dj92rw-5000.csb.app
Open in
urlscan Pro
104.18.6.184
Malicious Activity!
Public Scan
Submission: On August 03 via api from US — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 30th 2023. Valid for: a year.
This is the only time dj92rw-5000.csb.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 104.18.6.184 104.18.6.184 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
19 | 2.17.100.179 2.17.100.179 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
5 | 2.17.100.169 2.17.100.169 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 23.45.105.91 23.45.105.91 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 104.18.11.207 104.18.11.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.18.28.19 104.18.28.19 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:830::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 152.199.19.160 152.199.19.160 | 15133 (EDGECAST) (EDGECAST) | |
1 | 104.17.25.14 104.17.25.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 23.67.137.87 23.67.137.87 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
2 2 | 172.217.18.6 172.217.18.6 | 15169 (GOOGLE) (GOOGLE) | |
1 | 142.250.185.66 142.250.185.66 | 15169 (GOOGLE) (GOOGLE) | |
1 | 104.18.29.19 104.18.29.19 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2.17.100.249 2.17.100.249 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 146.75.121.230 146.75.121.230 | 54113 (FASTLY) (FASTLY) | |
2 | 35.241.45.82 35.241.45.82 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
51 | 16 |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-179.deploy.static.akamaitechnologies.com
static.wellsfargo.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-169.deploy.static.akamaitechnologies.com
connect.secure.wellsfargo.com |
ASN16625 (AKAMAI-AS, US)
PTR: a23-45-105-91.deploy.static.akamaitechnologies.com
www10.wellsfargomedia.com |
ASN16625 (AKAMAI-AS, US)
PTR: a23-67-137-87.deploy.static.akamaitechnologies.com
www15.wellsfargomedia.com |
ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f6.1e100.net
ad.doubleclick.net |
ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net
adservice.google.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-249.deploy.static.akamaitechnologies.com
rubicon.wellsfargo.com |
ASN54113 (FASTLY, US)
resources.digital-cloud-prem.medallia.com |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 82.45.241.35.bc.googleusercontent.com
udc-neb.kampyle.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
25 |
wellsfargo.com
static.wellsfargo.com — Cisco Umbrella Rank: 17268 connect.secure.wellsfargo.com — Cisco Umbrella Rank: 16624 rubicon.wellsfargo.com — Cisco Umbrella Rank: 198616 |
537 KB |
7 |
wellsfargomedia.com
www10.wellsfargomedia.com — Cisco Umbrella Rank: 20785 www15.wellsfargomedia.com — Cisco Umbrella Rank: 40567 |
709 KB |
6 |
csb.app
dj92rw-5000.csb.app |
18 KB |
2 |
kampyle.com
udc-neb.kampyle.com — Cisco Umbrella Rank: 3965 |
395 B |
2 |
doubleclick.net
2 redirects
ad.doubleclick.net — Cisco Umbrella Rank: 210 |
48 B |
2 |
codesandbox.io
codesandbox.io — Cisco Umbrella Rank: 209528 |
56 KB |
1 |
medallia.com
resources.digital-cloud-prem.medallia.com — Cisco Umbrella Rank: 20005 |
3 KB |
1 |
google.com
adservice.google.com — Cisco Umbrella Rank: 468 |
|
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 336 |
5 KB |
1 |
aspnetcdn.com
ajax.aspnetcdn.com — Cisco Umbrella Rank: 5661 |
30 KB |
1 |
tenor.com
media.tenor.com — Cisco Umbrella Rank: 8660 |
12 KB |
1 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1832 |
7 KB |
51 | 12 |
Domain | Requested by | |
---|---|---|
19 | static.wellsfargo.com |
dj92rw-5000.csb.app
static.wellsfargo.com |
6 | www15.wellsfargomedia.com |
dj92rw-5000.csb.app
connect.secure.wellsfargo.com |
6 | dj92rw-5000.csb.app |
dj92rw-5000.csb.app
|
5 | connect.secure.wellsfargo.com |
dj92rw-5000.csb.app
|
2 | udc-neb.kampyle.com | |
2 | ad.doubleclick.net | 2 redirects |
2 | codesandbox.io |
dj92rw-5000.csb.app
codesandbox.io |
1 | resources.digital-cloud-prem.medallia.com |
static.wellsfargo.com
|
1 | rubicon.wellsfargo.com |
static.wellsfargo.com
|
1 | adservice.google.com |
dj92rw-5000.csb.app
|
1 | cdnjs.cloudflare.com |
dj92rw-5000.csb.app
|
1 | ajax.aspnetcdn.com |
dj92rw-5000.csb.app
|
1 | media.tenor.com |
dj92rw-5000.csb.app
|
1 | maxcdn.bootstrapcdn.com |
dj92rw-5000.csb.app
|
1 | www10.wellsfargomedia.com |
dj92rw-5000.csb.app
|
51 | 15 |
This site contains links to these domains. Also see Links.
