Report - wellafargorewards.com/

Report Overview

Submitted URL
wellafargorewards.com/
IP
185.53.177.54
ASN
#61969 Team Internet AG
Submitted
2024-04-24 07:15:56
Access
public
Website Title
wellafargorewards.com
Final URL
wellafargorewards.com/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
wellafargorewards.com	unknown	unknown	2023-01-14	2023-01-14	2.6 kB	8.4 kB	185.53.177.54
d38psrni17bvxu.cloudfront.net	unknown	2008-04-25	2022-09-22	2024-04-23	482 B	12 kB	54.230.241.34
www.adsensecustomsearchads.com	unknown	2011-01-28	2015-09-02	2024-04-23	3.4 kB	196 kB	216.58.211.14
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	436 B	75 kB	142.250.74.100
afs.googleusercontent.com	12123	2008-11-17	2013-05-06	2024-04-23	997 B	2.1 kB	142.250.74.97

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-24	medium	wellafargorewards.com	Sinkholed
2024-04-24	medium	wellafargorewards.com	Sinkholed
2024-04-24	medium	wellafargorewards.com	Sinkholed
2024-04-24	medium	wellafargorewards.com	Sinkholed
2024-04-24	medium	wellafargorewards.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=1167268112&pcsa=false&channel=000001%2Cbucket102%2Cbucket077&client=dp-teaminternet09_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Fwellafargorewards.com%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDIsYnVja2V0MDc3fHx8fHx8NjYyOGIxOTJiZDBlZHx8fDE3MTM5NDI5MzAuNzg0NHwxMzZhMWZkY2NhYTljN2Y3MjA2M2ZmN2Y3ZWQxOTU3YWRiZDlhMmUyfHx8fHwxfHwwfDB8fHx8MXx8fHx8MHwwfHx8fHx8fHx8fDB8MHx8MHx8fDB8MHxXMTA9fHwxfFcxMD18NzNhOWRlMWEyODY5Y2IwNjA5ODc1NDcxOTIzNDAxMDkzNGVjNGFkM3wwfGRwLXRlYW1pbnRlcm5ldDA5XzNwaHwwfDB8fA%253D%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2100394959323368&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3%7Cs&nocache=4731713942931328&num=0&output=afd_ads&domain_name=wellafargorewards.com&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1713942931331&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=625314022&rurl=https%3A%2F%2Fwellafargorewards.com%2F	870 B	2024-04-24	2024-04-24
Pretty URL www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=1167268112&pcsa=false&channel=000001%2Cbucket102%2Cbucket077&client=dp-teaminternet09_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Fwellafargorewards.com%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDIsYnVja2V0MDc3fHx8fHx8NjYyOGIxOTJiZDBlZHx8fDE3MTM5NDI5MzAuNzg0NHwxMzZhMWZkY2NhYTljN2Y3MjA2M2ZmN2Y3ZWQxOTU3YWRiZDlhMmUyfHx8fHwxfHwwfDB8fHx8MXx8fHx8MHwwfHx8fHx8fHx8fDB8MHx8MHx8fDB8MHxXMTA9fHwxfFcxMD18NzNhOWRlMWEyODY5Y2IwNjA5ODc1NDcxOTIzNDAxMDkzNGVjNGFkM3wwfGRwLXRlYW1pbnRlcm5ldDA5XzNwaHwwfDB8fA%253D%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2100394959323368&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3%7Cs&nocache=4731713942931328&num=0&output=afd_ads&domain_name=wellafargorewards.com&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1713942931331&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=625314022&rurl=https%3A%2F%2Fwellafargorewards.com%2F IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-24 09:15:56 Last Seen2024-04-24 09:15:56 Times Seen1 Hash 07ec4f6283c6095235c9751588196246 3842719ea22d9ecc024fb238ae3df7fdb42555d2 bc595a83da07ff0824641606fa4d2186b4fb9796db27b3398fed544b8f8885cb Loading...

