prevention-werllsfargro.com Open in urlscan Pro
118.139.181.41 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://prevention-werllsfargro.com/
Effective URL:
https://prevention-werllsfargro.com/sing_on
Submission: On April 15 via automatic, source phishtank (April 15th 2024, 6:43:31 pm UTC) — Scanned from SG

Summary HTTP 25 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 1 countries across 4 domains to perform 25 HTTP transactions. The main IP is 118.139.181.41, located in Singapore, Singapore and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is prevention-werllsfargro.com.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on April 13th 2024. Valid for: 3 months.

This is the only time prevention-werllsfargro.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 15	118.139.181.41 118.139.181.41	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
1	104.69.38.52 104.69.38.52	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	23.52.40.171 23.52.40.171	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	104.103.150.19 104.103.150.19	16625 (AKAMAI-AS) (AKAMAI-AS)
2	23.52.171.58 23.52.171.58	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	104.69.39.3 104.69.39.3	16625 (AKAMAI-AS) (AKAMAI-AS)
25	6

15 118.139.181.41 (Singapore, Singapore) 1 redirects

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: 41.181.139.118.host.secureserver.net

prevention-werllsfargro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.69.38.52 (Singapore, Singapore)

ASN16625 (AKAMAI-AS, US)
PTR: a104-69-38-52.deploy.static.akamaitechnologies.com

www10.wellsfargomedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.52.40.171 (Singapore, Singapore) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-52-40-171.deploy.static.akamaitechnologies.com

img1.wsimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.103.150.19 (Singapore, Singapore)

ASN16625 (AKAMAI-AS, US)
PTR: a104-103-150-19.deploy.static.akamaitechnologies.com

www15.wellsfargomedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.52.171.58 (Singapore, Singapore)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-52-171-58.deploy.static.akamaitechnologies.com

events.api.secureserver.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.69.39.3 (Singapore, Singapore)

ASN16625 (AKAMAI-AS, US)
PTR: a104-69-39-3.deploy.static.akamaitechnologies.com

csp.secureserver.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	prevention-werllsfargro.com 1 redirects prevention-werllsfargro.com	853 KB
6	secureserver.net events.api.secureserver.net — Cisco Umbrella Rank: 12901 csp.secureserver.net — Cisco Umbrella Rank: 12949	580 B
4	wellsfargomedia.com www10.wellsfargomedia.com — Cisco Umbrella Rank: 16969 www15.wellsfargomedia.com — Cisco Umbrella Rank: 26918	670 KB
2	wsimg.com 1 redirects img1.wsimg.com — Cisco Umbrella Rank: 10190	21 KB
25	4

	Domain	Requested by
15	prevention-werllsfargro.com	1 redirects prevention-werllsfargro.com
4	csp.secureserver.net	img1.wsimg.com
3	www15.wellsfargomedia.com	prevention-werllsfargro.com
2	events.api.secureserver.net	img1.wsimg.com
2	img1.wsimg.com	1 redirects prevention-werllsfargro.com
1	www10.wellsfargomedia.com	prevention-werllsfargro.com
25	6

This site contains no links.

Subject Issuer	Validity	Valid
prevention-werllsfargro.com ZeroSSL RSA Domain Secure Site CA	`2024-04-13` - `2024-07-12`	3 months	crt.sh
www10.wellsfargomedia.com GeoTrust RSA CA 2018	`2023-12-05` - `2024-12-04`	a year	crt.sh
www15.wellsfargomedia.com DigiCert TLS RSA SHA256 2020 CA1	`2023-09-27` - `2024-09-26`	a year	crt.sh
*.api.secureserver.net Starfield Secure Certificate Authority - G2	`2023-07-10` - `2024-08-10`	a year	crt.sh
*.secureserver.net Starfield Secure Certificate Authority - G2	`2023-10-10` - `2024-11-10`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://prevention-werllsfargro.com/sing_on
Frame ID: FFF9BCE17C5ECF779512358B18AEC2D2
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign On to View Your Personal Accounts | Wells Fargo

Page URL History Show full URLs

https://prevention-werllsfargro.com/ HTTP 302
https://prevention-werllsfargro.com/sing_on Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