Domain |
---|
oam.wellsfargo.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
csb.app Cloudflare Inc ECC CA-3 |
2023-12-30 - 2024-12-29 |
a year | crt.sh |
static.wellsfargo.com DigiCert EV RSA CA G2 |
2023-08-30 - 2024-09-29 |
a year | crt.sh |
connect.secure.wellsfargo.com DigiCert EV RSA CA G2 |
2023-08-29 - 2024-09-28 |
a year | crt.sh |
www10.wellsfargomedia.com GeoTrust RSA CA 2018 |
2023-12-05 - 2024-12-04 |
a year | crt.sh |
bootstrapcdn.com WE1 |
2024-07-23 - 2024-10-21 |
3 months | crt.sh |
codesandbox.io E6 |
2024-07-21 - 2024-10-19 |
3 months | crt.sh |
c.tenor.com WR2 |
2024-07-30 - 2024-10-22 |
3 months | crt.sh |
*.vo.msecnd.net DigiCert SHA2 Secure Server CA |
2024-06-06 - 2025-06-06 |
a year | crt.sh |
cdnjs.cloudflare.com WE1 |
2024-07-31 - 2024-10-29 |
3 months | crt.sh |
www15.wellsfargomedia.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-09-27 - 2024-09-26 |
a year | crt.sh |
*.google.com WR2 |
2024-07-30 - 2024-10-22 |
3 months | crt.sh |
rubicon.wellsfargo.com Wells Fargo Public Trust Certification Authority 01 G2 |
2024-01-25 - 2025-02-24 |
a year | crt.sh |
*.digital-cloud-prem.medallia.com SSL.com RSA SSL subCA |
2023-11-01 - 2024-12-01 |
a year | crt.sh |
*.kampyle.com SSL.com RSA SSL subCA |
2023-11-07 - 2024-12-07 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://dj92rw-5000.csb.app/
Frame ID: 644C25AD9D8F6E1E890B41DF5492BAB8
Requests: 49 HTTP requests in this frame
Frame:
https://adservice.google.com/ddm/fls/z/src=2549153;dc_pre=CJn4wvzo14cDFRgJogMdS3sL4w;type=allv40;cat=all_a012;u1=4520240102052010932720974;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u19=GA1.2.756597098.1704201605;u23=DESKTOP;ord=8668721575748.634
Frame ID: C7CB8C266C30E4B054C001A0E3675FCC
Requests: 1 HTTP requests in this frame
Frame:
https://codesandbox.io/p/devtool/inline-preview/dj92rw-5000
Frame ID: B1589236C533AD3099CAEF64EDD9567E
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Sign On to View Your Personal Accounts | Wells FargoDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
AppDynamics (Analytics) Expand
Detected patterns
- adrum
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Forgot username or password?
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 42- https://ad.doubleclick.net/ddm/activity/src=2549153;type=allv40;cat=all_a012;u1=4520240102052010932720974;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u19=GA1.2.756597098.1704201605;u23=DESKTOP;ord=8668721575748.634 HTTP 302
- https://ad.doubleclick.net/ddm/activity/src=2549153;dc_pre=CJn4wvzo14cDFRgJogMdS3sL4w;type=allv40;cat=all_a012;u1=4520240102052010932720974;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u19=GA1.2.756597098.1704201605;u23=DESKTOP;ord=8668721575748.634 HTTP 302
- https://adservice.google.com/ddm/fls/z/src=2549153;dc_pre=CJn4wvzo14cDFRgJogMdS3sL4w;type=allv40;cat=all_a012;u1=4520240102052010932720974;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u19=GA1.2.756597098.1704201605;u23=DESKTOP;ord=8668721575748.634
51 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
/
dj92rw-5000.csb.app/ |
132 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ga.js
static.wellsfargo.com/tracking/ga/ |
48 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ga_conversion_async.js
static.wellsfargo.com/tracking/ga/ |
35 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gtag.js
static.wellsfargo.com/tracking/ga/ |
104 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gtag.js
static.wellsfargo.com/tracking/ga/ |
104 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gtag.js
static.wellsfargo.com/tracking/ga/ |
104 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
adrum-ext.b4436be974de477658d4a93afb752165.js
dj92rw-5000.csb.app/auth/static/scripts/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nd
connect.secure.wellsfargo.com/jenny/ |
53 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gtag.js
static.wellsfargo.com/tracking/ga/ |
104 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
detector-dom.min.js
static.wellsfargo.com/tracking/gb/ |
503 KB 151 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
medallia-digital-embed.js
