wells.messagesecuritycenter.com
Open in
urlscan Pro
157.245.90.240
Malicious Activity!
Public Scan
Submission: On September 02 via api from US — Scanned from IT
Summary
TLS certificate: Issued by R10 on September 2nd 2024. Valid for: 3 months.
This is the only time wells.messagesecuritycenter.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 157.245.90.240 157.245.90.240 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
19 | 2.17.100.179 2.17.100.179 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
5 | 2.17.100.169 2.17.100.169 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 184.30.216.202 184.30.216.202 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 104.18.11.207 104.18.11.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 172.217.16.202 172.217.16.202 | 15169 (GOOGLE) (GOOGLE) | |
1 | 152.199.19.160 152.199.19.160 | 15133 (EDGECAST) (EDGECAST) | |
1 | 104.17.24.14 104.17.24.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
8 | 23.67.137.87 23.67.137.87 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
2 2 | 142.250.184.198 142.250.184.198 | 15169 (GOOGLE) (GOOGLE) | |
1 | 142.250.185.162 142.250.185.162 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2.17.100.249 2.17.100.249 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 146.75.121.230 146.75.121.230 | 54113 (FASTLY) (FASTLY) | |
2 | 35.241.45.82 35.241.45.82 | 15169 (GOOGLE) (GOOGLE) | |
49 | 14 |
ASN14061 (DIGITALOCEAN-ASN, US)
wells.messagesecuritycenter.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-179.deploy.static.akamaitechnologies.com
static.wellsfargo.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-169.deploy.static.akamaitechnologies.com
connect.secure.wellsfargo.com |
ASN16625 (AKAMAI-AS, US)
PTR: a184-30-216-202.deploy.static.akamaitechnologies.com
www10.wellsfargomedia.com |
ASN15169 (GOOGLE, US)
PTR: fra16s65-in-f10.1e100.net
media.tenor.com |
ASN16625 (AKAMAI-AS, US)
PTR: a23-67-137-87.deploy.static.akamaitechnologies.com
www15.wellsfargomedia.com |
ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f6.1e100.net
ad.doubleclick.net |
ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net
adservice.google.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-249.deploy.static.akamaitechnologies.com
rubicon.wellsfargo.com |
ASN54113 (FASTLY, US)
resources.digital-cloud-prem.medallia.com |
ASN15169 (GOOGLE, US)
PTR: 82.45.241.35.bc.googleusercontent.com
udc-neb.kampyle.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
25 |
wellsfargo.com
static.wellsfargo.com — Cisco Umbrella Rank: 17268 connect.secure.wellsfargo.com — Cisco Umbrella Rank: 16624 rubicon.wellsfargo.com — Cisco Umbrella Rank: 198616 |
533 KB |
9 |
wellsfargomedia.com
www10.wellsfargomedia.com — Cisco Umbrella Rank: 20785 www15.wellsfargomedia.com — Cisco Umbrella Rank: 40567 |
767 KB |
6 |
messagesecuritycenter.com
wells.messagesecuritycenter.com |
11 KB |
2 |
kampyle.com
udc-neb.kampyle.com — Cisco Umbrella Rank: 3965 |
517 B |
2 |
doubleclick.net
2 redirects
ad.doubleclick.net — Cisco Umbrella Rank: 210 |
3 KB |
1 |
medallia.com
resources.digital-cloud-prem.medallia.com — Cisco Umbrella Rank: 20005 |
3 KB |
1 |
google.com
adservice.google.com — Cisco Umbrella Rank: 468 |
|
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 336 |
5 KB |
1 |
aspnetcdn.com
ajax.aspnetcdn.com — Cisco Umbrella Rank: 5661 |
38 KB |
1 |
tenor.com
media.tenor.com — Cisco Umbrella Rank: 8660 |
12 KB |
1 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1832 |
7 KB |
49 | 11 |
Domain | Requested by | |
---|---|---|
19 | static.wellsfargo.com |
wells.messagesecuritycenter.com
static.wellsfargo.com |
8 | www15.wellsfargomedia.com |
wells.messagesecuritycenter.com
connect.secure.wellsfargo.com |
6 | wells.messagesecuritycenter.com |
wells.messagesecuritycenter.com
|
5 | connect.secure.wellsfargo.com |
wells.messagesecuritycenter.com
|
2 | udc-neb.kampyle.com |
static.wellsfargo.com
|
2 | ad.doubleclick.net | 2 redirects |
1 | resources.digital-cloud-prem.medallia.com |
static.wellsfargo.com
|
1 | rubicon.wellsfargo.com |
static.wellsfargo.com
|
1 | adservice.google.com |
wells.messagesecuritycenter.com
|
1 | cdnjs.cloudflare.com |
wells.messagesecuritycenter.com
|
1 | ajax.aspnetcdn.com |
wells.messagesecuritycenter.com
|
1 | media.tenor.com |
wells.messagesecuritycenter.com
|
1 | maxcdn.bootstrapcdn.com |
wells.messagesecuritycenter.com
|
1 | www10.wellsfargomedia.com |
wells.messagesecuritycenter.com
|
49 | 14 |
This site contains links to these domains. Also see Links.