	wellafargorewards.com/	968 B	2023-03-08	2024-05-05
Pretty URL wellafargorewards.com/ IP 185.53.177.54 ASN #61969 Team Internet AG Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 02:24:08 Last Seen2024-05-05 22:39:31 Times Seen27873 Hash c77554570ae0fa8e4fb31747dc213058 e989fbde07e6a68975c7a31e1d4df76afd90b96f c3f831fe1717c6d76a8950ac5e7dc88ceee7440d079b11584be5c6c5b3269e77 Loading...

	wellafargorewards.com/	8.1 kB	2024-04-24	2024-04-24
Pretty URL wellafargorewards.com/ IP 185.53.177.54 ASN #61969 Team Internet AG Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-24 09:15:56 Last Seen2024-04-24 09:15:56 Times Seen1 Hash 799e5419a4d5f2e4769825e852598b19 fd54f69dc9e9f2ac6e6065061d9574a1e1177c02 77d8d117cb99d3d62bb6417e910531748f6dbcae83b08f3007732d04a830883e Loading...

	www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true	191 kB	2024-04-18	2024-04-24
Pretty URL www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true IP 142.250.74.100 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 21:07:38 Last Seen2024-04-24 18:59:16 Times Seen118 Hash 4f56097ddf02cbe8c0058bb839ecf973 f2edc406d74eb5a4a3df4c50066b8440c23169b7 08fd9c64f454153e6689a17ff7d36d9653c8200ee10976e8e00304c62056a9bb Loading...

	wellafargorewards.com/	669 B	2024-04-24	2024-04-24
Pretty URL wellafargorewards.com/ IP 185.53.177.54 ASN #61969 Team Internet AG Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-24 09:15:56 Last Seen2024-04-24 09:15:56 Times Seen1 Hash 24511b18106e2b22f39b538fb0b79684 6ac816522181797e41c8026226142728a3052943 d1f86bdc1584ab486d1e34f796fdddcfb4cc3a97f9e13ae683193d3f4a77ab79 Loading...

	www.adsensecustomsearchads.com/adsense/domains/caf.js	191 kB	2024-04-18	2024-04-25
Pretty URL www.adsensecustomsearchads.com/adsense/domains/caf.js IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 21:06:32 Last Seen2024-04-25 20:39:01 Times Seen438 Hash 27feefb680b9a7bdef044b165d4e07b8 1b433ab1fb500cf4286007bca8c0760c76e22cae 8785b3b45f95fb6aad52f0cd8b480c912d560fa198fdcf8f3b939f5fb44d1d2f Loading...

	wellafargorewards.com/	40 B	2023-08-09	2024-05-05
Pretty URL wellafargorewards.com/ IP 185.53.177.54 ASN #61969 Team Internet AG Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-09 10:52:17 Last Seen2024-05-05 22:39:31 Times Seen9100 Hash fca3e6a61d4a07440e4f10c4dbaad8e3 41480802bf872b2d15f9cbcadba025fe326eac03 dfe5c5e10934e7abf7903d4ede3b8fa091c11bef63d675808e6314ec763185ee Loading...

	wellafargorewards.com/	483 B	2024-01-04	2024-05-05
Pretty URL wellafargorewards.com/ IP 185.53.177.54 ASN #61969 Team Internet AG Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-04 10:26:15 Last Seen2024-05-05 22:39:31 Times Seen2914 Hash 18f2edc58d8a7b9e6b82454e8658c157 e5dfdd0fa61b3a5ef68dab382a0ba93e9e7b67fb 2d9b07a0704d92dda4deae88bc582aeb659923c8d44d0e7362e13cb28d88d250 Loading...

	wellafargorewards.com/	50 B	2024-01-04	2024-05-05
Pretty URL wellafargorewards.com/ IP 185.53.177.54 ASN #61969 Team Internet AG Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-04 10:26:15 Last Seen2024-05-05 22:39:31 Times Seen2876 Hash 1b334e0123cf0cb113092022fb726782 45abb42a6680499daa10d83d2859329de1843de2 42591f96b9a41a7e2e5ecd0240dd7fecdcf03ef8454b57c68f08697474a4b579 Loading...