static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ytc.js
static.wellsfargo.com/tracking/ytc/ |
15 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
general_alt.js
dj92rw-5000.csb.app/auth/login/static/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
general_alt.js
dj92rw-5000.csb.app/auth/login/static/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wfui.df76c94872b557f8b8f8.css
connect.secure.wellsfargo.com/auth/static/ui/loginaltsignon/public/stylesheets/ |
114 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.6539fceb73733687f14d.css
connect.secure.wellsfargo.com/auth/static/ui/loginaltsignon/public/stylesheets/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
COB-BOB-IRT-enroll_balloons.jpg
www10.wellsfargomedia.com/auth/static/images/ |
611 KB 612 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ |
27 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
src_app_page_login_Login_js.bb7e73ad23c1d7b51bcf.chunk.css
connect.secure.wellsfargo.com/auth/static/ui/loginaltsignon/public/stylesheets/ |
135 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.3.js
static.wellsfargo.com/tracking/secure-auth/ |
5 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.4.js
static.wellsfargo.com/tracking/secure-auth/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.5.js
static.wellsfargo.com/tracking/secure-auth/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.7.js
static.wellsfargo.com/tracking/secure-auth/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.10.js
static.wellsfargo.com/tracking/secure-auth/ |
20 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.9.js
static.wellsfargo.com/tracking/secure-auth/ |
11 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.15.js
static.wellsfargo.com/tracking/secure-auth/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.21.js
static.wellsfargo.com/tracking/secure-auth/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
preview-protocol.js
codesandbox.io/p/ |
176 KB 56 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loading-loading-gif.gif
media.tenor.com/guhB4PpjrmUAAAAM/ |
11 KB 12 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.js
static.wellsfargo.com/tracking/secure-auth/ |
36 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
login-userprefs.min.js
dj92rw-5000.csb.app/auth/static/prefs/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
atadun.js
connect.secure.wellsfargo.com/auth/static/prefs/ |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
generic1697649041190.js
static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.min.js
ajax.aspnetcdn.com/ajax/jQuery/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.mask.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/ |
20 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargosans-rg.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
0 22 KB |
Other
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargosans-sbd.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
0 0 |
Other
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargoserif-rg.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
0 26 KB |
Other
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargosans-rg.woff
www15.wellsfargomedia.com/wfui/css/fonts/ |
0 27 KB |
Other
application/x-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
wellsfargosans-sbd.woff
www15.wellsfargomedia.com/wfui/css/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
wellsfargoserif-rg.woff
www15.wellsfargomedia.com/wfui/css/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargosans-rg.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
22 KB 0 |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargosans-sbd.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
22 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
src=2549153;dc_pre=CJn4wvzo14cDFRgJogMdS3sL4w;type=allv40;cat=all_a012;u1=4520240102052010932720974;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u19=GA1.2.756597098.1704201605;u23=DESKTOP;ord=8668721575748.634
adservice.google.com/ddm/fls/z/ Frame C7CB Redirect Chain
|
0 0 |
Document
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
dj92rw-5000