25
Requests

96 %
HTTPS

0 %
IPv6

4
Domains

6
Subdomains

6
IPs

1
Countries

1544 kB
Transfer

1824 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://prevention-werllsfargro.com/ HTTP 302
https://prevention-werllsfargro.com/sing_on Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7

https://img1.wsimg.com/traffic-assets/js/tccl.min.js HTTP 301
https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js

25 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request sing_on Show response
prevention-werllsfargro.com/
Redirect Chain

https://prevention-werllsfargro.com/
https://prevention-werllsfargro.com/sing_on

42 KB
9 KB

46ms
46ms

Document
text/html

118.139.181.41
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://prevention-werllsfargro.com/sing_on
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 118.139.181.41 Singapore, Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 41.181.139.118.host.secureserver.net
Software: Apache / PHP/8.1.27
Resource Hash: e73d17fe32dbadcce452aee38173d747d00e7cc3a5270e14d307d954c95fc260

Request headers

Accept-Language: zh-SG,zh;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: br
content-length: 9392
content-type: text/html; charset=UTF-8
date: Mon, 15 Apr 2024 18:43:24 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache
vary: Accept-Encoding
x-powered-by: PHP/8.1.27

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: br
content-length: 1
content-type: text/html; charset=UTF-8
date: Mon, 15 Apr 2024 18:43:24 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: ./sing_on
pragma: no-cache
server: Apache
vary: Accept-Encoding
x-powered-by: PHP/8.1.27

GET
H2 200 wfui.8371e772fb2cafb2a7d0.css
prevention-werllsfargro.com/static/ 114 KB
17 KB 44ms
42ms Stylesheet
text/css 118.139.181.41
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://prevention-werllsfargro.com/static/wfui.8371e772fb2cafb2a7d0.css
Requested by: Host: prevention-werllsfargro.com
URL: https://prevention-werllsfargro.com/sing_on
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 118.139.181.41 Singapore, Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 41.181.139.118.host.secureserver.net
Software: Apache /
Resource Hash: 6feaa1d7d54e9cc9740f64d00859803aa03b9fc20db6a728b98f262b3dad554b

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://prevention-werllsfargro.com/sing_on
Accept-Language: zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 15 Apr 2024 18:43:24 GMT
content-encoding: br
last-modified: Wed, 03 Apr 2024 07:54:20 GMT
server: Apache
etag: "434169e-1c98b-6152c87b82300-br"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 17066

GET
H2 200 main.6539fceb73733687f14d.css
prevention-werllsfargro.com/static/ 7 KB
1 KB 59ms
57ms Stylesheet
text/css 118.139.181.41
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://prevention-werllsfargro.com/static/main.6539fceb73733687f14d.css
Requested by: Host: prevention-werllsfargro.com
URL: https://prevention-werllsfargro.com/sing_on
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 118.139.181.41 Singapore, Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 41.181.139.118.host.secureserver.net
Software: Apache /
Resource Hash: 62575ab13c76dd901434c782bf0fe360ca100f517ebf4a7c650694a3ec5c4120

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://prevention-werllsfargro.com/sing_on
Accept-Language: zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 15 Apr 2024 18:43:24 GMT
content-encoding: br
last-modified: Wed, 03 Apr 2024 07:54:20 GMT
server: Apache
etag: "4341692-1bfe-6152c87b82300-br"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 1270

GET
H2 200 COB-BOB-IRT-enroll_tractor.jpg
prevention-werllsfargro.com/static/ 599 KB
599 KB 38ms
36ms Image
image/jpeg 118.139.181.41
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prevention-werllsfargro.com/static/COB-BOB-IRT-enroll_tractor.jpg
Requested by: Host: prevention-werllsfargro.com
URL: https://prevention-werllsfargro.com/sing_on
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 118.139.181.41 Singapore, Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 41.181.139.118.host.secureserver.net
Software: Apache /
Resource Hash: d3ee0c954f26a12702c2ad4ca5fc14fa14198eadd59113a5baef17e0c1240ebe

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://prevention-werllsfargro.com/sing_on
Accept-Language: zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 15 Apr 2024 18:43:24 GMT
last-modified: Wed, 03 Apr 2024 08:30:04 GMT
server: Apache
accept-ranges: bytes
etag: "4341688-95bb8-6152d0782fb00"
content-length: 613304
content-type: image/jpeg

GET
H2 200 src_app_page_login_Login_js.7bcb9ada66a4959d7c4c.chunk.css
prevention-werllsfargro.com/static/ 135 KB
18 KB 60ms
59ms Stylesheet
text/css 118.139.181.41
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://prevention-werllsfargro.com/static/src_app_page_login_Login_js.7bcb9ada66a4959d7c4c.chunk.css
Requested by: Host: prevention-werllsfargro.com
URL: https://prevention-werllsfargro.com/sing_on
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 118.139.181.41 Singapore, Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 41.181.139.118.host.secureserver.net
Software: Apache /
Resource Hash: ac392db467319b021cb9b5fb473643f9e4a4f1be7a44656015811f612eb6d0d2

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://prevention-werllsfargro.com/sing_on
Accept-Language: zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 15 Apr 2024 18:43:24 GMT
content-encoding: br
last-modified: Wed, 03 Apr 2024 07:54:22 GMT
server: Apache
etag: "4341696-21d95-6152c87d6a780-br"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 17958

GET
H2 200 jquery-3.7.1.min.js Show response
prevention-werllsfargro.com/static/js/ 85 KB
29 KB 60ms
59ms Script
text/javascript 118.139.181.41
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://prevention-werllsfargro.com/static/js/jquery-3.7.1.min.js
Requested by: Host: prevention-werllsfargro.com
URL: https://prevention-werllsfargro.com/sing_on
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 118.139.181.41 Singapore, Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 41.181.139.118.host.secureserver.net
Software: Apache /
Resource Hash: fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://prevention-werllsfargro.com/sing_on
Accept-Language: zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 15 Apr 2024 18:43:24 GMT
content-encoding: br
last-modified: Wed, 03 Apr 2024 08:27:26 GMT
server: Apache
etag: "434168b-155ed-6152cfe181780-br"
vary: Accept-Encoding
content-type: text/javascript
accept-ranges: bytes
content-length: 29763

GET
H2 200 COB-BOB-IRT-enroll_tractor.jpg
www10.wellsfargomedia.com/auth/static/images/ 599 KB
600 KB 162ms
28ms Image
image/jpeg 104.69.38.52
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www10.wellsfargomedia.com/auth/static/images/COB-BOB-IRT-enroll_tractor.jpg

Requested by

Host: prevention-werllsfargro.com
URL: https://prevention-werllsfargro.com/sing_on

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.69.38.52 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-69-38-52.deploy.static.akamaitechnologies.com

Software

Resource Hash

d3ee0c954f26a12702c2ad4ca5fc14fa14198eadd59113a5baef17e0c1240ebe

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://prevention-werllsfargro.com/
Accept-Language: zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubdomains;
content-security-policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
x-content-type-options: nosniff
date: Mon, 15 Apr 2024 18:43:24 GMT
last-modified: Fri, 06 Oct 2023 18:10:01 GMT
etag: "65204d79-95bb8"
x-frame-options: SAMEORIGIN
access-control-allow-methods: POST
content-type: image/jpeg
allow: GET, POST, OPTIONS
cache-control: max-age=10368000
accept-ranges: bytes
content-length: 613304
x-xss-protection: 1; mode=block
expires: Tue, 13 Aug 2024 18:43:24 GMT

GET
H2 200 ui_logon.js Show response
prevention-werllsfargro.com/static/js/ 67 KB
24 KB 46ms
44ms Script
text/javascript 118.139.181.41
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://prevention-werllsfargro.com/static/js/ui_logon.js
Requested by: Host: prevention-werllsfargro.com
URL: https://prevention-werllsfargro.com/sing_on
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 118.139.181.41 Singapore, Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 41.181.139.118.host.secureserver.net
Software: Apache /
Resource Hash: 13b52674ef364ceea09fbc00b46c62b0ac740e7691f2884df85efd72a4a09bfa

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://prevention-werllsfargro.com/sing_on
Accept-Language: zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 15 Apr 2024 18:43:24 GMT
content-encoding: br
last-modified: Sun, 07 Apr 2024 04:39:04 GMT
server: Apache
etag: "434168f-10a14-6157a44c1aa00-br"
vary: Accept-Encoding
content-type: text/javascript
accept-ranges: bytes
content-length: 24152

GET
H2

200

scc-c2.min.js Show response
img1.wsimg.com/signals/js/clients/scc-c2/
Redirect Chain

https://img1.wsimg.com/traffic-assets/js/tccl.min.js
https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js

103 KB
20 KB

89ms
89ms

Script
text/javascript

23.52.40.171
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js
Requested by: Host: prevention-werllsfargro.com
URL: https://prevention-werllsfargro.com/sing_on
Protocol: H2
Server: 23.52.40.171 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-52-40-171.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e301943f5f3cb3486ab3f4c75c0315e96891268a76b8663b6a490324e39d1664

Request headers

Accept-Language: zh-SG,zh;q=0.9;q=0.9
Referer: https://prevention-werllsfargro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

x-amz-version-id: NUbpk_ypfZoRQFFJE7rB4qpj7fMsB7r1
content-encoding: gzip
date: Mon, 15 Apr 2024 18:43:24 GMT
x-amz-request-id: VRBSN5915HW456KV
x-amz-server-side-encryption: AES256
x-amz-meta-version: 0.2.5
content-length: 20488
x-amz-id-2: sJ+qcaMiIpw94eoFv1PqoVNgEKd7FpSri1FDQ2OndOFnSrV0l+ma3O/trt+2twmYQDsFk164VGFRh173eDPPAg==
last-modified: Fri, 22 Mar 2024 13:06:20 GMT
etag: "fdf3f3c180ae2aa6864f9c46a83a37a9"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=1800
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 Apr 2024 19:13:24 GMT

Redirect headers

location: https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js
access-control-allow-origin: *
date: Mon, 15 Apr 2024 18:43:24 GMT
cache-control: max-age=31536000
timing-allow-origin: *
content-length: 0
expires: Tue, 15 Apr 2025 18:43:24 GMT

GET
H2 200 wellsfargosans-rg.woff2
prevention-werllsfargro.com/static/ 0
22 KB 84ms
82ms Other
font/woff2 118.139.181.41
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://prevention-werllsfargro.com/static/wellsfargosans-rg.woff2
Requested by: Host: prevention-werllsfargro.com
URL: https://prevention-werllsfargro.com/sing_on
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 118.139.181.41 Singapore, Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 41.181.139.118.host.secureserver.net
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://prevention-werllsfargro.com/sing_on
Origin: https://prevention-werllsfargro.com
Accept-Language: zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 15 Apr 2024 18:43:24 GMT
content-encoding: br
last-modified: Fri, 05 Apr 2024 08:38:32 GMT
server: Apache
etag: "4341698-5798-6155561793200-br"
vary: Accept-Encoding
content-type: font/woff2
accept-ranges: bytes
content-length: 22423

GET
H2 200 wellsfargosans-sbd.woff2
prevention-werllsfargro.com/static/ 0
22 KB 80ms
78ms Other
font/woff2 118.139.181.41
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://prevention-werllsfargro.com/static/wellsfargosans-sbd.woff2
Requested by: Host: prevention-werllsfargro.com
URL: https://prevention-werllsfargro.com/sing_on
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 118.139.181.41 Singapore, Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 41.181.139.118.host.secureserver.net
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://prevention-werllsfargro.com/sing_on
Origin: https://prevention-werllsfargro.com
Accept-Language: zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 15 Apr 2024 18:43:24 GMT
content-encoding: br
last-modified: Fri, 05 Apr 2024 08:38:46 GMT
server: Apache
etag: "434169a-5848-61555624ed180-br"
vary: Accept-Encoding
content-type: font/woff2
accept-ranges: bytes
content-length: 22598

GET
H2 200 wellsfargoserif-rg.woff2
prevention-werllsfargro.com/static/ 0
26 KB 79ms
77ms Other
font/woff2 118.139.181.41
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://prevention-werllsfargro.com/static/wellsfargoserif-rg.woff2
Requested by: Host: prevention-werllsfargro.com
URL: https://prevention-werllsfargro.com/sing_on
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 118.139.181.41 Singapore, Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 41.181.139.118.host.secureserver.net
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://prevention-werllsfargro.com/sing_on
Origin: https://prevention-werllsfargro.com
Accept-Language: zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 15 Apr 2024 18:43:24 GMT
content-encoding: br
last-modified: Fri, 05 Apr 2024 08:38:56 GMT
server: Apache
etag: "434169c-6854-6155562e76800-br"
vary: Accept-Encoding
content-type: font/woff2
accept-ranges: bytes
content-length: 26712

GET
H2 200 wellsfargosans-rg.woff
prevention-werllsfargro.com/static/ 0
27 KB 84ms
83ms Other
font/woff 118.139.181.41
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://prevention-werllsfargro.com/static/wellsfargosans-rg.woff
Requested by: Host: prevention-werllsfargro.com
URL: https://prevention-werllsfargro.com/sing_on
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 118.139.181.41 Singapore, Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 41.181.139.118.host.secureserver.net
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://prevention-werllsfargro.com/sing_on
Origin: https://prevention-werllsfargro.com
Accept-Language: zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 15 Apr 2024 18:43:24 GMT
content-encoding: br
last-modified: Fri, 05 Apr 2024 08:39:08 GMT
server: Apache
etag: "4341697-6a70-61555639e8300-br"
vary: Accept-Encoding
content-type: font/woff
accept-ranges: bytes
content-length: 27199

GET
H2 200 wellsfargosans-sbd.woff
prevention-werllsfargro.com/static/ 0
27 KB 60ms
60ms Other
font/woff 118.139.181.41
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://prevention-werllsfargro.com/static/wellsfargosans-sbd.woff
Requested by: Host: prevention-werllsfargro.com
URL: https://prevention-werllsfargro.com/sing_on
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 118.139.181.41 Singapore, Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 41.181.139.118.host.secureserver.net
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://prevention-werllsfargro.com/sing_on
Origin: https://prevention-werllsfargro.com
Accept-Language: zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 15 Apr 2024 18:43:24 GMT
content-encoding: br
last-modified: Fri, 05 Apr 2024 08:39:20 GMT
server: Apache
etag: "4341699-6b38-6155564559e00-br"
vary: Accept-Encoding
content-type: font/woff
accept-ranges: bytes
content-length: 27386

GET
H2 200 wellsfargoserif-rg.woff
prevention-werllsfargro.com/static/ 0
31 KB 30ms
26ms Other
font/woff 118.139.181.41
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://prevention-werllsfargro.com/static/wellsfargoserif-rg.woff
Requested by: Host: prevention-werllsfargro.com
URL: https://prevention-werllsfargro.com/sing_on
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 118.139.181.41 Singapore, Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 41.181.139.118.host.secureserver.net
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://prevention-werllsfargro.com/sing_on
Origin: https://prevention-werllsfargro.com
Accept-Language: zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 15 Apr 2024 18:43:24 GMT
content-encoding: br
last-modified: Fri, 05 Apr 2024 08:39:38 GMT
server: Apache
etag: "434169b-7d20-6155565684680-br"
vary: Accept-Encoding
content-type: font/woff
accept-ranges: bytes
content-length: 32036

GET
H2 200 wellsfargoserif-rg.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ 26 KB
26 KB 156ms
40ms Font
font/woff2 104.103.150.19
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www15.wellsfargomedia.com/wfui/css/fonts/wellsfargoserif-rg.woff2
Requested by: Host: prevention-werllsfargro.com
URL: https://prevention-werllsfargro.com/static/wfui.8371e772fb2cafb2a7d0.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.103.150.19 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-103-150-19.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: aeb7b3bfc4281d35b02dfde05ac7a6c0d3daa7f3123b35a9cbd4b5a8e3f3c310

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://prevention-werllsfargro.com/
Origin: https://prevention-werllsfargro.com
Accept-Language: zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 15 Apr 2024 18:43:24 GMT
last-modified: Mon, 11 Mar 2019 20:52:01 GMT
etag: "5c86ca71-6854"
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 26708
expires: Tue, 15 Apr 2025 18:43:24 GMT

GET
H2 200 wellsfargosans-rg.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ 22 KB
22 KB 121ms
32ms Font
font/woff2 104.103.150.19
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-rg.woff2
Requested by: Host: prevention-werllsfargro.com
URL: https://prevention-werllsfargro.com/static/wfui.8371e772fb2cafb2a7d0.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.103.150.19 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-103-150-19.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://prevention-werllsfargro.com/
Origin: https://prevention-werllsfargro.com
Accept-Language: zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 15 Apr 2024 18:43:24 GMT
last-modified: Tue, 26 Feb 2019 19:38:34 GMT
etag: "5c7595ba-5798"
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 22424
expires: Tue, 15 Apr 2025 18:43:24 GMT

GET
H2 200 wellsfargosans-sbd.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ 22 KB
22 KB 40ms
40ms Font
font/woff2 104.103.150.19
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-sbd.woff2
Requested by: Host: prevention-werllsfargro.com
URL: https://prevention-werllsfargro.com/static/wfui.8371e772fb2cafb2a7d0.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.103.150.19 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-103-150-19.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://prevention-werllsfargro.com/
Origin: https://prevention-werllsfargro.com
Accept-Language: zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 15 Apr 2024 18:43:24 GMT
last-modified: Tue, 26 Feb 2019 19:38:34 GMT
etag: "5c7595ba-5848"
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 22600
expires: Tue, 15 Apr 2025 18:43:24 GMT

GET
H2 200 event Show response
events.api.secureserver.net/t/1/tl/ 43 B
290 B 598ms
210ms Fetch
image/gif 23.52.171.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.52.171.58 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-52-171-58.deploy.static.akamaitechnologies.com

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://prevention-werllsfargro.com/
Accept-Language: zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
date: Mon, 15 Apr 2024 18:43:25 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/gif
access-control-allow-origin: https://prevention-werllsfargro.com
cache-control: private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 43
x-xss-protection: 1; mode=block

GET
H2 200 event Show response
events.api.secureserver.net/t/1/tl/ 43 B
290 B 664ms
284ms Fetch
image/gif 23.52.171.58
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://events.api.secureserver.net/t/1/tl/event?dh=prevention-werllsfargro.com&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F123.0.0.0%20Safari%2F537.36&client_name=scc-c2&cv=0.2.5&vg=e514fdaa-398e-4500-94b1-3aab47072ef9&vtg=e514fdaa-398e-4500-94b1-3aab47072ef9&dp=%2Fsing_on&trace_id=8c4d9f927fe74783a56edfc2f238a58c&cts=2024-04-15T18%3A43%3A24.990Z&hit_id=f821bd09-bef1-4496-96f5-b10b229863f0&ea=pageperf&ht=perf&eid=traffic.tcc.instrumentation.navigation.timing&trfd=%7B%22ap%22%3A%22cpsh-oh%22%2C%22server%22%3A%22sg2plzcpnl505322%22%2C%22dcenter%22%3A%22sg2%22%2C%22cp_id%22%3A%229839227%22%2C%22cp_cache%22%3A%22%22%2C%22cp_cl%22%3A%228%22%7D&ap=cpsh-oh&vci=749528874&z=60766958&tce=1713206604538&tcs=1713206604538&tdc=1713206604982&tdclee=1713206604945&tdcles=1713206604944&tdi=1713206604944&tdl=1713206604598&tdle=1713206604538&tdls=1713206604538&tfs=1713206604538&tns=1713206603534&trqs=1713206604539&tre=1713206604586&trps=1713206604585&tles=1713206604982&tlee=0&nt=navigate&LCP=1204&nav_type=hard

Requested by

Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.52.171.58 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-52-171-58.deploy.static.akamaitechnologies.com

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://prevention-werllsfargro.com/
Accept-Language: zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
date: Mon, 15 Apr 2024 18:43:25 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/gif
access-control-allow-origin: https://prevention-werllsfargro.com
cache-control: private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 43
x-xss-protection: 1; mode=block

GET
H2 404 favicon.ico
prevention-werllsfargro.com/ 2 KB
742 B 76ms
75ms Other
text/html 118.139.181.41
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://prevention-werllsfargro.com/favicon.ico
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 118.139.181.41 Singapore, Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 41.181.139.118.host.secureserver.net
Software: Apache /
Resource Hash: cdc8b52c9402b72ef9c698027c0d2ea63058ed98b832a31d3ac57c9e7f8b35ed

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://prevention-werllsfargro.com/sing_on
Accept-Language: zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 15 Apr 2024 18:43:24 GMT
content-encoding: br
server: Apache
accept-ranges: bytes
content-length: 703
vary: Accept-Encoding
content-type: text/html

OPTIONS
H/1.1 200
OK eventbus
csp.secureserver.net/ 0
0 654ms
196ms Preflight
application/json 104.69.39.3
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://csp.secureserver.net/eventbus

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.69.39.3 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-69-39-3.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains ; preload

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://prevention-werllsfargro.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type,authorization
Access-Control-Allow-Methods: OPTIONS,POST
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Content-Type: application/json
Date: Mon, 15 Apr 2024 18:43:25 GMT
Expires: Mon, 15 Apr 2024 18:43:25 GMT
Pragma: no-cache
Strict-Transport-Security: max-age=86400 ; includeSubDomains ; preload
x-amz-apigw-id: WR9EMGOdvHcEO9A=
x-amzn-requestid: ae42360d-c91f-4635-88ba-2b443df8244f
x-amzn-trace-id: Root=1-661d754d-0d5569400fb004f224430a72
x-envoy-upstream-service-time: 4

POST
H/1.1 202
Accepted eventbus
csp.secureserver.net/ 0
0 308ms
308ms Fetch
application/json 104.69.39.3
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://csp.secureserver.net/eventbus

Requested by

Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.69.39.3 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-69-39-3.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains ; preload

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept-Language: zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: api-key b18ef4f046435b64a469b32c3c1c20a3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://prevention-werllsfargro.com/
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Mon, 15 Apr 2024 18:43:26 GMT
Strict-Transport-Security: max-age=86400 ; includeSubDomains ; preload
x-amzn-trace-id: Root=1-661d754d-0d5974355a516a524b7b4ab2
x-amzn-requestid: 8c4e0d08-d2c9-4ec5-b30e-22f368e05287
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
x-envoy-upstream-service-time: 42
Connection: keep-alive
x-amz-apigw-id: WR9EOGn0vHcEojw=
Content-Length: 0
Expires: Mon, 15 Apr 2024 18:43:26 GMT

POST
H/1.1 202
Accepted eventbus
csp.secureserver.net/ 0
0 315ms
314ms Fetch
application/json 104.69.39.3
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://csp.secureserver.net/eventbus

Requested by

Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.69.39.3 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-69-39-3.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains ; preload

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept-Language: zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: api-key 8da2217409854bee82e12dc4ca0b39fb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://prevention-werllsfargro.com/
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Mon, 15 Apr 2024 18:43:26 GMT
Strict-Transport-Security: max-age=86400 ; includeSubDomains ; preload
x-amzn-trace-id: Root=1-661d754d-7ae6614050da09227cf27d94
x-amzn-requestid: 4c63d54f-53a6-47f9-a492-d051382726c6
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
x-envoy-upstream-service-time: 42
Connection: keep-alive
x-amz-apigw-id: WR9EOEfgPHcEfbA=
Content-Length: 0
Expires: Mon, 15 Apr 2024 18:43:26 GMT

OPTIONS
H/1.1 200
OK eventbus
csp.secureserver.net/ 0
0 648ms
198ms Preflight
application/json 104.69.39.3
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://csp.secureserver.net/eventbus

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.69.39.3 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-69-39-3.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains ; preload

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://prevention-werllsfargro.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type,authorization
Access-Control-Allow-Methods: OPTIONS,POST
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Content-Type: application/json
Date: Mon, 15 Apr 2024 18:43:25 GMT
Expires: Mon, 15 Apr 2024 18:43:25 GMT
Pragma: no-cache
Strict-Transport-Security: max-age=86400 ; includeSubDomains ; preload
x-amz-apigw-id: WR9EMGnBPHcENpA=
x-amzn-requestid: 94e55d7e-0856-482a-ab4e-3175215a9522
x-amzn-trace-id: Root=1-661d754d-33a39bcb5d9702772094ba3b
x-envoy-upstream-service-time: 5

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
prevention-werllsfargro.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: fp706ib7s67oso1m37sql1qfoe
.prevention-werllsfargro.com/	1970-01-21 04:39:02	Name: _tccl_visitor Value: e514fdaa-398e-4500-94b1-3aab47072ef9
.prevention-werllsfargro.com/	1970-01-20 19:53:28	Name: _tccl_visit Value: e514fdaa-398e-4500-94b1-3aab47072ef9
.prevention-werllsfargro.com/	1970-01-20 19:53:27	Name: _scc_session Value: pc=1&C_TOUCH=2024-04-15T18:43:24.937Z

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
intervention	info	URL: https://prevention-werllsfargro.com/sing_on Message: Slow network is detected. See https://www.chromestatus.com/feature/5636954674692096 for more details. Fallback font will be used while loading: https://www15.wellsfargomedia.com/wfui/css/fonts/wellsfargoserif-rg.woff2
intervention	info	URL: https://prevention-werllsfargro.com/sing_on Message: Slow network is detected. See https://www.chromestatus.com/feature/5636954674692096 for more details. Fallback font will be used while loading: https://www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-rg.woff2
intervention	info	URL: https://prevention-werllsfargro.com/sing_on Message: Slow network is detected. See https://www.chromestatus.com/feature/5636954674692096 for more details. Fallback font will be used while loading: https://www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-sbd.woff2
network	error	URL: https://prevention-werllsfargro.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()
javascript	warning	URL: https://prevention-werllsfargro.com/sing_on Message: The resource https://prevention-werllsfargro.com/static/COB-BOB-IRT-enroll_tractor.jpg was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

csp.secureserver.net
events.api.secureserver.net
img1.wsimg.com
prevention-werllsfargro.com
www10.wellsfargomedia.com
www15.wellsfargomedia.com
104.103.150.19
104.69.38.52
104.69.39.3
118.139.181.41
23.52.171.58
23.52.40.171
13b52674ef364ceea09fbc00b46c62b0ac740e7691f2884df85efd72a4a09bfa
62575ab13c76dd901434c782bf0fe360ca100f517ebf4a7c650694a3ec5c4120
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
6feaa1d7d54e9cc9740f64d00859803aa03b9fc20db6a728b98f262b3dad554b
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
ac392db467319b021cb9b5fb473643f9e4a4f1be7a44656015811f612eb6d0d2
aeb7b3bfc4281d35b02dfde05ac7a6c0d3daa7f3123b35a9cbd4b5a8e3f3c310
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
cdc8b52c9402b72ef9c698027c0d2ea63058ed98b832a31d3ac57c9e7f8b35ed
d3ee0c954f26a12702c2ad4ca5fc14fa14198eadd59113a5baef17e0c1240ebe
e301943f5f3cb3486ab3f4c75c0315e96891268a76b8663b6a490324e39d1664
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e73d17fe32dbadcce452aee38173d747d00e7cc3a5270e14d307d954c95fc260
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

prevention-werllsfargro.com Open in urlscan Pro 118.139.181.41 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

25 Requests

96 %HTTPS

0 %IPv6

4 Domains

6 Subdomains

6 IPs

1 Countries

1544 kBTransfer

1824 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

15 JavaScript Global Variables

4 Cookies

prevention-werllsfargro.com Open in urlscan Pro
118.139.181.41 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

25
Requests

96 %
HTTPS

0 %
IPv6

4
Domains

6
Subdomains

6
IPs

1
Countries

1544 kB
Transfer

1824 kB
Size

4
Cookies

25 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!