authentication-options-wells-fargo.com Open in urlscan Pro
185.77.129.130  Malicious Activity! Public Scan

URL: http://authentication-options-wells-fargo.com/
Submission: On March 02 via api from US

Summary

This website contacted 5 IPs in 3 countries across 3 domains to perform 15 HTTP transactions. The main IP is 185.77.129.130, located in Belize and belongs to QHOSTER, BG. The main domain is authentication-options-wells-fargo.com.
This is the only time authentication-options-wells-fargo.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

IP Address AS Autonomous System
2 185.77.129.130 201630 (QHOSTER)
11 159.45.2.180 10837 (WELLSFARG...)
1 23.79.130.83 16625 (AKAMAI-AS)
1 23.79.159.101 16625 (AKAMAI-AS)
15 5
Domain Requested by
11 oam.wellsfargo.com authentication-options-wells-fargo.com
2 authentication-options-wells-fargo.com authentication-options-wells-fargo.com
1 www01.wellsfargomedia.com authentication-options-wells-fargo.com
1 www10.wellsfargomedia.com authentication-options-wells-fargo.com
15 4

This site contains links to these domains. Also see Links.

Domain
www.wellsfargo.com
Subject Issuer Validity Valid
oam.wellsfargo.com
DigiCert EV RSA CA G2
2020-07-09 -
2022-07-14
2 years crt.sh
www10.wellsfargomedia.com
GeoTrust RSA CA 2018
2020-06-30 -
2021-06-20
a year crt.sh
www01.wellsfargomedia.com
GeoTrust RSA CA 2018
2020-03-21 -
2021-06-20
a year crt.sh

This page contains 1 frames:

Primary Page: http://authentication-options-wells-fargo.com/
Frame ID: A63628CE0701F95F7B00A146257C8E23
Requests: 16 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Ubuntu/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

15
Requests

87 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

5
IPs

3
Countries

46 kB
Transfer

89 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set /
authentication-options-wells-fargo.com/
15 KB
5 KB
Document
General
Full URL
http://authentication-options-wells-fargo.com/
Protocol
HTTP/1.1
Server
185.77.129.130 , Belize, ASN201630 (QHOSTER, BG),
Reverse DNS
mta130.fireflyonline.co.za
Software
Apache/2.4.18 (Ubuntu) /
Resource Hash
d3f5fbdceb00d016f4f758ce1185b9179762e999c0b4c0812cfe5f12316671b0

Request headers

Host
authentication-options-wells-fargo.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 02 Mar 2021 06:31:10 GMT
Server
Apache/2.4.18 (Ubuntu)
Set-Cookie
PHPSESSID=21tu3o8vi6nsdqcc9am7d0ai42; path=/
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
5015
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
theme.ssep.css
oam.wellsfargo.com/oam/static/css/ssep/
12 KB
3 KB
Stylesheet
General
Full URL
https://oam.wellsfargo.com/oam/static/css/ssep/theme.ssep.css?v=EE374AC165
Requested by
Host: authentication-options-wells-fargo.com
URL: http://authentication-options-wells-fargo.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
1eca35898aeb7c7f4ea4ad15162bc445ae428bd31c98a85595b6eaf52cedf08a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://authentication-options-wells-fargo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 02 Mar 2021 06:31:11 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Connection
Keep-Alive
Content-Length
2049
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 09 Feb 2021 04:39:37 GMT
Server
KONICHIWA/1.1
X-Frame-Options
SAMEORIGIN
ETag
"31dc-5badfdfb5b56d-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Type
text/css
Cache-Control
max-age=86400
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
masthead.css
oam.wellsfargo.com/oam/static/css/bim/masthead/
5 KB
2 KB
Stylesheet
General
Full URL
https://oam.wellsfargo.com/oam/static/css/bim/masthead/masthead.css?v=EE374AC165
Requested by
Host: authentication-options-wells-fargo.com
URL: http://authentication-options-wells-fargo.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
02e16100764ca3cf83cec92c1a2a03b51814d7b2517ebf64358dce66cedce48c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://authentication-options-wells-fargo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 02 Mar 2021 06:31:11 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Connection
Keep-Alive
Content-Length
876
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 09 Feb 2021 04:39:39 GMT
Server
KONICHIWA/1.1
X-Frame-Options
SAMEORIGIN
ETag
"1587-5badfdfda6906-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Type
text/css
Cache-Control
max-age=86400
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
footer.css
oam.wellsfargo.com/oam/static/css/bim/footer/
3 KB
1 KB
Stylesheet
General
Full URL
https://oam.wellsfargo.com/oam/static/css/bim/footer/footer.css?v=EE374AC165
Requested by
Host: authentication-options-wells-fargo.com
URL: http://authentication-options-wells-fargo.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
88c1c66b4d38de38ee4868c78ff224f76a8dcba3095f366775ed3ccf264cb9d8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://authentication-options-wells-fargo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 02 Mar 2021 06:31:11 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Connection
Keep-Alive
Content-Length
744
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 09 Feb 2021 04:39:38 GMT
Server
KONICHIWA/1.1
X-Frame-Options
SAMEORIGIN
ETag
"cbf-5badfdfc6dc0f-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Type
text/css
Cache-Control
max-age=86400
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
button.css
oam.wellsfargo.com/oam/static/css/bim/button/
2 KB
1 KB
Stylesheet
General
Full URL
https://oam.wellsfargo.com/oam/static/css/bim/button/button.css?v=EE374AC165
Requested by
Host: authentication-options-wells-fargo.com
URL: http://authentication-options-wells-fargo.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
b9049efffaa384bc5b4018a76676a3e5ef5a03a602d95fe304f702525f1a4779
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://authentication-options-wells-fargo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 02 Mar 2021 06:31:11 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Connection
Keep-Alive
Content-Length
590
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 09 Feb 2021 04:39:39 GMT
Server
KONICHIWA/1.1
X-Frame-Options
SAMEORIGIN
ETag
"7ed-5badfdfda651e-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Type
text/css
Cache-Control
max-age=86400
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
theme.ssep.messaging.css
oam.wellsfargo.com/oam/static/css/ssep/
4 KB
2 KB
Stylesheet
General
Full URL
https://oam.wellsfargo.com/oam/static/css/ssep/theme.ssep.messaging.css?v=EE374AC165
Requested by
Host: authentication-options-wells-fargo.com
URL: http://authentication-options-wells-fargo.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
872c9ca9be690c4ea9d7e7d402470ef053ecc7bde2ab01068452d795b37cd540
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://authentication-options-wells-fargo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 02 Mar 2021 06:31:11 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Connection
Keep-Alive
Content-Length
758
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 09 Feb 2021 04:39:38 GMT
Server
KONICHIWA/1.1
X-Frame-Options
SAMEORIGIN
ETag
"f51-5badfdfcca342-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Type
text/css
Cache-Control
max-age=86400
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
theme.ssep.input.css
oam.wellsfargo.com/oam/static/css/ssep/
1 KB
1 KB
Stylesheet
General
Full URL
https://oam.wellsfargo.com/oam/static/css/ssep/theme.ssep.input.css?v=EE374AC165
Requested by
Host: authentication-options-wells-fargo.com
URL: http://authentication-options-wells-fargo.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
15a1c771dbbed834f8497627b7879a2f438bd4df5d3df8852c49e1f6581c479a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://authentication-options-wells-fargo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 02 Mar 2021 06:31:11 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Connection
Keep-Alive
Content-Length
414
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 09 Feb 2021 04:39:38 GMT
Server
KONICHIWA/1.1
X-Frame-Options
SAMEORIGIN
ETag
"517-5badfdfc935c2-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Type
text/css
Cache-Control
max-age=86400
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
theme.ssep.dropdown.selector.css
oam.wellsfargo.com/oam/static/css/ssep/
6 KB
3 KB
Stylesheet
General
Full URL
https://oam.wellsfargo.com/oam/static/css/ssep/theme.ssep.dropdown.selector.css?v=EE374AC165
Requested by
Host: authentication-options-wells-fargo.com
URL: http://authentication-options-wells-fargo.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
d97bba3cd654c4c2df13c0abc219e99691aad0276a6fd2287ca835f2f7b0214e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://authentication-options-wells-fargo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 02 Mar 2021 06:31:11 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Connection
Keep-Alive
Content-Length
2189
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 09 Feb 2021 04:39:38 GMT
Server
KONICHIWA/1.1
X-Frame-Options
SAMEORIGIN
ETag
"19e5-5badfdfc81036-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Type
text/css
Cache-Control
max-age=86400
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
theme.ssep.popover.css
oam.wellsfargo.com/oam/static/css/ssep/
6 KB
4 KB
Stylesheet
General
Full URL
https://oam.wellsfargo.com/oam/static/css/ssep/theme.ssep.popover.css?v=EE374AC165
Requested by
Host: authentication-options-wells-fargo.com
URL: http://authentication-options-wells-fargo.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
e2830d975f83aab8c06d41c36c6d3df1161b12bd874a781a0daabd68e503c911
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://authentication-options-wells-fargo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 02 Mar 2021 06:31:11 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Connection
Keep-Alive
Content-Length
3046
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 09 Feb 2021 04:39:37 GMT
Server
KONICHIWA/1.1
X-Frame-Options
SAMEORIGIN
ETag
"19e8-5badfdfb5c125-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Type
text/css
Cache-Control
max-age=86400
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
theme.ssep.tabs.css
oam.wellsfargo.com/oam/static/css/ssep/
8 KB
5 KB
Stylesheet
General
Full URL
https://oam.wellsfargo.com/oam/static/css/ssep/theme.ssep.tabs.css?v=EE374AC165
Requested by
Host: authentication-options-wells-fargo.com
URL: http://authentication-options-wells-fargo.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
a0686edbc495d60b175d648c206ff79ebc360b5173c139937eb3ae9c54adba71
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://authentication-options-wells-fargo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 02 Mar 2021 06:31:11 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Connection
Keep-Alive
Content-Length
4279
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 09 Feb 2021 04:39:38 GMT
Server
KONICHIWA/1.1
X-Frame-Options
SAMEORIGIN
ETag
"1e24-5badfdfce0450-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Type
text/css
Cache-Control
max-age=86400
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
theme.ssep.timeout.css
oam.wellsfargo.com/oam/static/css/ssep/
1 KB
1 KB
Stylesheet
General
Full URL
https://oam.wellsfargo.com/oam/static/css/ssep/theme.ssep.timeout.css?v=EE374AC165
Requested by
Host: authentication-options-wells-fargo.com
URL: http://authentication-options-wells-fargo.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
9fd6c5aa6c7585c1e5e3f3a08b673813b06220d94d8b6da24b491fc03e5f968c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://authentication-options-wells-fargo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 02 Mar 2021 06:31:11 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Connection
Keep-Alive
Content-Length
521
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 09 Feb 2021 04:39:38 GMT
Server
KONICHIWA/1.1
X-Frame-Options
SAMEORIGIN
ETag
"5d9-5badfdfce0450-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Type
text/css
Cache-Control
max-age=86400
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
twofa.bim.css
oam.wellsfargo.com/oam/static/css/twofa/
6 KB
2 KB
Stylesheet
General
Full URL
https://oam.wellsfargo.com/oam/static/css/twofa/twofa.bim.css?v=EE374AC165
Requested by
Host: authentication-options-wells-fargo.com
URL: http://authentication-options-wells-fargo.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837, US),
Reverse DNS
Software
KONICHIWA/1.1 /
Resource Hash
70c6d8be1db7f533d4c67173b1b683a6fdcd75dd866b675438aac0df8482351f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://authentication-options-wells-fargo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 02 Mar 2021 06:31:11 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Connection
Keep-Alive
Content-Length
1358
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 09 Feb 2021 04:39:37 GMT
Server
KONICHIWA/1.1
X-Frame-Options
SAMEORIGIN
ETag
"168e-5badfdfbfbc6c-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Type
text/css
Cache-Control
max-age=86400
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
masthead-wf_logo-e-148x16.svg
www10.wellsfargomedia.com/auth/static/images/
5 KB
2 KB
Image
General
Full URL
https://www10.wellsfargomedia.com/auth/static/images/masthead-wf_logo-e-148x16.svg
Requested by
Host: authentication-options-wells-fargo.com
URL: http://authentication-options-wells-fargo.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.79.130.83 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-130-83.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
bc6c8086d8f0fb627b7a8b0127f517ed309972a13f8d91249541f4f3ddc2d5f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://authentication-options-wells-fargo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Encoding
br
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
1917
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 15 Dec 2020 18:34:23 GMT
Server
Akamai Resource Optimizer
X-Frame-Options
SAMEORIGIN
Date
Tue, 02 Mar 2021 06:31:11 GMT
Vary
Accept-Encoding
Content-Type
image/svg+xml
Cache-Control
max-age=10368000
ETag
"15c9-5b4d4ac866897"
Accept-Ranges
bytes
Expires
Wed, 30 Jun 2021 06:31:11 GMT
unnamed.png
authentication-options-wells-fargo.com/surance_files/
12 KB
12 KB
Image
General
Full URL
http://authentication-options-wells-fargo.com/surance_files/unnamed.png
Requested by
Host: authentication-options-wells-fargo.com
URL: http://authentication-options-wells-fargo.com/
Protocol
HTTP/1.1
Server
185.77.129.130 , Belize, ASN201630 (QHOSTER, BG),
Reverse DNS
mta130.fireflyonline.co.za
Software
Apache/2.4.18 (Ubuntu) /
Resource Hash
5c18960f47e79b45abbd1b377b65e0e616f23476966adb10d9d77ed72c861ef4

Request headers

Referer
http://authentication-options-wells-fargo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 02 Mar 2021 06:31:10 GMT
Last-Modified
Sat, 05 Sep 2020 09:16:24 GMT
Server
Apache/2.4.18 (Ubuntu)
ETag
"30c2-5ae8d7076aa00"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
12482
truncated
/
270 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e2f1104899a430463d7632028c7b5cd2716148d65e7be31302449540190cce84

Request headers

Referer
http://authentication-options-wells-fargo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
alert-information.svg
www01.wellsfargomedia.com/assets/_mobile/images/global/
454 B
785 B
Image
General
Full URL
https://www01.wellsfargomedia.com/assets/_mobile/images/global/alert-information.svg
Requested by
Host: authentication-options-wells-fargo.com
URL: http://authentication-options-wells-fargo.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.79.159.101 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-159-101.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
35b94bdfdf9720f23792133ecff51115d70b8ad67938b467184d6c3aeed3fca5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://authentication-options-wells-fargo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Encoding
br
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
247
X-XSS-Protection
1; mode=block
Last-Modified
Thu, 25 Feb 2021 04:06:00 GMT
Server
Akamai Resource Optimizer
X-Frame-Options
SAMEORIGIN
Date
Tue, 02 Mar 2021 06:31:11 GMT
Vary
Accept-Encoding
Content-Type
image/svg+xml
Cache-Control
max-age=15112753
ETag
"1c6-58119e30d04c0"
Accept-Ranges
bytes
Expires
Tue, 24 Aug 2021 04:30:24 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated object| antiClickjack

1 Cookies

Domain/Path Name / Value
authentication-options-wells-fargo.com/ Name: PHPSESSID
Value: 21tu3o8vi6nsdqcc9am7d0ai42