codesandbox.io/p/devtool/inline-preview/ Frame B158 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
generic1703025661264.js
static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/ |
358 KB 81 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cls_report
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/ |
5 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
dj92rw-5000.csb.app/ |
2 KB 857 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
onsiteData.json
resources.digital-cloud-prem.medallia.com/wdcusprem/57907/onsite/ |
35 KB 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
__cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ |
0 77 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
__cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ |
0 318 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- static.wellsfargo.com
- URL
- https://static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/generic1697649041190.js
- Domain
- www15.wellsfargomedia.com
- URL
- https://www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-sbd.woff
- Domain
- www15.wellsfargomedia.com
- URL
- https://www15.wellsfargomedia.com/wfui/css/fonts/wellsfargoserif-rg.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)160 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| __REACT_DEVTOOLS_GLOBAL_HOOK__ function| GooglemKTybQhCsO function| google_trackConversion object| google_tag_data function| ga object| gaplugins string| nscmwmdjc string| NDS_LISTEN_FOCUS string| NDS_LISTEN_TOUCH string| NDS_LISTEN_KEYBOARD function| nsvgfhkqrt function| nszkq string| NDS_LISTEN_DEVICE_MOTION_SENSORS string| NDS_LISTEN_MOUSE string| NDS_LISTEN_FORM string| NDS_LISTEN_ALL string| NDS_LISTEN_NONE string| nsbkemeri string| nshmrnzzlq string| nshttvglf function| nscmwmdj string| nshmrnzz string| nshttvg string| nsvgfhkq string| nshmrnz function| nshttv string| nshmr string| nscmwmd string| nskaxhefv string| nshmrnzzl string| nsqdaxb object| nshttvglfi function| nswjysese function| nsbimlz function| nshfkziet function| ndoIsKeyIncluded function| ndoIsModifierKey function| ndoIsNavigationKey function| nsxgy function| ndoIsEditingKey object| KEYBOARD_LOCATION function| nshfkz function| nswjyses object| KEY_TYPE_AND_LOCATION function| nswjy function| ndoGetKeyboardLocation function| ndoGetKeyTypeAndLocationIndicator function| getEnabledEvents function| ndoGetObjectKeys function| nswjys string| ndjsStaticVersion object| nsqdaxbml object| nsbke function| nsgpwdhok boolean| nszkqe number| nskaxhefvy number| nscmwm object| nshttvgl object| nsbkem object| nsvgfhkqr function| nsgpwdhoky function| ndwti object| nsbkeme object| nsqdaxbmlb object| nsbkemer string| nscmwmdjcz object| nds object| returned string| version string| ndsWidgetVersion function| nsmwg string| nskaxhe string| nskaxh string| nscmw string| nsqda string| nszkqeqrbf string| nsqdaxbm object| nsqdax function| nsjgubac function| validateSessionIdCookie object| nszkqeqr function| nsjgubacmh function| nskax function| nszkqeqrb function| nskaxhef function| nsmwgchyk function| nshfkzietv function| nsbiml function| attachEventListener function| nsbimlzthx function| nsxgysdimn function| nsmwgc function| nsmwgchy function| nswjyse function| nsxgysdi function| nsplv function| nsgpwd function| nsplvzqtvm function| nsbimlzt function| nsmwgch function| nsplvzqt function| nsjgu function| HashUtil function| nshfk function| nsgpwdh function| nsgpw function| nswjyseset function| nsplvzq object| nsbkemeriv function| nsxgys function| nsxgysdim function| ndwts function| nsjguba function| nsjgubacm object| ndsapi string| GTAG_TYPE object| GTAG_CONFIG number| counter function| $ function| jQuery object| KAMPYLE_EMBED object| YAHOO object| dotq object| CODESANDBOX_PREVIEW object| __CSB_PREVIEW_PROTOCOL object| utag_cfg_ovrd object| utag function| isNotUndefinedOrNull function| getDocumentTitleLabel object| utag_data object| _gbLocalStorage object| _gbSessionStorage object| _detector object| webVitals object| convertize string| MDIGITAL_ON_PREM_PREFIX function| enableLocalhostProxy object| MDIGITAL object| KAMPYLE_CONSTANT object| KAMPYLE_FUNC object| KAMPYLE_DATA object| KAMPYLE_TARGETING object| KAMPYLE_ANIMATION object| KAMPYLE_VIEW object| KAMPYLE_MESSAGE object| KAMPYLE_UTILS object| KAMPYLE_EVENT_DISPATCHER object| KAMPYLE_GA object| MDIGITAL_ELEMENT_BUILDER object| COOLADATA_CODE object| KAMPYLE_COOLADATA object| KAMPYLE_COMMON object| KAMPYLE_THERMO_TEALEAF_FUNC object| KAMPYLE_ADOBE_ANALYTICS object| KAMPYLE_SCREEN_CAPTURE object| KAMPYLE_ONSITE_SDK object| KAMPYLE_INTEGRATION object| cooladata9 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38 | Name: _cls_cfgver Value: 201c2b80 |
|
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38 | Name: _cls_v Value: b057cf93-7e01-4394-a490-a0f987b82085 |
|
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38 | Name: _cls_s Value: ddca1fe3-1c5b-43b3-9cbd-55ef82665ffe:0 |
|
.doubleclick.net/ | Name: test_cookie Value: CheckForPermission |
|
.doubleclick.net/ | Name: ar_debug Value: 1 |
|
.doubleclick.net/ | Name: receive-cookie-deprecation Value: 1 |
|
dj92rw-5000.csb.app/ | Name: _cls_s Value: ddca1fe3-1c5b-43b3-9cbd-55ef82665ffe:0 |
|
.codesandbox.io/ | Name: _cfuvid Value: ObE6dDf18Q2w0dyJRRITLhnthvguHjsrnzsM5G3MxX0-1722653661697-0.0.1.1-604800000 |
|
.codesandbox.io/ | Name: cf_clearance Value: Z.JKWsPXrmfkxUm0lGaIpng0ngsWnDdh33vmZgGbZjA-1722653662-1.0.1.1-tJNzTPjxhr2VZAceVkrr2IpjrZrwkYrIfTAcboIVsvlJ6GqA_aQBCjLVf9fsdNQZkH7Evgdkz1y9zU21QMuDbQ |
15 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ad.doubleclick.net
adservice.google.com
ajax.aspnetcdn.com
cdnjs.cloudflare.com
codesandbox.io
connect.secure.wellsfargo.com
dj92rw-5000.csb.app
maxcdn.bootstrapcdn.com
media.tenor.com
resources.digital-cloud-prem.medallia.com
rubicon.wellsfargo.com
static.wellsfargo.com
udc-neb.kampyle.com
www10.wellsfargomedia.com
www15.wellsfargomedia.com
static.wellsfargo.com
www15.wellsfargomedia.com
104.17.25.14
104.18.11.207
104.18.28.19
104.18.29.19
104.18.6.184
142.250.185.66
146.75.121.230
152.199.19.160
172.217.18.6
2.17.100.169
2.17.100.179
2.17.100.249
23.45.105.91
23.67.137.87
2a00:1450:4001:830::200a
35.241.45.82
048b8ecdb2cb2166ad03340e093c456e40b4d7b11ef02c135a4d1e191b364e88
050e2aa89c3945fa04373c714347297146adebc89effa9e41c0df8090ba0ed51
052776ce5bb96d76cced9b9d9d5cc8ab2110e33eaba59f6cd3259642a83ff4d4
0b2af045acafbdf14516bf55f310568036ace959946d16edb1acebcd58029d22
0c53e7318d8096be6e2c2e0ce76a8afc741eea7d7742b07cae9a6bc3e3bc4c2b
13291c7a822148ddc4fa2d17b5076114d25f4707c3c44b2f9b5449ab9ab728c1
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1eb822991702356efc7f44c031eda1c3932396c708416befb0a7165f3e651692
1eeda03edbc2bb72ab44077bd30e718f3a9b2a2dcb493b9cc05976a2a1d7f2ec
2ce2384e7671e772be60c73edfa3aab7dc80d1462d7c5e4c5cf6a6e8c5156795
34d6af1ed862f62ede259dedabcadba6446c1e9182cd70b19c66cb3acedae93d
35a123b0b8141b43c0b645a6dd6cb749a050474cc52e91edb97f71f2cb64a391
3636799d3181248d5db968a7851b9aa972ea77f64b3cba9ce6b0a8933106c0c2
384f41d37d3a9be1a72e761589096fcce4119150ea81ead29ba758514d321e94
412d7679e90f175d2b2e29e7804d2544131d66577e212943defba9bf17ec0dc9
62575ab13c76dd901434c782bf0fe360ca100f517ebf4a7c650694a3ec5c4120
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
6aa606ed689e61a4c9c959c43e8b66eba4c943cbabfb39a8da74f4a3a0d24c44
6c771bd1c269646a76015f2f6410a40c031e5adea88f665bfe9ae15a972ab6ab
8c45c679f40c3f81c111fbf2398d568189c3ab34d8a9704ad225cd8efe1b819f
9c4cf53fef9222fc5d6659fa4b776fe20d64c46886c3d96547aaae16134afb2a
a516686d918dbcae3fe0309b18aae7a0715d66c754c73cef89a6c494c3a81780
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
adbca63acdee1261254ba7c9399650249a79e2d1f1e056108fd53eb21cfc7a73
b8325d272c72a041414d9fb349e9d4bca5e7fc8ad66f47a719e491960afa5683
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
c3da138d9164db792ba6876aa7582949c985b072ee1ac5de2b20fc60153226c0
d05c6eece255484babbedeb74b3a5b19daaa9763049e08362b82cfdf1fc8bfbe
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
de5f63b7382d3479f84e396eb2b19ea62be6a30a6292bbf5b95d46716be552c7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5816a040f78bd21a0a149637977c04c952c491111c5dcbec993fa91b4cb566c
fa7432fc26791d56392fbfe25f9335e46c7f0d85e772c7bf7ec2d62e6a3a8ce9
fc15bb4896d216769cf5e8b4ee14d4d6868b712cd06d32bd6ca6c94885bbcf78