HTTP Transactions (13)

URL IP Response Size

wellafargorewards.com/

185.53.177.54

200 OK

5.8 kB

URL User Request GET HTTP/1.1
wellafargorewards.com/
IP
185.53.177.54:443
ASN
#61969 Team Internet AG

Certificate
IssuerLet's Encrypt
Subjectwellafargorewards.com
Fingerprint6C:C3:C4:25:CF:24:D4:62:2E:EB:FE:F0:F0:31:22:13:A8:74:69:1F
ValiditySat, 23 Mar 2024 01:20:52 GMT - Fri, 21 Jun 2024 01:20:51 GMT

File type
HTML document, ASCII text, with very long lines (8125)
Size
5.8 kB (5829 bytes)
Hash
c41ab8672772f520b8d9610255f071d0
44e71134476b4c3da6f3756e4b78fb2270212229
00398a660a8f938e5b92c494bf0c297c38ba899363ff13c42faaf7ede6d2af16

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: wellafargorewards.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-Ch-Lifetime: 30
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 24 Apr 2024 07:15:30 GMT
Server: nginx
Vary: Accept-Encoding
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_erDUZjAqCnRvr0Nm/Yxcvyc0xcPnn3hgAj6lLWgv9gcqphbFiRuckes93SW9XMcb0/LyscUq0snp7Jm773IK1w==
X-Buckets: bucket102,bucket077
X-Domain: wellafargorewards.com
X-Language: norwegian
X-Subdomain: 
X-Template: tpl_CleanPeppermintBlack_twoclick
Transfer-Encoding: chunked

wellafargorewards.com/track.php?domain=wellafargorewards.com&toggle=browserjs&uid=MTcxMzk0MjkzMC43NzQ0OjBlZjY2NjA1OGM0ZjgyYzYwODAzNmI0ODgzNjAwZDhmNTYyYTBjZjk5ZmZmZDAwN2M4NWJjYjI5Nzc0YmExNDY6NjYyOGIxOTJiZDEyMA%3D%3D

185.53.177.54

200 OK

20 B

URL GET HTTP/1.1
wellafargorewards.com/track.php?domain=wellafargorewards.com&toggle=browserjs&uid=MTcxMzk0MjkzMC43NzQ0OjBlZjY2NjA1OGM0ZjgyYzYwODAzNmI0ODgzNjAwZDhmNTYyYTBjZjk5ZmZmZDAwN2M4NWJjYjI5Nzc0YmExNDY6NjYyOGIxOTJiZDEyMA%3D%3D
IP
185.53.177.54:443
ASN
#61969 Team Internet AG

Requested by
https://wellafargorewards.com/
Certificate
IssuerLet's Encrypt
Subjectwellafargorewards.com
Fingerprint6C:C3:C4:25:CF:24:D4:62:2E:EB:FE:F0:F0:31:22:13:A8:74:69:1F
ValiditySat, 23 Mar 2024 01:20:52 GMT - Fri, 21 Jun 2024 01:20:51 GMT

File type
gzip compressed data, max speed, from Unix
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /track.php?domain=wellafargorewards.com&toggle=browserjs&uid=MTcxMzk0MjkzMC43NzQ0OjBlZjY2NjA1OGM0ZjgyYzYwODAzNmI0ODgzNjAwZDhmNTYyYTBjZjk5ZmZmZDAwN2M4NWJjYjI5Nzc0YmExNDY6NjYyOGIxOTJiZDEyMA%3D%3D HTTP/1.1
Host: wellafargorewards.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellafargorewards.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-Ch-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 24 Apr 2024 07:15:31 GMT
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Content-Length: 20

wellafargorewards.com/ls.php?t=6628b192&token=73a9de1a2869cb06098754719234010934ec4ad3

185.53.177.54

201 Created

16 B

URL GET HTTP/1.1
wellafargorewards.com/ls.php?t=6628b192&token=73a9de1a2869cb06098754719234010934ec4ad3
IP
185.53.177.54:443
ASN
#61969 Team Internet AG