Domain |
---|
oam.wellsfargo.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
wells.messagesecuritycenter.com R10 |
2024-09-02 - 2024-12-01 |
3 months | crt.sh |
static.wellsfargo.com DigiCert EV RSA CA G2 |
2024-08-14 - 2025-09-14 |
a year | crt.sh |
connect.secure.wellsfargo.com DigiCert EV RSA CA G2 |
2024-08-14 - 2025-09-14 |
a year | crt.sh |
www10.wellsfargomedia.com GeoTrust RSA CA 2018 |
2023-12-05 - 2024-12-04 |
a year | crt.sh |
bootstrapcdn.com WE1 |
2024-07-23 - 2024-10-21 |
3 months | crt.sh |
c.tenor.com WR2 |
2024-08-05 - 2024-10-28 |
3 months | crt.sh |
*.vo.msecnd.net DigiCert SHA2 Secure Server CA |
2024-06-06 - 2025-06-06 |
a year | crt.sh |
cdnjs.cloudflare.com WE1 |
2024-07-31 - 2024-10-29 |
3 months | crt.sh |
www15.wellsfargomedia.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-09-27 - 2024-09-26 |
a year | crt.sh |
*.google.com WR2 |
2024-08-05 - 2024-10-28 |
3 months | crt.sh |
rubicon.wellsfargo.com Wells Fargo Public Trust Certification Authority 01 G2 |
2024-01-25 - 2025-02-24 |
a year | crt.sh |
*.digital-cloud-prem.medallia.com SSL.com RSA SSL subCA |
2023-11-01 - 2024-12-01 |
a year | crt.sh |
*.kampyle.com SSL.com RSA SSL subCA |
2023-11-07 - 2024-12-07 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://wells.messagesecuritycenter.com/
Frame ID: 5C25C51F1D0C077247B543F99421FA12
Requests: 48 HTTP requests in this frame
Frame:
https://adservice.google.com/ddm/fls/z/src=2549153;dc_pre=CIaEluKspIgDFXnNOwIdaMoepg;type=allv40;cat=all_a012;u1=4520240102052010932720974;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u19=GA1.2.756597098.1704201605;u23=DESKTOP;ord=8668721575748.634
Frame ID: 3C5F7F6FE07F55AB86A672146A6C4932
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Sign On to View Your Personal Accounts | Wells FargoDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
AppDynamics (Analytics) Expand
Detected patterns
- adrum
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Forgot username or password?
