6bbab20ad6843e96
406ab3af8adf2b151c052a06c0379fd8d83d3362e90c17ac2e5481b6b9a7441f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "406AB3AF8ADF2B151C052A06C0379FD8D83D3362E90C17AC2E5481B6B9A7441F"
Last-Modified: Thu, 15 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2906
Expires: Sun, 18 Dec 2022 01:46:20 GMT
Date: Sun, 18 Dec 2022 00:57:54 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: HWvBlQsGMlSquZ464TvgB6DrmvLAXwGJSit8IaIAqSxs8OaEgxaIKIl96gAvZNqRKzwm+1vQXwY=
x-amz-request-id: 47S72ATMD58TCY5P
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 18 Dec 2022 00:52:00 GMT
age: 354
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a4c3652506a23a8f32ecf163ca42f373
0d89faa8a2f393da242b22a678aea5e161a47566
3ab1be66f38a53730ae8a5c38db4bc1c50b67698c83eb10dd94de22302450d21

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3AB1BE66F38A53730AE8A5C38DB4BC1C50B67698C83EB10DD94DE22302450D21"
Last-Modified: Sun, 18 Dec 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21589
Expires: Sun, 18 Dec 2022 06:57:43 GMT
Date: Sun, 18 Dec 2022 00:57:54 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:54 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js

104.17.25.14

200 OK

8.2 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (29177)
Size
8.2 kB (8247 bytes)
Hash
3fdff2e939c645b7a6240f3f5c531494
4cbd07003e2b5079c61fa2ee1bbf936ee752ab6d
39974b1df4f4189f8bf39197b11a81928be2ea6c920fa8939557e6b517148322

HTTP Headers

GET /ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 18 Dec 2022 00:57:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 8247
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec2-72c7"
last-modified: Mon, 04 May 2020 16:11:46 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 22224411
expires: Fri, 08 Dec 2023 00:57:54 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZNn8Iv98IR4MMhhHnSspkKFSrWfo1ywx6iCFGdoUTM19a54R1ctSR2BeMXuzZxPnqGkfTJ9s8dPQIV6c4IJR3yivTPXBTxefqNkYPxBKNifC01%2B6dvK%2F66HHHpdg%2FOkiucE9D%2Bxy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 77b3f2750fbbb524-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
b09c5fd392d9d40a99ab4c70e59fd24e
40e39676ca8052fd8b9eab501750f0011737f507
8c2b60b0ec0a8121d5c5a8dda2ec1a57b923efe10246386262f359f6a458cdcd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 00:57:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Backoff, Content-Length, Pragma, Alert, Expires, Last-Modified, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 18 Dec 2022 00:08:00 GMT
age: 2994
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js

142.250.74.74

200 OK

31 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65451)
Size
31 kB (30774 bytes)
Hash
81182f4b684635f6bdcbdd907ee66f25
a1f2f151df72ede41397c8131bd47a3ce85575b3
be40946c98d9a78a3c7c9ad097d379ab12549a195bd7a4766919a1d3fd987396

HTTP Headers

GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 13 Dec 2022 11:09:21 GMT
expires: Wed, 13 Dec 2023 11:09:21 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 395313
last-modified: Mon, 13 May 2019 14:37:17 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
b09c5fd392d9d40a99ab4c70e59fd24e
40e39676ca8052fd8b9eab501750f0011737f507
8c2b60b0ec0a8121d5c5a8dda2ec1a57b923efe10246386262f359f6a458cdcd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 00:57:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
2d1752cd6eb7f48e7494373911a5b996
43d9c23c4d03cccce0fc478f0e12c0874dc762fd
aded7fd1d638c001b0b462fdfeee0549d2ed61b51ced88eb83690e2e20ed36d8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5110
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 00:57:54 GMT
Last-Modified: Sat, 17 Dec 2022 23:32:45 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

54.149.156.115

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.149.156.115:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 0cHTylue7CDi2Y3tasEHhw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 8k/JUFwIWmq/fpO2hVZvb0gMNSU=

www.wls-fargo-account.com/Spox/Files/img/alert_login.png

89.23.103.7

200 OK

330 B

URL HTTP/2
www.wls-fargo-account.com/Spox/Files/img/alert_login.png
IP
89.23.103.7:0
ASN
#48687 Noviton Ltd

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
330 B (330 bytes)
Hash
639ff02b8971b8776608ae20590dbf98
8de900ccd92e9056c5cd97cd9f1d2a957ab34d67
51adbf5bc6f1f859b465cdba71920ad306f53c1898dcf4a5c53e174942cac4c0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company
quad9	Sinkholed

HTTP Headers

GET /Spox/Files/img/alert_login.png HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
Cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:55 GMT
content-type: image/png
content-length: 330
x-accel-version: 0.01
last-modified: Sat, 31 Aug 2019 02:02:02 GMT
etag: "14a-591601febfa80"
accept-ranges: bytes
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-powered-by: PleskLin
X-Firefox-Spdy: h2

www.wls-fargo-account.com/Spox/Files/img/down.png

89.23.103.7

200 OK

467 B

URL HTTP/2
www.wls-fargo-account.com/Spox/Files/img/down.png
IP
89.23.103.7:0
ASN
#48687 Noviton Ltd

File type
PNG image data, 30 x 15, 8-bit/color RGBA, non-interlaced\012- data
Size
467 B (467 bytes)
Hash
b191a6331fd274d8707e81d2fd623313
dbe24fd92ca34cae65a9eee8176d7671e2499f41
5145f5faf6c1269bdd974357ed344b9cd5f4e4cea424c14dd302a9c11a206741

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company
quad9	Sinkholed

HTTP Headers

GET /Spox/Files/img/down.png HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
Cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:55 GMT
content-type: image/png
content-length: 467
x-accel-version: 0.01
last-modified: Sat, 31 Aug 2019 01:15:08 GMT
etag: "1d3-5915f7831bf00"
accept-ranges: bytes
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-powered-by: PleskLin
X-Firefox-Spdy: h2

www.wls-fargo-account.com/Spox/Files/img/go.png

89.23.103.7

200 OK

1.0 kB

URL HTTP/2
www.wls-fargo-account.com/Spox/Files/img/go.png
IP
89.23.103.7:0
ASN
#48687 Noviton Ltd

File type
PNG image data, 8 x 7, 8-bit/color RGBA, non-interlaced\012- data
Size
1.0 kB (1036 bytes)
Hash
be505af34d87e1972b34b80aa1514877
a3ddb49f2bb237cdbdb0aa99811bc74029b1ad29
df500743bbedcef7623fdf2ef0c05ca411437c6216674271f4cc8b32f910f96d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company
quad9	Sinkholed

HTTP Headers

GET /Spox/Files/img/go.png HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
Cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:55 GMT
content-type: image/png
content-length: 1036
last-modified: Sat, 31 Aug 2019 01:17:04 GMT
etag: "5d69ca90-40c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.wls-fargo-account.com/Spox/Files/img/save.png

89.23.103.7

200 OK

889 B

URL HTTP/2
www.wls-fargo-account.com/Spox/Files/img/save.png
IP
89.23.103.7:0
ASN
#48687 Noviton Ltd

File type
PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced\012- data
Size
889 B (889 bytes)
Hash
f4128302ec1a418085f8ee6f11db2699
5f07195d458121558a6c2eb671a89924efcac423
f7899cfdbc342decc4aeb0bae9ada39bfaa8ae3c687fc72119fca2efdf77dff2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company
quad9	Sinkholed

HTTP Headers

GET /Spox/Files/img/save.png HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
Cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:55 GMT
content-type: image/png
content-length: 889
x-accel-version: 0.01
last-modified: Sat, 31 Aug 2019 01:09:58 GMT
etag: "379-5915f65b78580"
accept-ranges: bytes
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-powered-by: PleskLin
X-Firefox-Spdy: h2

www.wls-fargo-account.com/Spox/Files/img/ba7t.svg

89.23.103.7

200 OK

2.3 kB

URL HTTP/2
www.wls-fargo-account.com/Spox/Files/img/ba7t.svg
IP
89.23.103.7:0
ASN
#48687 Noviton Ltd

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1204)
Size
2.3 kB (2345 bytes)
Hash
52cfbc505ce987a33cb0e9cf8a846c22
02a62bffda246cd13f08887c3d1a20b3517a770e
d8401dffb0fbd458ce8332222f9a1d3431bcba86f9401debf60e7783242d4150

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /Spox/Files/img/ba7t.svg HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
Cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:55 GMT
content-type: image/svg+xml
content-length: 2345
last-modified: Sat, 31 Aug 2019 01:13:10 GMT
etag: "5d69c9a6-929"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.wls-fargo-account.com/Spox/Files/img/closex.png

89.23.103.7

200 OK

1.7 kB

URL HTTP/2
www.wls-fargo-account.com/Spox/Files/img/closex.png
IP
89.23.103.7:0
ASN
#48687 Noviton Ltd

File type
PNG image data, 29 x 29, 8-bit/color RGBA, non-interlaced\012- data
Size
1.7 kB (1676 bytes)
Hash
c009521aaba8ddf151dbc15b2115739f
9068f6a75c6c33bb7cbc0377ffb6ea7fed9741d0
b319b049366dde73690990738ac5af4fb9937d18abac85b01aaff185b5262868

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company
quad9	Sinkholed

HTTP Headers

GET /Spox/Files/img/closex.png HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
Cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:55 GMT
content-type: image/png
content-length: 1676
last-modified: Sat, 31 Aug 2019 01:15:36 GMT
etag: "5d69ca38-68c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.wls-fargo-account.com/Spox/Files/img/tccc.svg

89.23.103.7

200 OK

6.2 kB

URL HTTP/2
www.wls-fargo-account.com/Spox/Files/img/tccc.svg
IP
89.23.103.7:0
ASN
#48687 Noviton Ltd

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4992)
Size
6.2 kB (6173 bytes)
Hash
4f28eb5e8625fb02c537603a49677ecb
86e2e3565683359ece8baa2e663d00aee2bd61fa
f8cb039a63b11f207edf324bbfdabbbfaa2d421729785dca77020490c293185e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /Spox/Files/img/tccc.svg HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
Cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:55 GMT
content-type: image/svg+xml
content-length: 6173
last-modified: Sat, 31 Aug 2019 01:12:10 GMT
etag: "5d69c96a-181d"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.wls-fargo-account.com/Spox/Files/img/WF_stagecoach_rgb_ylw_F1.svg

89.23.103.7

200 OK

232 kB

URL HTTP/2
www.wls-fargo-account.com/Spox/Files/img/WF_stagecoach_rgb_ylw_F1.svg
IP
89.23.103.7:0
ASN
#48687 Noviton Ltd

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (64928)
Size
232 kB (231865 bytes)
Hash
52869c556c01e3f3e9e26217c50d7904
d001f35d89952d849b9ec4f4b67092b08d044046
9843ab395fb4cf414353b03927156a9d38c3cc3157469afd9ee97f2058445e39

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /Spox/Files/img/WF_stagecoach_rgb_ylw_F1.svg HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
Cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:55 GMT
content-type: image/svg+xml
content-length: 231865
last-modified: Sat, 31 Aug 2019 01:13:56 GMT
etag: "5d69c9d4-389b9"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.wls-fargo-account.com/Spox/Files/css/enhanced-header.css

89.23.103.7

200 OK

1.7 kB

URL HTTP/2
www.wls-fargo-account.com/Spox/Files/css/enhanced-header.css
IP
89.23.103.7:0
ASN
#48687 Noviton Ltd

File type
ASCII text
Size
1.7 kB (1673 bytes)
Hash
25773ce405eebc39b373b0354328eab7
6a7c6aad9ba020f9af4e4336cb440990a65fa2ca
a9fa1b65fac4801b1396833ddfe36208d7caacf37d05e326e0ec2f3f28375786

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
quad9	Sinkholed

HTTP Headers

GET /Spox/Files/css/enhanced-header.css HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
Cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:55 GMT
content-type: text/css
last-modified: Sat, 31 Aug 2019 22:15:26 GMT
etag: W/"5d6af17e-e6b"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

www.wls-fargo-account.com/Spox/Files/css/wf.css

89.23.103.7

200 OK

23 kB

URL HTTP/2
www.wls-fargo-account.com/Spox/Files/css/wf.css
IP
89.23.103.7:0
ASN
#48687 Noviton Ltd

File type
ASCII text
Size
23 kB (22624 bytes)
Hash
83e4b5e2f882e9ae1c44af7295d3731e
892e69a881d9ef73f1524b1c3897d41d8bd2b417
d89a79be7ca4ab6cbed50cd2f92be7adadef607171faea14a85d43b5d0bbddd6

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
quad9	Sinkholed

HTTP Headers

GET /Spox/Files/css/wf.css HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
Cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:55 GMT
content-type: text/css
x-accel-version: 0.01
last-modified: Sat, 31 Aug 2019 01:34:38 GMT
etag: W/"c7-5915fbdee8780"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
655d864dacd0b058d62e14ca113e957e
dd977b3098ccd8d7a9b6cc8a817a5ae3b4680623
d01980fe1da310252c85b44f414558664520d554e5c2e56149bfdf998d3ba75e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4781
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 18 Dec 2022 00:57:55 GMT
Last-Modified: Sat, 17 Dec 2022 23:38:14 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

connect.secure.wellsfargo.com/favicon.ico

23.36.79.34

200 OK

508 B

URL HTTP/1.1
connect.secure.wellsfargo.com/favicon.ico
IP
23.36.79.34:0
ASN
#20940 Akamai International B.V.

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
508 B (508 bytes)
Hash
0ff9d0afb73b054116f382a98f37a437
ba616b727d91a584152ec72649bb889152077936
d2c81359c31499c0275e363e948f6bde6c51f9b49e349299c324c9b0e3fdab67

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: image/x-icon
Last-Modified: Thu, 03 Nov 2022 01:27:15 GMT
ETag: "636318f3-47e"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
$host: wellsfargo.com
Cache-Control: max-age=3600
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sun, 18 Dec 2022 00:57:56 GMT
Content-Length: 508
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=4N53div8ISA5YPpQU%2fUzpg%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
74619c8a7d32d46fc91cc86f793f107c
3f2b1390ef4f7cd385f513d57297fa482f7dd43c
6aa1fbfb532fc85b041684e259bbeecf53c7e7f711c8d414fc0775c4c1404457

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6AA1FBFB532FC85B041684E259BBEECF53C7E7F711C8D414FC0775C4C1404457"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20013
Expires: Sun, 18 Dec 2022 06:31:29 GMT
Date: Sun, 18 Dec 2022 00:57:56 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
74619c8a7d32d46fc91cc86f793f107c
3f2b1390ef4f7cd385f513d57297fa482f7dd43c
6aa1fbfb532fc85b041684e259bbeecf53c7e7f711c8d414fc0775c4c1404457

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6AA1FBFB532FC85B041684E259BBEECF53C7E7F711C8D414FC0775C4C1404457"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20013
Expires: Sun, 18 Dec 2022 06:31:29 GMT
Date: Sun, 18 Dec 2022 00:57:56 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
74619c8a7d32d46fc91cc86f793f107c
3f2b1390ef4f7cd385f513d57297fa482f7dd43c
6aa1fbfb532fc85b041684e259bbeecf53c7e7f711c8d414fc0775c4c1404457

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6AA1FBFB532FC85B041684E259BBEECF53C7E7F711C8D414FC0775C4C1404457"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20013
Expires: Sun, 18 Dec 2022 06:31:29 GMT
Date: Sun, 18 Dec 2022 00:57:56 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
74619c8a7d32d46fc91cc86f793f107c
3f2b1390ef4f7cd385f513d57297fa482f7dd43c
6aa1fbfb532fc85b041684e259bbeecf53c7e7f711c8d414fc0775c4c1404457

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6AA1FBFB532FC85B041684E259BBEECF53C7E7F711C8D414FC0775C4C1404457"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20013
Expires: Sun, 18 Dec 2022 06:31:29 GMT
Date: Sun, 18 Dec 2022 00:57:56 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a667002-4518-4b30-baaa-3a4eab2bdc1d.jpeg

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a667002-4518-4b30-baaa-3a4eab2bdc1d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8696 bytes)
Hash
ada04738696f861648635c9ba98841e4
ce644cd4349d88aa7c24b2503b0b18b444061639
e5cee777efbf1d8a0f95f6cce71199e5f016a91f90cf0afe38bc86654b9d730d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a667002-4518-4b30-baaa-3a4eab2bdc1d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8696
x-amzn-requestid: c897aeed-a082-46a1-965f-39e8c763cb05
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT10ZH3jIAMF0gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e3682-548ac80840737a20743980f5;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:37:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JecluZu8ExMmP-UHM8QbK-bjm_yqULU1tl2QQDfKMea8NHM6y2JI7g==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 21:37:06 GMT
age: 12050
etag: "ce644cd4349d88aa7c24b2503b0b18b444061639"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff713a978-5d83-49aa-ba90-1412f38e5ac7.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10649 bytes)
Hash
d5f2b7168c67f3a6991208c4736b75c5
535c0c1841ab4a27ba69729403bcf5d56c99cb85
98a7be322eb5eb0a67e3672c03e0a4ed938d63b939ecbcedaf8a6e21cda6dcbd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff713a978-5d83-49aa-ba90-1412f38e5ac7.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10649
x-amzn-requestid: da30f426-ee8f-45c8-a652-61c813a03de2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT3_dFe-IAMFySA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e39fc-6e187baf4d58c2434f156710;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:51:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QEMdhIVqMzYqJYNilQungzrCNrGTx_hnIRzaZ5dCwfkM6FK0K9mMHw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 22:19:50 GMT
age: 9486
etag: "535c0c1841ab4a27ba69729403bcf5d56c99cb85"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6b04bcc-ed1e-40f8-81f9-587f3470d5fe.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.9 kB (9925 bytes)
Hash
578392bee48563d778885698790a124b
597892da925c3a363878e81ff02032a316303512
d30fe2470e1f63c5249fd42d7cd804bbf326cf9a703c61e31b5322ebdb26fca6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb6b04bcc-ed1e-40f8-81f9-587f3470d5fe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9925
x-amzn-requestid: 15eb2112-b947-458a-8544-51bac721773d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT2k9HNjIAMFTTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e37b9-7c5b94866d266af252f133b3;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:42:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vffD2KxBpOeR3uM-GHLzYmIlBCBR4K6R1ScupFeM7PQEsZSqHi_eZQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 21:54:10 GMT
age: 11026
etag: "597892da925c3a363878e81ff02032a316303512"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5185 bytes)
Hash
bfd0e913579b4ff2f511223d70cb01fb
497e0ffef816e100e6ddc221ec17d5f389c1142a
bee68ae1a938a5111a32dab4ec4f6964994e6c39143eac9ab94d6c5e29999372

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5185
x-amzn-requestid: 3087af97-3f2d-4848-b297-eba8d84f10c5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT10YHv8oAMF2sg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e3682-7527022d4bd9c15518fe75cc;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:37:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KyEMrUTeuVTPJ3EIkrH1DLYqa4bHK7fe6dApTAFP4XY0G4airnflGA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 21:37:06 GMT
age: 12050
etag: "497e0ffef816e100e6ddc221ec17d5f389c1142a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F784b33ef-7983-46bb-9758-beb8b0593d31.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13556 bytes)
Hash
f3a2d422a57f1136e204524834143a2f
34c817327586272e8a6145d66ea94ff64a6516f6
fca96a776039d1849686e14b35ff9abd8df5840258d30a2cbb90abeccae6362d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F784b33ef-7983-46bb-9758-beb8b0593d31.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13556
x-amzn-requestid: 71031d93-d8e8-4283-a6fc-b7d5cba06ee9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT2tjFCkoAMF0tw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e37f0-09aef00c4fdb703a282676a8;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:43:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jF5QEL373s6PG5rTKegMkKAJtgikeC4wECdL_zbJEbNii40vQ2wmQA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 21:54:10 GMT
etag: "34c817327586272e8a6145d66ea94ff64a6516f6"
content-type: image/jpeg
age: 11026
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84bf1c00-912e-4885-8447-de9d4662e95c.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.7 kB (6671 bytes)
Hash
9f123305838f751806534e09e06c290c
11187fd75e00056a24d3291028b27fec48a2307c
fe2f370bc79c8941fbcd4a8f4cb2af9e72a70a2bf19c4073253fdf04b4280bc7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84bf1c00-912e-4885-8447-de9d4662e95c.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6671
x-amzn-requestid: c45adf76-3278-4dad-a60b-a9097d7d56e0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dGqxLEi_oAMFj3w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6398f1a0-5d517bcc7a40b06e46eb611d;Sampled=0
x-amzn-remapped-date: Tue, 13 Dec 2022 21:41:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -sqiPFG1rz216LGT5GGMYg-i7k-zLKH6dZCV5WDO4LmVPA6ZxyYl-A==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Dec 2022 13:27:04 GMT
age: 41452
etag: "11187fd75e00056a24d3291028b27fec48a2307c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=

89.23.103.7

200 OK

0 B

URL HTTP/2
www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
IP
89.23.103.7:0
ASN
#48687 Noviton Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
quad9	Sinkholed

HTTP Headers

GET /login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso= HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:54 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4; path=/
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-powered-by: PHP/8.0.26, PleskLin
content-encoding: br
X-Firefox-Spdy: h2

www.wls-fargo-account.com/Spox/Files/css/global.css

89.23.103.7

200 OK

0 B

URL HTTP/2
www.wls-fargo-account.com/Spox/Files/css/global.css
IP
89.23.103.7:0
ASN
#48687 Noviton Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
quad9	Sinkholed

HTTP Headers

GET /Spox/Files/css/global.css HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
Cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:55 GMT
content-type: text/css
last-modified: Sat, 31 Aug 2019 01:34:34 GMT
etag: W/"5d69ceaa-408a"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

www.wls-fargo-account.com/Spox/Files/css/content.css

89.23.103.7

200 OK

0 B

URL HTTP/2
www.wls-fargo-account.com/Spox/Files/css/content.css
IP
89.23.103.7:0
ASN
#48687 Noviton Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
quad9	Sinkholed

HTTP Headers

GET /Spox/Files/css/content.css HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
Cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:55 GMT
content-type: text/css
last-modified: Sat, 31 Aug 2019 01:28:06 GMT
etag: W/"5d69cd26-568"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

www.wls-fargo-account.com/Spox/Files/css/enhanced-footer.css

89.23.103.7

200 OK

0 B

URL HTTP/2
www.wls-fargo-account.com/Spox/Files/css/enhanced-footer.css
IP
89.23.103.7:0
ASN
#48687 Noviton Ltd

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
quad9	Sinkholed

HTTP Headers

GET /Spox/Files/css/enhanced-footer.css HTTP/1.1
Host: www.wls-fargo-account.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.wls-fargo-account.com/login?wells_id=4c6850bb3249fc88fd17a2aba&country=&iso=
Cookie: PHPSESSID=be01e01o1fhhilafv1q9mjo8a4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 18 Dec 2022 00:57:55 GMT
content-type: text/css
last-modified: Sat, 31 Aug 2019 01:28:32 GMT
etag: W/"5d69cd40-b64"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (40)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size