Requested by
https://wellafargorewards.com/
Certificate
IssuerLet's Encrypt
Subjectwellafargorewards.com
Fingerprint6C:C3:C4:25:CF:24:D4:62:2E:EB:FE:F0:F0:31:22:13:A8:74:69:1F
ValiditySat, 23 Mar 2024 01:20:52 GMT - Fri, 21 Jun 2024 01:20:51 GMT

File type
JSON text data
Size
16 B (16 bytes)
Hash
7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ls.php?t=6628b192&token=73a9de1a2869cb06098754719234010934ec4ad3 HTTP/1.1
Host: wellafargorewards.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellafargorewards.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 201 Created
Accept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-Ch-Lifetime: 30
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Allow-Origin: 
Access-Control-Max-Age: 86400
Charset: utf-8
Content-Type: text/javascript;charset=UTF-8
Date: Wed, 24 Apr 2024 07:15:31 GMT
Server: nginx
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_JrHUgrA8SozvrhSKuAROk30afNh8UNpBmoLAsMwX1m9pbf5oCAQ6foEkYXQMI00rSVcHLAyoqz5dw0fdQD/+sg==
X-Log-Success: 6628b1933e2b33a45c0e6fd2
Content-Length: 16

d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png

54.230.241.34

200 OK

11 kB

URL GET HTTP/2
d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
IP
54.230.241.34:443
ASN
#16509 AMAZON-02

Requested by
https://wellafargorewards.com/
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
PNG image data, 1500 x 600, 8-bit colormap, non-interlaced
Size
11 kB (11375 bytes)
Hash
0cb2e5165dc9324eb462199f04e1ffa9
9e0f89847ec8a98d98a6020bc5c4ed32b7a48bf8
67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865

HTTP Headers

GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellafargorewards.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 11375
server: nginx
date: Tue, 23 Apr 2024 17:26:56 GMT
last-modified: Thu, 21 Mar 2024 11:48:11 GMT
accept-ranges: bytes
etag: "65fc1e7b-2c6f"
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7muEipU3XExFs9gpKAouci5qEOHjuJ24--bn_d16nPw4iwEvSWkv0g==
age: 49715
X-Firefox-Spdy: h2

wellafargorewards.com/favicon.ico

185.53.177.54

200 OK

0 B

URL GET HTTP/1.1
wellafargorewards.com/favicon.ico
IP
185.53.177.54:443
ASN
#61969 Team Internet AG

Requested by
https://wellafargorewards.com/
Certificate
IssuerLet's Encrypt
Subjectwellafargorewards.com
Fingerprint6C:C3:C4:25:CF:24:D4:62:2E:EB:FE:F0:F0:31:22:13:A8:74:69:1F
ValiditySat, 23 Mar 2024 01:20:52 GMT - Fri, 21 Jun 2024 01:20:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: wellafargorewards.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellafargorewards.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 0
Content-Type: image/x-icon
Date: Wed, 24 Apr 2024 07:15:31 GMT
Etag: "66262f9a-0"
Last-Modified: Mon, 22 Apr 2024 09:36:26 GMT
Server: nginx

www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=1167268112&pcsa=false&channel=000001%2Cbucket102%2Cbucket077&client=dp-teaminternet09_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Fwellafargorewards.com%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDIsYnVja2V0MDc3fHx8fHx8NjYyOGIxOTJiZDBlZHx8fDE3MTM5NDI5MzAuNzg0NHwxMzZhMWZkY2NhYTljN2Y3MjA2M2ZmN2Y3ZWQxOTU3YWRiZDlhMmUyfHx8fHwxfHwwfDB8fHx8MXx8fHx8MHwwfHx8fHx8fHx8fDB8MHx8MHx8fDB8MHxXMTA9fHwxfFcxMD18NzNhOWRlMWEyODY5Y2IwNjA5ODc1NDcxOTIzNDAxMDkzNGVjNGFkM3wwfGRwLXRlYW1pbnRlcm5ldDA5XzNwaHwwfDB8fA%253D%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2100394959323368&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3%7Cs&nocache=4731713942931328&num=0&output=afd_ads&domain_name=wellafargorewards.com&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1713942931331&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=625314022&rurl=https%3A%2F%2Fwellafargorewards.com%2F