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 41- https://ad.doubleclick.net/ddm/activity/src=2549153;type=allv40;cat=all_a012;u1=4520240102052010932720974;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u19=GA1.2.756597098.1704201605;u23=DESKTOP;ord=8668721575748.634 HTTP 302
- https://ad.doubleclick.net/ddm/activity/src=2549153;dc_pre=CIaEluKspIgDFXnNOwIdaMoepg;type=allv40;cat=all_a012;u1=4520240102052010932720974;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u19=GA1.2.756597098.1704201605;u23=DESKTOP;ord=8668721575748.634 HTTP 302
- https://adservice.google.com/ddm/fls/z/src=2549153;dc_pre=CIaEluKspIgDFXnNOwIdaMoepg;type=allv40;cat=all_a012;u1=4520240102052010932720974;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u19=GA1.2.756597098.1704201605;u23=DESKTOP;ord=8668721575748.634
49 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
wells.messagesecuritycenter.com/ |
57 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga.js
static.wellsfargo.com/tracking/ga/ |
48 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga_conversion_async.js
static.wellsfargo.com/tracking/ga/ |
35 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtag.js
static.wellsfargo.com/tracking/ga/ |
104 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtag.js
static.wellsfargo.com/tracking/ga/ |
104 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtag.js
static.wellsfargo.com/tracking/ga/ |
104 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adrum-ext.b4436be974de477658d4a93afb752165.js
wells.messagesecuritycenter.com/auth/static/scripts/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nd
connect.secure.wellsfargo.com/jenny/ |
53 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtag.js
static.wellsfargo.com/tracking/ga/ |
104 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
detector-dom.min.js
static.wellsfargo.com/tracking/gb/ |
503 KB 151 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
medallia-digital-embed.js
static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ytc.js
static.wellsfargo.com/tracking/ytc/ |
15 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
general_alt.js
wells.messagesecuritycenter.com/auth/login/static/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
general_alt.js
wells.messagesecuritycenter.com/auth/login/static/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wfui.df76c94872b557f8b8f8.css
connect.secure.wellsfargo.com/auth/static/ui/loginaltsignon/public/stylesheets/ |
114 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.6539fceb73733687f14d.css
connect.secure.wellsfargo.com/auth/static/ui/loginaltsignon/public/stylesheets/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
COB-BOB-IRT-enroll_balloons.jpg
www10.wellsfargomedia.com/auth/static/images/ |
611 KB 612 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ |
27 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
src_app_page_login_Login_js.bb7e73ad23c1d7b51bcf.chunk.css
connect.secure.wellsfargo.com/auth/static/ui/loginaltsignon/public/stylesheets/ |
135 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.3.js
static.wellsfargo.com/tracking/secure-auth/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.4.js
static.wellsfargo.com/tracking/secure-auth/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.5.js
static.wellsfargo.com/tracking/secure-auth/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.7.js
static.wellsfargo.com/tracking/secure-auth/ |
10 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.10.js
static.wellsfargo.com/tracking/secure-auth/ |
20 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.9.js
static.wellsfargo.com/tracking/secure-auth/ |
11 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.15.js
static.wellsfargo.com/tracking/secure-auth/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.21.js
static.wellsfargo.com/tracking/secure-auth/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loading-loading-gif.gif
media.tenor.com/guhB4PpjrmUAAAAM/ |
11 KB 12 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.js
static.wellsfargo.com/tracking/secure-auth/ |
36 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-userprefs.min.js
wells.messagesecuritycenter.com/auth/static/prefs/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
atadun.js
connect.secure.wellsfargo.com/auth/static/prefs/ |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
generic1697649041190.js
static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.min.js
ajax.aspnetcdn.com/ajax/jQuery/ |
85 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.mask.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/ |