216.58.211.14

200 OK

2.9 kB

URL GET HTTP/2
www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=1167268112&pcsa=false&channel=000001%2Cbucket102%2Cbucket077&client=dp-teaminternet09_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Fwellafargorewards.com%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDIsYnVja2V0MDc3fHx8fHx8NjYyOGIxOTJiZDBlZHx8fDE3MTM5NDI5MzAuNzg0NHwxMzZhMWZkY2NhYTljN2Y3MjA2M2ZmN2Y3ZWQxOTU3YWRiZDlhMmUyfHx8fHwxfHwwfDB8fHx8MXx8fHx8MHwwfHx8fHx8fHx8fDB8MHx8MHx8fDB8MHxXMTA9fHwxfFcxMD18NzNhOWRlMWEyODY5Y2IwNjA5ODc1NDcxOTIzNDAxMDkzNGVjNGFkM3wwfGRwLXRlYW1pbnRlcm5ldDA5XzNwaHwwfDB8fA%253D%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2100394959323368&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3%7Cs&nocache=4731713942931328&num=0&output=afd_ads&domain_name=wellafargorewards.com&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1713942931331&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=625314022&rurl=https%3A%2F%2Fwellafargorewards.com%2F
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://wellafargorewards.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint49:07:4A:21:AA:02:3C:78:A7:B4:D3:71:AA:98:EE:0F:2D:3F:5C:99
ValidityMon, 18 Mar 2024 19:42:57 GMT - Mon, 10 Jun 2024 19:42:56 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (14029)
Size
2.9 kB (2942 bytes)
Hash
aa0bd61bf5a2c95dcfcc31dff678634e
010e82b7b0fc3859b4fd104bb9f302caf9ef0897
c9e310c8f93acb8985b3ddc6d183a74b2be9337ab1b87d20d04d00eca8e67655

HTTP Headers

GET /afs/ads?adtest=off&psid=1167268112&pcsa=false&channel=000001%2Cbucket102%2Cbucket077&client=dp-teaminternet09_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Fwellafargorewards.com%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDIsYnVja2V0MDc3fHx8fHx8NjYyOGIxOTJiZDBlZHx8fDE3MTM5NDI5MzAuNzg0NHwxMzZhMWZkY2NhYTljN2Y3MjA2M2ZmN2Y3ZWQxOTU3YWRiZDlhMmUyfHx8fHwxfHwwfDB8fHx8MXx8fHx8MHwwfHx8fHx8fHx8fDB8MHx8MHx8fDB8MHxXMTA9fHwxfFcxMD18NzNhOWRlMWEyODY5Y2IwNjA5ODc1NDcxOTIzNDAxMDkzNGVjNGFkM3wwfGRwLXRlYW1pbnRlcm5ldDA5XzNwaHwwfDB8fA%253D%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2100394959323368&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3%7Cs&nocache=4731713942931328&num=0&output=afd_ads&domain_name=wellafargorewards.com&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1713942931331&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=625314022&rurl=https%3A%2F%2Fwellafargorewards.com%2F HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellafargorewards.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Wed, 24 Apr 2024 07:15:31 GMT
expires: Wed, 24 Apr 2024 07:15:31 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-Qjs20rhnxtFwp637HCS0FA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 2942
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

wellafargorewards.com/track.php?domain=wellafargorewards.com&caf=1&toggle=answercheck&answer=yes&uid=MTcxMzk0MjkzMC43NzQ0OjBlZjY2NjA1OGM0ZjgyYzYwODAzNmI0ODgzNjAwZDhmNTYyYTBjZjk5ZmZmZDAwN2M4NWJjYjI5Nzc0YmExNDY6NjYyOGIxOTJiZDEyMA%3D%3D

185.53.177.54

200 OK

20 B

URL GET HTTP/1.1
wellafargorewards.com/track.php?domain=wellafargorewards.com&caf=1&toggle=answercheck&answer=yes&uid=MTcxMzk0MjkzMC43NzQ0OjBlZjY2NjA1OGM0ZjgyYzYwODAzNmI0ODgzNjAwZDhmNTYyYTBjZjk5ZmZmZDAwN2M4NWJjYjI5Nzc0YmExNDY6NjYyOGIxOTJiZDEyMA%3D%3D
IP
185.53.177.54:443
ASN
#61969 Team Internet AG

Requested by
https://wellafargorewards.com/
Certificate
IssuerLet's Encrypt
Subjectwellafargorewards.com
Fingerprint6C:C3:C4:25:CF:24:D4:62:2E:EB:FE:F0:F0:31:22:13:A8:74:69:1F
ValiditySat, 23 Mar 2024 01:20:52 GMT - Fri, 21 Jun 2024 01:20:51 GMT

File type
gzip compressed data, max speed, from Unix
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /track.php?domain=wellafargorewards.com&caf=1&toggle=answercheck&answer=yes&uid=MTcxMzk0MjkzMC43NzQ0OjBlZjY2NjA1OGM0ZjgyYzYwODAzNmI0ODgzNjAwZDhmNTYyYTBjZjk5ZmZmZDAwN2M4NWJjYjI5Nzc0YmExNDY6NjYyOGIxOTJiZDEyMA%3D%3D HTTP/1.1
Host: wellafargorewards.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellafargorewards.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-Ch-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 24 Apr 2024 07:15:31 GMT
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: answercheck
Content-Length: 20

www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true

142.250.74.100

200 OK

74 kB

URL GET HTTP/2
www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true
IP
142.250.74.100:443
ASN
#15169 GOOGLE

Requested by
https://wellafargorewards.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintCD:48:2A:0C:60:1D:37:5A:D4:D5:A9:F7:DE:A0:2B:5E:2F:29:76:73
ValidityMon, 18 Mar 2024 20:38:49 GMT - Mon, 10 Jun 2024 20:38:48 GMT

File type
JavaScript source, ASCII text, with very long lines (2247)
Size
74 kB (74313 bytes)
Hash
621f1aa7d6a9e184c73588de28f81e7b
c24cedcc942cd127db3446ffc1c30fca136b7f72
9c7154daa9e3c98f12dc6c09c3944b2915380f5038b9ee1a52a66a54ecf9014c

HTTP Headers

GET /adsense/domains/caf.js?abp=1&adsdeli=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellafargorewards.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 24 Apr 2024 07:15:31 GMT
expires: Wed, 24 Apr 2024 07:15:31 GMT
cache-control: private, max-age=3600
etag: "15808810331107334825"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff

142.250.74.97

200 OK

270 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=1167268112&pcsa=false&channel=000001%2Cbucket102%2Cbucket077&client=dp-teaminternet09_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Fwellafargorewards.com%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDIsYnVja2V0MDc3fHx8fHx8NjYyOGIxOTJiZDBlZHx8fDE3MTM5NDI5MzAuNzg0NHwxMzZhMWZkY2NhYTljN2Y3MjA2M2ZmN2Y3ZWQxOTU3YWRiZDlhMmUyfHx8fHwxfHwwfDB8fHx8MXx8fHx8MHwwfHx8fHx8fHx8fDB8MHx8MHx8fDB8MHxXMTA9fHwxfFcxMD18NzNhOWRlMWEyODY5Y2IwNjA5ODc1NDcxOTIzNDAxMDkzNGVjNGFkM3wwfGRwLXRlYW1pbnRlcm5ldDA5XzNwaHwwfDB8fA%253D%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2100394959323368&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3%7Cs&nocache=4731713942931328&num=0&output=afd_ads&domain_name=wellafargorewards.com&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1713942931331&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=625314022&rurl=https%3A%2F%2Fwellafargorewards.com%2F
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint6E:66:E1:45:85:5C:3A:EB:60:4A:8E:EF:62:B8:7C:E3:C7:1B:FA:47
ValidityMon, 18 Mar 2024 20:34:07 GMT - Mon, 10 Jun 2024 20:34:06 GMT