20 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargosans-rg.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
0 22 KB |
Other
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargosans-sbd.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
0 22 KB |
Other
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargoserif-rg.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
0 26 KB |
Other
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargosans-rg.woff
www15.wellsfargomedia.com/wfui/css/fonts/ |
0 27 KB |
Other
application/x-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargosans-sbd.woff
www15.wellsfargomedia.com/wfui/css/fonts/ |
0 27 KB |
Other
application/x-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargoserif-rg.woff
www15.wellsfargomedia.com/wfui/css/fonts/ |
0 31 KB |
Other
application/x-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargosans-rg.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
22 KB 0 |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargosans-sbd.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
22 KB 0 |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
src=2549153;dc_pre=CIaEluKspIgDFXnNOwIdaMoepg;type=allv40;cat=all_a012;u1=4520240102052010932720974;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u19=GA1.2.756597098.1704201605;u23=DESKTOP;ord=8668721575748.634
adservice.google.com/ddm/fls/z/ Frame 3C5F Redirect Chain
|
0 0 |
Document
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
generic1703025661264.js
static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/ |
358 KB 81 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cls_report
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/ |
5 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
wells.messagesecuritycenter.com/ |
548 B 219 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
onsiteData.json
resources.digital-cloud-prem.medallia.com/wdcusprem/57907/onsite/ |
35 KB 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
track
udc-neb.kampyle.com/v1/qceuv8449dzg58ptt1bhda9g8ue19c7s/ |
59 B 199 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
__cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ |
0 318 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- static.wellsfargo.com
- URL
- https://static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/generic1697649041190.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)164 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| GooglemKTybQhCsO function| google_trackConversion string| nsigzdgryf string| NDS_LISTEN_FOCUS function| nsinnjyyh string| NDS_LISTEN_TOUCH string| NDS_LISTEN_KEYBOARD string| NDS_LISTEN_DEVICE_MOTION_SENSORS string| NDS_LISTEN_MOUSE string| NDS_LISTEN_FORM string| NDS_LISTEN_ALL string| NDS_LISTEN_NONE string| nslzptm string| nsinnjyy string| nsigzdgr string| nsqiea string| nszkcr string| nslzptmuaq function| nsqieazxb function| nsdiyuutyu string| nsjqsq string| nsjqsqe string| nsinn string| nsigzd string| nsdiy string| nsdiyuu object| nsigzdgry function| nsinnjy function| ndoIsKeyIncluded function| ndoIsModifierKey function| ndoIsNavigationKey function| ndoIsEditingKey function| ndwti function| nsezyfday function| nswtucx object| KEYBOARD_LOCATION object| KEY_TYPE_AND_LOCATION function| ndoGetKeyboardLocation function| ndoGetKeyTypeAndLocationIndicator function| nsfhj function| nsezy function| nsoaxqd function| ndoGetObjectKeys function| nsoax string| ndjsStaticVersion object| nsqieaz function| nskidwf function| nsoumvw object| nsigzdg boolean| nsqieazx number| nsdiyu number| nsjqsqeaiv object| nsigz object| nszkcrnmp object| nslzp object| nslzpt function| ndwts object| nszkc function| nskid object| nshoxfuh string| nsjqsqeai object| nds function| nswtfrkcf object| returned function| nswtfrkcfg string| version string| ndsWidgetVersion function| nsfhjf function| nskidwfzy string| nshoxfuhn string| nszkcrnm string| nsqie function| nswtfrk string| nsjqs function| nsoumvwsf string| nsinnj string| nslzptmu object| nshox object| nszkcrnmpw function| nsjqsqea function| nsdiyuut function| nshoxfuhnr function| nsfhjfonov function| nskidw function| nswtucxhoy function| nswtuc function| nsezyfda function| nsoaxqdqy function| nswtf function| nskidwfz function| nskidwfzym function| nsicd function| nswtu function| nsfhjfon function| nsoaxqdqym function| nsezyf function| nsoumvws function| nswtfr function| nsfhjfono function| attachEventListener function| nswtfrkc function| HashUtil function| validateSessionIdCookie function| nsicddas function| getEnabledEvents function| nsicddasek object| nsqieazxbv function| nsoumvwsfi function| nsezyfd function| nsoumv function| nswtucxh function| nsoaxq object| ndsapi object| google_tag_data function| ga object| gaplugins object| KAMPYLE_EMBED object| utag_cfg_ovrd object| utag function| isNotUndefinedOrNull function| getDocumentTitleLabel object| utag_data object| YAHOO object| _gbLocalStorage object| _gbSessionStorage object| _detector object| webVitals object| convertize string| gtagRename object| dataLayer function| gtag object| dotq number| counter string| GTAG_TYPE object| GTAG_CONFIG object| Nf object| Of function| Pf object| google_tag_manager function| $ function| jQuery string| MDIGITAL_ON_PREM_PREFIX object| MDIGITAL object| KAMPYLE_CONSTANT object| KAMPYLE_FUNC object| KAMPYLE_DATA object| KAMPYLE_TARGETING object| KAMPYLE_ANIMATION object| KAMPYLE_VIEW object| KAMPYLE_MESSAGE object| KAMPYLE_UTILS object| KAMPYLE_EVENT_DISPATCHER object| KAMPYLE_GA object| MDIGITAL_ELEMENT_BUILDER object| COOLADATA_CODE object| KAMPYLE_COOLADATA object| KAMPYLE_COMMON object| KAMPYLE_THERMO_TEALEAF_FUNC object| KAMPYLE_ADOBE_ANALYTICS object| KAMPYLE_SCREEN_CAPTURE object| KAMPYLE_ONSITE_SDK object| KAMPYLE_INTEGRATION object| cooladata9 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38 | Name: _cls_cfgver Value: 201c2b80 |
|
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38 | Name: _cls_v Value: 9e4d2631-3d71-4536-a713-e06dd22f4a5b |
|
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38 | Name: _cls_s Value: 489e3c17-a0e5-4d5f-9536-911c1c55e00e:0 |
|
.messagesecuritycenter.com/ | Name: utag_main Value: v_id:0191b2e468d60019cebd83ea52f205065002805d00b08$_sn:1$_se:1%3Bexp-session$_ss:1%3Bexp-session$_st:1725284999196%3Bexp-session$ses_id:1725283199196%3Bexp-session$_pn:1%3Bexp-session |
|
.messagesecuritycenter.com/ | Name: _cls_v Value: 9e4d2631-3d71-4536-a713-e06dd22f4a5b |
|
.messagesecuritycenter.com/ | Name: _cls_s Value: 489e3c17-a0e5-4d5f-9536-911c1c55e00e:0 |
|
.doubleclick.net/ | Name: test_cookie Value: CheckForPermission |
|
.doubleclick.net/ | Name: ar_debug Value: 1 |
|
.doubleclick.net/ | Name: receive-cookie-deprecation Value: 1 |
11 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ad.doubleclick.net
adservice.google.com
ajax.aspnetcdn.com
cdnjs.cloudflare.com
connect.secure.wellsfargo.com
maxcdn.bootstrapcdn.com
media.tenor.com
resources.digital-cloud-prem.medallia.com
rubicon.wellsfargo.com
static.wellsfargo.com
udc-neb.kampyle.com
wells.messagesecuritycenter.com
www10.wellsfargomedia.com
www15.wellsfargomedia.com
static.wellsfargo.com
104.17.24.14
104.18.11.207
142.250.184.198
142.250.185.162
146.75.121.230
152.199.19.160
157.245.90.240
172.217.16.202
184.30.216.202
2.17.100.169
2.17.100.179
2.17.100.249
23.67.137.87
35.241.45.82
050e2aa89c3945fa04373c714347297146adebc89effa9e41c0df8090ba0ed51
052776ce5bb96d76cced9b9d9d5cc8ab2110e33eaba59f6cd3259642a83ff4d4
0af458d4f83f544f1c1dec5b88a5379a42d02d8fc8969a39002ee380cb6e6097
0b2af045acafbdf14516bf55f310568036ace959946d16edb1acebcd58029d22
13291c7a822148ddc4fa2d17b5076114d25f4707c3c44b2f9b5449ab9ab728c1
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1eb822991702356efc7f44c031eda1c3932396c708416befb0a7165f3e651692
1eeda03edbc2bb72ab44077bd30e718f3a9b2a2dcb493b9cc05976a2a1d7f2ec
3636799d3181248d5db968a7851b9aa972ea77f64b3cba9ce6b0a8933106c0c2
384f41d37d3a9be1a72e761589096fcce4119150ea81ead29ba758514d321e94
412d7679e90f175d2b2e29e7804d2544131d66577e212943defba9bf17ec0dc9
4bf1fc5bf117644041ea36b4f348ca6aad33f880bc5587d44cc4500507fab8ce
5b6829fb322038e7a730066951b89535688e7fada753ba78f2bd8c1ebdf3b35e
62575ab13c76dd901434c782bf0fe360ca100f517ebf4a7c650694a3ec5c4120
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
6aa606ed689e61a4c9c959c43e8b66eba4c943cbabfb39a8da74f4a3a0d24c44
6c771bd1c269646a76015f2f6410a40c031e5adea88f665bfe9ae15a972ab6ab
a516686d918dbcae3fe0309b18aae7a0715d66c754c73cef89a6c494c3a81780
a75300c2a3b133986210f187b3222c76646c18cbf13a69917bbdcf96caf8e698
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
adbca63acdee1261254ba7c9399650249a79e2d1f1e056108fd53eb21cfc7a73
b8325d272c72a041414d9fb349e9d4bca5e7fc8ad66f47a719e491960afa5683
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
c3da138d9164db792ba6876aa7582949c985b072ee1ac5de2b20fc60153226c0
cbc1399b82e42018fbc8b8b9277200665d6367c9134ead9308ea5e568b00e459
d05c6eece255484babbedeb74b3a5b19daaa9763049e08362b82cfdf1fc8bfbe
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
de5f63b7382d3479f84e396eb2b19ea62be6a30a6292bbf5b95d46716be552c7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e632bced152c5182233b9d9ca945e1ae06d0f3d2d0ec5981bccf7ec0750a69b6
f0b9cce24b2c66fc260c019d4ff06a246fd49346ddde0e37d1ee5624c581267b
fa7432fc26791d56392fbfe25f9335e46c7f0d85e772c7bf7ec2d62e6a3a8ce9
fc15bb4896d216769cf5e8b4ee14d4d6868b712cd06d32bd6ca6c94885bbcf78