File type
SVG Scalable Vector Graphics image
Size
270 B (270 bytes)
Hash
8959ddcd9712196961d93f58064ed655
62ab1e38e7e9fbf58a04381b76c2d96a9c829f24
17c7a89bf169c2ee400e31b042cea68513f06b9cd7d1e8990dbec800f0d771c7

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 270
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 24 Apr 2024 00:47:04 GMT
expires: Wed, 24 Apr 2024 23:47:04 GMT
cache-control: public, max-age=82800
age: 23308
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.adsensecustomsearchads.com/afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=knb6j0ks31z6&aqid=k7EoZtztG-mkxdwP9MOakAU&psid=1167268112&pbt=bs&adbx=375&adby=97&adbh=496&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=625314022&csala=11%7C0%7C483%7C105%7C58&lle=0&ifv=1&hpt=1

216.58.211.14

204 No Content

0 B

URL GET HTTP/3
www.adsensecustomsearchads.com/afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=knb6j0ks31z6&aqid=k7EoZtztG-mkxdwP9MOakAU&psid=1167268112&pbt=bs&adbx=375&adby=97&adbh=496&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=625314022&csala=11%7C0%7C483%7C105%7C58&lle=0&ifv=1&hpt=1
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://wellafargorewards.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint49:07:4A:21:AA:02:3C:78:A7:B4:D3:71:AA:98:EE:0F:2D:3F:5C:99
ValidityMon, 18 Mar 2024 19:42:57 GMT - Mon, 10 Jun 2024 19:42:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=knb6j0ks31z6&aqid=k7EoZtztG-mkxdwP9MOakAU&psid=1167268112&pbt=bs&adbx=375&adby=97&adbh=496&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=625314022&csala=11%7C0%7C483%7C105%7C58&lle=0&ifv=1&hpt=1 HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellafargorewards.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-uZF4qza9u09ERJ66BRwXpw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Wed, 24 Apr 2024 07:15:33 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.adsensecustomsearchads.com/afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=ybqjc85cb974&aqid=k7EoZtztG-mkxdwP9MOakAU&psid=1167268112&pbt=bv&adbx=375&adby=97&adbh=496&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=625314022&csala=11%7C0%7C483%7C105%7C58&lle=0&ifv=1&hpt=1

216.58.211.14

204 No Content

0 B

URL GET HTTP/3
www.adsensecustomsearchads.com/afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=ybqjc85cb974&aqid=k7EoZtztG-mkxdwP9MOakAU&psid=1167268112&pbt=bv&adbx=375&adby=97&adbh=496&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=625314022&csala=11%7C0%7C483%7C105%7C58&lle=0&ifv=1&hpt=1
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://wellafargorewards.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint49:07:4A:21:AA:02:3C:78:A7:B4:D3:71:AA:98:EE:0F:2D:3F:5C:99
ValidityMon, 18 Mar 2024 19:42:57 GMT - Mon, 10 Jun 2024 19:42:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=ybqjc85cb974&aqid=k7EoZtztG-mkxdwP9MOakAU&psid=1167268112&pbt=bv&adbx=375&adby=97&adbh=496&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=625314022&csala=11%7C0%7C483%7C105%7C58&lle=0&ifv=1&hpt=1 HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellafargorewards.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-A1WLQDFtCHW58zJpFPgeNQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
date: Wed, 24 Apr 2024 07:15:34 GMT
server: gws
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.adsensecustomsearchads.com/adsense/domains/caf.js

216.58.211.14

200 OK

191 kB

URL GET HTTP/3
www.adsensecustomsearchads.com/adsense/domains/caf.js
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=1167268112&pcsa=false&channel=000001%2Cbucket102%2Cbucket077&client=dp-teaminternet09_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Fwellafargorewards.com%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDIsYnVja2V0MDc3fHx8fHx8NjYyOGIxOTJiZDBlZHx8fDE3MTM5NDI5MzAuNzg0NHwxMzZhMWZkY2NhYTljN2Y3MjA2M2ZmN2Y3ZWQxOTU3YWRiZDlhMmUyfHx8fHwxfHwwfDB8fHx8MXx8fHx8MHwwfHx8fHx8fHx8fDB8MHx8MHx8fDB8MHxXMTA9fHwxfFcxMD18NzNhOWRlMWEyODY5Y2IwNjA5ODc1NDcxOTIzNDAxMDkzNGVjNGFkM3wwfGRwLXRlYW1pbnRlcm5ldDA5XzNwaHwwfDB8fA%253D%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2100394959323368&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3%7Cs&nocache=4731713942931328&num=0&output=afd_ads&domain_name=wellafargorewards.com&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1713942931331&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=625314022&rurl=https%3A%2F%2Fwellafargorewards.com%2F
Certificate
IssuerGoogle Trust Services LLC
Subjectmisc-sni.google.com
Fingerprint49:07:4A:21:AA:02:3C:78:A7:B4:D3:71:AA:98:EE:0F:2D:3F:5C:99
ValidityMon, 18 Mar 2024 19:42:57 GMT - Mon, 10 Jun 2024 19:42:56 GMT

File type
JavaScript source, ASCII text, with very long lines (2247)
Size
191 kB (190576 bytes)
Hash
27feefb680b9a7bdef044b165d4e07b8
1b433ab1fb500cf4286007bca8c0760c76e22cae
8785b3b45f95fb6aad52f0cd8b480c912d560fa198fdcf8f3b939f5fb44d1d2f

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.adsensecustomsearchads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Wed, 24 Apr 2024 07:15:31 GMT
expires: Wed, 24 Apr 2024 07:15:31 GMT
cache-control: private, max-age=3600
etag: "8799042092476481309"
x-content-type-options: nosniff
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff

142.250.74.97

200 OK

200 B

URL GET HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=1167268112&pcsa=false&channel=000001%2Cbucket102%2Cbucket077&client=dp-teaminternet09_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Fwellafargorewards.com%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDIsYnVja2V0MDc3fHx8fHx8NjYyOGIxOTJiZDBlZHx8fDE3MTM5NDI5MzAuNzg0NHwxMzZhMWZkY2NhYTljN2Y3MjA2M2ZmN2Y3ZWQxOTU3YWRiZDlhMmUyfHx8fHwxfHwwfDB8fHx8MXx8fHx8MHwwfHx8fHx8fHx8fDB8MHx8MHx8fDB8MHxXMTA9fHwxfFcxMD18NzNhOWRlMWEyODY5Y2IwNjA5ODc1NDcxOTIzNDAxMDkzNGVjNGFkM3wwfGRwLXRlYW1pbnRlcm5ldDA5XzNwaHwwfDB8fA%253D%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2100394959323368&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436&client_gdprApplies=1&format=r3%7Cs&nocache=4731713942931328&num=0&output=afd_ads&domain_name=wellafargorewards.com&v=3&bsl=8&pac=2&u_his=2&u_tz=0&dt=1713942931331&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=760&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=625314022&rurl=https%3A%2F%2Fwellafargorewards.com%2F
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint6E:66:E1:45:85:5C:3A:EB:60:4A:8E:EF:62:B8:7C:E3:C7:1B:FA:47
ValidityMon, 18 Mar 2024 20:34:07 GMT - Mon, 10 Jun 2024 20:34:06 GMT

File type
SVG Scalable Vector Graphics image
Size
200 B (200 bytes)
Hash
592bbd56abac313ab322bc38f7027496
ecc40e55421cbfc9cc24e256c999a497b84d997f
fe3a1073d51df0f353dfa771acde9ea020e215a74edf7b24775e50282b6d6eda

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.adsensecustomsearchads.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 24 Apr 2024 01:37:36 GMT
expires: Thu, 25 Apr 2024 00:37:36 GMT
cache-control: public, max-age=82800
age: 20276
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML