Report - www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/

Report Overview

Submitted URL
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
IP
163.171.134.56
ASN
#54994 QUANTILNETWORKS
Submitted
2023-02-03 13:22:36
Access
Website Title
Final URL
Tags
wellsfargo financial phishing
urlquery detections
Phishing - Wells Fargo

Detections

urlquery
43
Network Intrusion Detection
0
Threat Detection Systems
94

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
www.google.no	25607	2016-04-05T21:50:59Z	2023-03-13T06:26:15Z	544 B	578 B	142.250.74.67
googleads.g.doubleclick.net	42	2021-02-20T16:43:32Z	2023-03-13T08:39:16Z	930 B	1.3 kB	172.217.21.162
connect.secure.wellsfargo.com	11812	2017-01-31T16:32:35Z	2023-03-13T06:46:24Z	2.5 kB	415 kB	95.101.10.194
stats.g.doubleclick.net	96	2013-06-10T22:21:11Z	2023-03-13T08:02:41Z	664 B	625 B	64.233.164.155
2549153.fls.doubleclick.net	30024	2015-01-13T00:13:33Z	2023-03-13T06:46:25Z	758 B	1.1 kB	142.250.74.6
adservice.google.no	96969	2018-06-20T01:38:38Z	2023-03-13T05:09:46Z	723 B	724 B	142.250.74.162
static.wellsfargo.com	12306	2015-03-14T23:03:25Z	2023-03-13T06:46:23Z	7.7 kB	527 kB	95.101.10.152
dpm.demdex.net	204	2012-05-22T07:45:05Z	2023-03-13T05:18:25Z	1.4 kB	2.3 kB	54.195.228.119
wellsfargobankna.demdex.net	10546	2017-02-13T10:09:43Z	2023-03-13T06:46:24Z	562 B	1.2 kB	54.171.68.161
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	67 kB	34.120.237.76
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	3.8 kB	7.7 kB	216.58.211.3
api.rlcdn.com	791	2018-09-26T07:12:06Z	2023-03-13T06:46:24Z	465 B	192 B	34.120.133.55
pdx-col.eum-appdynamics.com	4816	2018-10-26T09:20:40Z	2023-03-13T07:30:31Z	1.6 kB	36 kB	44.235.235.178
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-13T08:22:43Z	680 B	1.9 kB	172.64.155.188
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.0 kB	8.0 kB	23.33.119.27
www--wellsfargo--com--8n49329d48d6c.wsipv6.com	unknown	2022-08-14T23:45:45Z	2023-02-03T14:22:19Z	42 kB	694 kB	163.171.134.56
www17.wellsfargomedia.com	76964	2021-07-19T14:03:45Z	2023-03-13T06:46:23Z	14 kB	506 kB	104.110.27.78
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
tag-wellsfargo.nod-glb.nuance.com	25312	2018-12-12T21:59:35Z	2023-03-11T07:06:55Z	4.6 kB	16 kB	8.39.193.5
www.google.com	7	2015-05-10T13:11:19Z	2023-03-13T06:40:43Z	545 B	578 B	142.250.74.164
ocsp.dcocsp.cn	33518	2018-11-07T14:15:36Z	2023-03-13T06:54:43Z	338 B	945 B	79.133.176.230
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	2.4 kB	5.3 kB	93.184.220.29
rubicon.wellsfargo.com	11786	2019-12-17T21:15:25Z	2023-03-13T06:46:24Z	1.5 kB	3.0 kB	95.101.10.104
adservice.google.com	76	2021-02-20T17:10:48Z	2023-03-13T08:49:52Z	731 B	883 B	142.250.74.98
media-wellsfargo.nod-glb.nuance.com	28807	2018-12-21T18:46:00Z	2023-03-11T07:06:55Z	2.3 kB	398 kB	8.39.193.5
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	35.162.143.37
www.google-analytics.com	40	2012-10-03T03:04:21Z	2023-03-13T07:36:03Z	1.1 kB	550 B	142.250.74.110

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-02-02	medium	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/	Wells Fargo & Company

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-03	medium	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/	Phishing
2023-02-03	medium	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/4nZCCLdKTe/qWe_/p53y-w/wO5mfJtz/XltxfHBKBA/VC/ZFVR1TU0E	Phishing
2023-02-03	medium	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js	Phishing
2023-02-03	medium	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/ui/javascript/publicsite-ui/ps-global.js	Phishing
2023-02-03	medium	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single	Phishing
2023-02-03	medium	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/4nZCCLdKTe/qWe_/p53y-w/wO5mfJtz/XltxfHBKBA/VC/ZFVR1TU0E	Phishing
2023-02-03	medium	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/as/target/offers/conversations	Phishing
2023-02-03	medium	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/4nZCCLdKTe/qWe_/p53y-w/wO5mfJtz/XltxfHBKBA/VC/ZFVR1TU0E	Phishing
2023-02-03	medium	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js	Phishing
2023-02-03	medium	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/4nZCCLdKTe/qWe_/p53y-w/wO5mfJtz/XltxfHBKBA/VC/ZFVR1TU0E	Phishing
2023-02-03	medium	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA	Phishing
2023-02-03	medium	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/as/jsLog	Phishing
2023-02-03	medium	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/as/target/offers/dispositions	Phishing
2023-02-03	medium	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed
2023-02-03	medium	wsipv6.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (45)

	URL	Size	First Seen	Last Seen
	static.wellsfargo.com/tracking/ga/ga.js	49 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/tracking/ga/ga.js IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-08 03:26:09 Times Seen4882 Hash 8402e9ebdf9290c018b0617018227681 2d840fcd6c3008d9aca747ba0ce056b496db8e1b 0b2af045acafbdf14516bf55f310568036ace959946d16edb1acebcd58029d22 Loading...

	static.wellsfargo.com/tracking/ga/ga_conversion_async.js	36 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/tracking/ga/ga_conversion_async.js IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-08 03:26:09 Times Seen4900 Hash 0a40602db7616a31c9da4548ee920190 878e01cb0c90cb247aabc137327655a6fcffcbd5 6c771bd1c269646a76015f2f6410a40c031e5adea88f665bfe9ae15a972ab6ab Loading...

	tag-wellsfargo.nod-glb.nuance.com/tagserver/frame-bridge.js	28 kB	2023-03-08	2023-06-29
Pretty URL tag-wellsfargo.nod-glb.nuance.com/tagserver/frame-bridge.js IP 8.39.193.5 ASN #54396 NUANCE-MOBILITY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:41:37 Last Seen2023-06-29 15:24:08 Times Seen72 Hash fee3c44553151f3adad603f3fbf70081 91e1bf1b18c9b83fa36c17dd1567b85c653a0b12 2ca980db17561aeb7beece18426d664f0ab09675080cb9934f33c941c9bde5b8 Loading...

	media-wellsfargo.nod-glb.nuance.com/media/launch/tcFramework_jssdk.min.js?codeVersion=1674015550273	532 kB	2023-03-10	2023-03-29
Pretty URL media-wellsfargo.nod-glb.nuance.com/media/launch/tcFramework_jssdk.min.js?codeVersion=1674015550273 IP 8.39.193.5 ASN #54396 NUANCE-MOBILITY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 05:27:02 Last Seen2023-03-29 22:00:36 Times Seen46 Hash 55e7be3a505a9402ebd3164bf94c7316 d85ccdf4b799d0d72dfa8922cb0ab9be22c23d51 b54bffddea96813d8f31ae2bebc1990653283a9617a543d0c0b417f66c697f82 Loading...

	static.wellsfargo.com/assets/js/wfui/container/wfui-container-top.js	48 kB	2023-03-07	2023-05-21
Pretty URL static.wellsfargo.com/assets/js/wfui/container/wfui-container-top.js IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:04 Last Seen2023-05-21 08:37:02 Times Seen11 Hash adc6bafd6d346973c15f80f542fa008f ec1f94d5fe65f25d7119488ffc067446b7af82b9 7a17bf7ddc09f705c34b0bdefe2a12142ae1702bf904a731f48cd4652c1036eb Loading...

	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/	295 B	2023-03-07	2023-03-26
Pretty URL www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/ IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2023-03-26 13:02:55 Times Seen9 Hash 8f551706a91b8a4740f176a6271a2a3e 768e0f59a50d81e388651e0efcd26659c7424231 655f7384728ebc88dcc672fe093d5fab1ed28f9ca1b5a6004ea9c74edbf5a912 Loading...

	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/	49 B	2023-03-07	2023-03-29
Pretty URL www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/ IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:04 Last Seen2023-03-29 21:35:42 Times Seen10 Hash 9dc010e7b56b2574c973fb4ad46b4666 ff941ff2ebba382c97eb9c6241ded33e76b3f8c3 606e34582ec278a9d1f5cff8c942e8e97ecbd117817fbdaa755f8a910dbbd0d8 Loading...

	static.wellsfargo.com/assets/js/wfui/ndep/js/nuan-c2c.js	23 kB	2023-03-07	2023-06-29
Pretty URL static.wellsfargo.com/assets/js/wfui/ndep/js/nuan-c2c.js IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2023-06-29 15:24:08 Times Seen72 Hash f320653366aae1336b9a1c0547ea97b9 8c87c242b3bf13c2558679bd936123a5e6069da5 e02ff12dc676cc581ade44548d917c7df10e14c6a7b6373dbf1b67a7b352108a Loading...

	tag-wellsfargo.nod-glb.nuance.com/chatskins/launch/inqChatLaunch10006005.js?chatVersion=sdk	5.2 kB	2023-03-13	2023-03-13
Pretty URL tag-wellsfargo.nod-glb.nuance.com/chatskins/launch/inqChatLaunch10006005.js?chatVersion=sdk IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 01:57:34 Last Seen2023-03-13 19:21:28 Times Seen1 Hash f10b5a392c98a08c99d3bcbb5999304e d562f16db3fcd54261939052ac4416f5a6a7e917 1d96851e2908ba02019127cec6f87c66bb9d3c0957d6918638e0a8bcb75fe52b Loading...

	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/ui/javascript/publicsite-ui/ps-global.js	181 kB	2023-03-13	2023-03-13
Pretty URL www--wellsfargo--com--8n49329d48d6c.wsipv6.com/ui/javascript/publicsite-ui/ps-global.js IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 09:05:09 Last Seen2023-03-13 17:41:46 Times Seen1 Hash c7d02da8f9b82ada285bb93f6222324a c0ef72f69a06ee94ddc172c6d134df9488be6784 c1752544908fe90093c232355e9cce8dd27510d5af505814445ad2caf967deb2 Loading...

	static.wellsfargo.com/assets/js/wfui/ndep/websdk/nuance-websdk-loader.js	42 kB	2023-03-08	2023-03-13
Pretty URL static.wellsfargo.com/assets/js/wfui/ndep/websdk/nuance-websdk-loader.js IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:41:37 Last Seen2023-03-13 19:21:28 Times Seen1 Hash 4b567a90733070ba71971ee3e390d93f 53c1b3adcf6f237fcc01c86334353facbe5ccc35 525ee88b19f07036bf27010d9e625893322160c9166b5abc2a1f180909fd0355 Loading...

	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js	538 kB	2023-03-08	2023-03-13
Pretty URL www--wellsfargo--com--8n49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:03:38 Last Seen2023-03-13 19:24:38 Times Seen1 Hash 2527531002b85960239d82afa22c7acb 602fb4f7cec1213a27fca1773c78af27678475e4 58020c2639ef4df91190872d5dda8cb517fbdde491cb2fde718916b58f3b57d1 Loading...

	connect.secure.wellsfargo.com/auth/static/prefs/atadun.js	1.2 kB	2023-03-07	2024-03-23
Pretty URL connect.secure.wellsfargo.com/auth/static/prefs/atadun.js IP 95.101.10.194 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-03-23 06:17:56 Times Seen4751 Hash 566dda94252f1860a7a28665c715b530 6aa0455dc8ea41441b1f3a733985758dc40af736 43dd833f33570535401d009e6b6f9cde54bdac4e210fc6c89cfdcfcbaa9fc903 Loading...

	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single	11 kB	2023-03-13	2023-03-13
Pretty URL www--wellsfargo--com--8n49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:50:33 Last Seen2023-03-13 15:50:33 Times Seen1 Hash 3c93cac2b27f349368cb0adaffc3728d 334de6950e5fbb27568486912347ec92f7395cef f51fab605c1930b410c084f98d3d71eeae65fe8a898ca7bd391a503cba6b48cb Loading...

	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/	64 B	2023-03-07	2023-03-29
Pretty URL www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/ IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2023-03-29 21:35:42 Times Seen10 Hash e88d65752d67bb0e037e0ffa6f5a1aa4 b81fad1cfeaf6d8f814ce652e5005854568b8dcf 8372d98f256b905a0140ba0e9751f83959948a2e30ac17fa57909d3d0cfd87ed Loading...

	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/	281 B	2023-03-07	2023-06-29
Pretty URL www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/ IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:07:02 Last Seen2023-06-29 15:24:07 Times Seen11 Hash 81e631308ffaca8191e65e8877751a22 21bfc3f12b2f47a693e17856fb4fe1030f2672eb 10a64199e3bf2264d6ac247b5c55f8f6332eefc3e42db9a7c2a5004a5dc37b01 Loading...

	connect.secure.wellsfargo.com/jenny/nd	55 kB	2023-03-13	2023-03-13
Pretty URL connect.secure.wellsfargo.com/jenny/nd IP 95.101.10.194 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:50:33 Last Seen2023-03-13 15:51:21 Times Seen1 Hash 3051f6c409fb3065e7f03ef698f523fc 488ab2f721b53e6a05f6cfdc1dd6e174ddbbd985 d66e36efd638926e4ac850d9efdecb5e69a106f2894080b2b57a20dd153221a2 Loading...

	unknown	0 B	2023-03-07	2024-04-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 10:49:50 Times Seen36956791 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/	167 B	2023-03-07	2023-03-29
Pretty URL www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/ IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2023-03-29 21:35:42 Times Seen10 Hash 61a4caf53316d3210230c31c1883b3a3 2afb0e8b8d5f5501975e82f66d7ff35a9af4dad4 2715df517f54ac7a7e5d8ef102321aabfc88c1ee619cff4fcb5909a90aeb14cd Loading...

	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/	389 B	2023-03-09	2023-03-13
Pretty URL www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/ IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 20:53:41 Last Seen2023-03-13 19:21:28 Times Seen1 Hash e746b70c5b360869e1bd061f2cafc5a1 3dabecb606da71aa474a71479ac35c659277c607 32f05b5923c5af97665235b76b352949e2f39359dfff8087ae1a13de95b3ee2a Loading...

	connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.3851586290100275	272 kB	2023-03-13	2023-03-13
Pretty URL connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.3851586290100275 IP 95.101.10.194 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:50:33 Last Seen2023-03-13 15:50:33 Times Seen1 Hash fcac64ba56a45131d8fb1885ce1e03c2 adb3480f5c578450e2464021f97599b1a0525609 f1c116153fb3e4b67bcdd2f58b3884a7392160ce33f2a125d4a00cc131b5ab1e Loading...

	static.wellsfargo.com/tracking/ga/ec.js	2.8 kB	2023-03-07	2024-03-28
Pretty URL static.wellsfargo.com/tracking/ga/ec.js IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-03-28 17:41:50 Times Seen4661 Hash 0ae62a83927125e9b9dfa97f89af9d3f efb68f49f2b9b6b5567bf26a17015ede289e429d 618688d9849fef712931832c71e01be145d1791d6da917a702ab86a74ce66089 Loading...

	connect.secure.wellsfargo.com/PIDO/pic.js?r=0.016323468261771223	90 kB	2023-03-13	2023-03-13
Pretty URL connect.secure.wellsfargo.com/PIDO/pic.js?r=0.016323468261771223 IP 95.101.10.194 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:50:33 Last Seen2023-03-13 15:50:33 Times Seen1 Hash 867cb7c1b3796cffa606dba19cd21700 92b19a69a38203fa090e22af2541bebc4a72db9d 802ddc9102408c95cf94e7840bb476db4d6611961045278ab82e6c4cd3fc5da1 Loading...

	tag-wellsfargo.nod-glb.nuance.com/tagserver/postToServer.min.htm?siteID=10006005&codeVersion=1674015550273	21 kB	2023-03-07	2023-07-06
Pretty URL tag-wellsfargo.nod-glb.nuance.com/tagserver/postToServer.min.htm?siteID=10006005&codeVersion=1674015550273 IP 8.39.193.5 ASN #54396 NUANCE-MOBILITY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:04 Last Seen2023-07-06 01:44:31 Times Seen101 Hash ceff19d6f6c2b1a641348fe75922e31d 0f49f9408d2499018f89a9c651dbeb869120ae64 7455230adb5d30b14d3ce23c11e2937451ce1eecb55a592703bbcd2044711cea Loading...

	static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js	32 kB	2023-03-07	2023-11-04
Pretty URL static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2023-11-04 00:29:39 Times Seen29 Hash 162100f507af8b50f1406bf3fc405ce5 cf0a2bf9b914710962e0dd7899b93ba5ceb5134d e9a598a5cc23c24a8ecc364ed7413961e416f5e9ec3df513ad9a12cda625a279 Loading...

	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/	385 B	2023-03-13	2023-03-13
Pretty URL www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/ IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:50:33 Last Seen2023-03-13 15:50:33 Times Seen1 Hash d2c31252e82a90bc7c510e2bd3b91b74 917525f74626b73f7a63c99e24bec123da3781bf d531bc7a6282d26991db9543042a1c7b52afdca1aa9729d88eac0ef0ad797e94 Loading...

	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AIDAXBeGAQAAOqG99eNxqAzqDfSvdecwKuWuQd39tW1IRZIi2dSu96CH3Nzq&X-G2Q3kxs3--z=q	263 kB	2023-03-13	2023-03-13
Pretty URL www--wellsfargo--com--8n49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AIDAXBeGAQAAOqG99eNxqAzqDfSvdecwKuWuQd39tW1IRZIi2dSu96CH3Nzq&X-G2Q3kxs3--z=q IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:50:23 Last Seen2023-03-13 15:50:33 Times Seen1 Hash 42a297415c70b5566ca90d63e68e6696 b109a48493b49c68d4d70c669c43d6b1de28e86f 6481e869e1511568daae2acc76f850156c88df875d0dd3f5fa13d80788f56c5f Loading...

	static.wellsfargo.com/tracking/gb/detector-dom.min.js	440 kB	2023-03-08	2023-04-13
Pretty URL static.wellsfargo.com/tracking/gb/detector-dom.min.js IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:19:07 Last Seen2023-04-13 08:50:50 Times Seen267 Hash d980391562cb88335867228eb62355e0 ee7af0c08ee43ff66f6bba09c08852f7b3859a42 313c07f6e4facc5730db27563c4aeaad1a86126333d448e47c7b29adb1f806fd Loading...

	connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js	273 kB	2023-03-13	2023-03-13
Pretty URL connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js IP 95.101.10.194 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:50:33 Last Seen2023-03-13 15:50:33 Times Seen1 Hash 8bac23202432b208438619e00347074b b31ceff31f1d92e89eb421f66abe11eb167896fd fd7cd814e6bb727802049bdcbf747401623df2cc0192989d57bfa5600bafb500 Loading...

	media-wellsfargo.nod-glb.nuance.com/media/launch/sdkChatLoader.min.js?codeVersion=1674015550273	7.1 kB	2023-03-07	2024-03-28
Pretty URL media-wellsfargo.nod-glb.nuance.com/media/launch/sdkChatLoader.min.js?codeVersion=1674015550273 IP 8.39.193.5 ASN #54396 NUANCE-MOBILITY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2024-03-28 17:44:18 Times Seen68 Hash 91a3833ccffbae0b31a6cca516216880 9284e1bb265d09e17e10407f280072b9d938bec5 182475449b1dc308c4d183fe50d348ab2f4e882aac99c0945762629c9fe65f9d Loading...

	media-wellsfargo.nod-glb.nuance.com/media/launch/site_10006005_default_helper.js?codeVersion=1674015550273	448 kB	2023-03-13	2023-03-13
Pretty URL media-wellsfargo.nod-glb.nuance.com/media/launch/site_10006005_default_helper.js?codeVersion=1674015550273 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 01:57:34 Last Seen2023-03-13 19:21:28 Times Seen1 Hash 1789292f06b653cbd3de4b14061d04fc c59aff2ff7d13c29b6e30fd487a4db966f904f5d 1fdc21301ad224f64b50047230a017c6cde0aa5b5e17a59ab3da8042915b782a Loading...

	media-wellsfargo.nod-glb.nuance.com/media/launch/site_10006005_default_jssdk.js?codeVersion=1674015550273	145 kB	2023-03-13	2023-03-13
Pretty URL media-wellsfargo.nod-glb.nuance.com/media/launch/site_10006005_default_jssdk.js?codeVersion=1674015550273 IP 8.39.193.5 ASN #54396 NUANCE-MOBILITY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 01:57:35 Last Seen2023-03-13 19:21:28 Times Seen1 Hash a4411526dd79cc022057ac7ae2b447ad 872523c11e907c2241a4a0faa01dcb2e09c3af3f 587c3660ab03d4c4bcc418ccb456d93f0cf2d7237c8350a6bbee7c2a25559deb Loading...

	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js	56 kB	2023-03-13	2023-03-13
Pretty URL www--wellsfargo--com--8n49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 04:40:03 Last Seen2023-03-13 21:00:17 Times Seen1 Hash 028a0ec60337d7d6a49c6baacaa801e6 cfd612e1bbeeda3696a9cc52503e13fa2ab72706 05ff4533e59b921ef2faff5383e4153068835d2cb0011300dec251779ef29883 Loading...

	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/	695 B	2023-03-07	2023-03-26
Pretty URL www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/ IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:04 Last Seen2023-03-26 13:09:33 Times Seen18 Hash 899837b2f1e8a81797ae37ad361488d3 0f4abcaeceb40790ea9341b6f43328a983e8428f ab4f57987919925eaadb2fa2eb5e82798300b1b7aaab2066b875f8cded107873 Loading...

	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/	125 B	2023-03-08	2023-03-26
Pretty URL www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/ IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:41:37 Last Seen2023-03-26 13:02:55 Times Seen9 Hash 668ad28e78f3c05f20604f4d567e10fd 8b5c217dc88f278a8f74f4b4a33b2426179798e5 2b324682fd8e2393e454b49853d695195f58ab1f35e61ecd69063699d47896b9 Loading...

	static.wellsfargo.com/tracking/hp/utag.js	206 kB	2023-03-13	2023-03-13
Pretty URL static.wellsfargo.com/tracking/hp/utag.js IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:28:05 Last Seen2023-03-13 22:20:55 Times Seen1 Hash efd2380ecf94446243bd3502483359fb c7cc23288e4d64e43a6e12b12a914eb7927e8e28 46a101f6a8cd0c3d3b1e9a30a9f3aafff13a9b47d6dae277a493cfe12fa0c844 Loading...

	static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js	2.0 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-08 03:26:08 Times Seen4778 Hash e7cf4c458b327ab7ed31e0936ccd404f 970bf05073f91ad6b8f21521f7c9886f71f2af1d 52b687a685d2239142be0db5335c5710951ba8c2b39a44431a40f156b4d9312d Loading...

	static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js	45 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-08 03:26:09 Times Seen4864 Hash 5f310e2e2a558d76b916e137aee73462 c7ff0190c9c2c414321211f3863e9e27f32b713e 385196f0fce7cea80c2c99d971780ecb73df9dea6e5b2d95d19df3aa849c7b1f Loading...

	connect.secure.wellsfargo.com/AIDO/glu.js	70 kB	2023-03-13	2023-03-13
Pretty URL connect.secure.wellsfargo.com/AIDO/glu.js IP 95.101.10.194 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:50:33 Last Seen2023-03-13 15:50:33 Times Seen1 Hash 7ab866ab32352039c7ea72db843aa706 1bc3a1a435226ce14146e762336cead1220a25d1 bcb26c96e1b40a29009927c6c244f513158678dd87f5181caf00dbb3dc5af44e Loading...

	connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBPZnl0N1ZoOEdkaFBBV3RvMmlHZzVBbkxBMVlFZnBPTStJSHYrVUV0SGdhdkJtRzZsclFBa2tyRzNGOU1QL2tWTE4xWmgxeEprNTZ3UzNERWRWeTRleURndkxaNzhYb2JvblkrNEtZSXRkd0xYbUdnNmU0RTV6UVM4NUVnTmJQNTFCeWxxenhLYTdCeDBjaEZaM3RjcEdXOFc0dkJ2SG83d3NZVTczMkN1UlVpVG02RGhwVmJyWEV0VUxIQ0E5UjY4eU1FcnE2QzBHcFdBSGhmRDdwZkRiMERJY2xvRy93QThBWnUrajBSRHRIdi83MzRVUlAwWlpEWURCYmt3dnZTWThxTzRQcExuY2NEUUEvdHFaelVjZVlJSXNRSWdIOVM1RG5ITlBZcmF6eFlrYjhlbE9XWVVXTlAvNHVJdFVHbldjTmpVRXdPTVF2bkQ3VUhyYTFucWJHZmlHM0N4RmU3OVhtVm5pSGd0TFlQRjlFVEVFN3hVYUY0RnVWdmNuNnRYcjJ0MnZIbUtleDNhYzJ4THR4ODhsMG18OTY0OGI0MzRmMzMzYTYwMDQ2ZTMwZDI5ZmI2MGNiMzIxZDE0NDkyMzlmYjg4MzFiYzQzNDUyYmQ0MWYwZmU4ZGFhMzNlNWMxOTU3NzE3MTQyMGY1YjMzMDBiNTBiYWY0YjU5YjJiODAxMGNjMzM5M2RhMzIwNjIwZGUyMzVhMmJmYTAwOTQzN2E0NjNjMjkyOWIxNDBjN2IzZGFjMWQ0ZTA3YTU5NWU2NzU3MzhkMmIwYzAwNGIwNTFjNTllZmQ0NWFkNThhMWI3Mjk3MGFjOGNjZmQzM2ExNzM1NmFjMGMzMGQ0NWVhMDUxNDcwMTUwOWQ0NjQ4ODRmNDE2MjM2ZTBmNzVjNWY1OGJmMTc0MmFiMTA1ZmMwNWZhYWY3NDY0NWRkNWQzZTRmYjhmNDhiOWVkMjk0OWYyZDViODk1YzdjMzZkNjMxZTIxZmFmNDRiMDJiMzkxY2ExYTYwYzI2MzkxYmVmOTI0YzdjYTQzZTZiNGE5ZGEzYTI1NGVlMDU2M2JmNGIxMjg2YTE2NmExZmZkZTBhNDMzYTFkNDc0ZDQ1MzFkNjE0NmYwZTI2OTdlMjExMzk2ZTJiNGNlNzhmMDE1YjNjYzRkM2RmMTUyZDkyMWNhOWJmZjhkYjlhNTRiNjY5YWUwMWM0MzJhNDRhYTNhZTQ2ZmEwMTdjNmU2NGJ8MDBlZTBiNjJlY2FhYzg5Zg%3D%3D&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com&t=jsonp&c=vbgvtnherfpblzvo&eu=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F	90 B	2023-03-13	2023-03-13
Pretty URL connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBPZnl0N1ZoOEdkaFBBV3RvMmlHZzVBbkxBMVlFZnBPTStJSHYrVUV0SGdhdkJtRzZsclFBa2tyRzNGOU1QL2tWTE4xWmgxeEprNTZ3UzNERWRWeTRleURndkxaNzhYb2JvblkrNEtZSXRkd0xYbUdnNmU0RTV6UVM4NUVnTmJQNTFCeWxxenhLYTdCeDBjaEZaM3RjcEdXOFc0dkJ2SG83d3NZVTczMkN1UlVpVG02RGhwVmJyWEV0VUxIQ0E5UjY4eU1FcnE2QzBHcFdBSGhmRDdwZkRiMERJY2xvRy93QThBWnUrajBSRHRIdi83MzRVUlAwWlpEWURCYmt3dnZTWThxTzRQcExuY2NEUUEvdHFaelVjZVlJSXNRSWdIOVM1RG5ITlBZcmF6eFlrYjhlbE9XWVVXTlAvNHVJdFVHbldjTmpVRXdPTVF2bkQ3VUhyYTFucWJHZmlHM0N4RmU3OVhtVm5pSGd0TFlQRjlFVEVFN3hVYUY0RnVWdmNuNnRYcjJ0MnZIbUtleDNhYzJ4THR4ODhsMG18OTY0OGI0MzRmMzMzYTYwMDQ2ZTMwZDI5ZmI2MGNiMzIxZDE0NDkyMzlmYjg4MzFiYzQzNDUyYmQ0MWYwZmU4ZGFhMzNlNWMxOTU3NzE3MTQyMGY1YjMzMDBiNTBiYWY0YjU5YjJiODAxMGNjMzM5M2RhMzIwNjIwZGUyMzVhMmJmYTAwOTQzN2E0NjNjMjkyOWIxNDBjN2IzZGFjMWQ0ZTA3YTU5NWU2NzU3MzhkMmIwYzAwNGIwNTFjNTllZmQ0NWFkNThhMWI3Mjk3MGFjOGNjZmQzM2ExNzM1NmFjMGMzMGQ0NWVhMDUxNDcwMTUwOWQ0NjQ4ODRmNDE2MjM2ZTBmNzVjNWY1OGJmMTc0MmFiMTA1ZmMwNWZhYWY3NDY0NWRkNWQzZTRmYjhmNDhiOWVkMjk0OWYyZDViODk1YzdjMzZkNjMxZTIxZmFmNDRiMDJiMzkxY2ExYTYwYzI2MzkxYmVmOTI0YzdjYTQzZTZiNGE5ZGEzYTI1NGVlMDU2M2JmNGIxMjg2YTE2NmExZmZkZTBhNDMzYTFkNDc0ZDQ1MzFkNjE0NmYwZTI2OTdlMjExMzk2ZTJiNGNlNzhmMDE1YjNjYzRkM2RmMTUyZDkyMWNhOWJmZjhkYjlhNTRiNjY5YWUwMWM0MzJhNDRhYTNhZTQ2ZmEwMTdjNmU2NGJ8MDBlZTBiNjJlY2FhYzg5Zg%3D%3D&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com&t=jsonp&c=vbgvtnherfpblzvo&eu=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:50:33 Last Seen2023-03-13 15:50:33 Times Seen1 Hash 6020f763e88dc0e72809824d6596402e 322069410b87e2fc33e2020c887aafd41b74bcbe 736d3e0ea4955efc79128a054a9729a070cbf94675f4505dbb59a9d4c32ed699 Loading...

	static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js	48 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-08 03:26:09 Times Seen4875 Hash aeccb854b0a76aa9f478e466c8011b29 625d31cbeb8978cf2419f58d14bba92a42dbb45c 7f0d10bc282c3d7b0eb4d7527303490f8d3b86a1c65e293c2d9f0793006441e6 Loading...

	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/	66 B	2023-03-08	2024-04-08
Pretty URL www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/ IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:41:37 Last Seen2024-04-08 03:26:08 Times Seen35 Hash b679714ddcbf292ed8e3d66e056cfbb4 2b741ae2946b86af705a271c5e7231aa3630035b b970e0f8d8f44672e2998d0a366ebb0eee18ac1048a16db57906df6635377762 Loading...

	www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/	64 B	2023-03-07	2024-04-08
Pretty URL www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/ IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2024-04-08 03:26:08 Times Seen57 Hash 2a7270f6787f0239e01ea8dab902b4da 19e78f37d5519902983822ca8bc8d89e2ad334bf a9e82d70d13300dfc269e01d630de6a93d94dbdf3637c7e29cfa6594737e0797 Loading...

	static.wellsfargo.com/assets/js/wfui/ndep/js/nuan_websdk_bootstrap.js	149 kB	2023-03-08	2023-05-10
Pretty URL static.wellsfargo.com/assets/js/wfui/ndep/js/nuan_websdk_bootstrap.js IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:41:37 Last Seen2023-05-10 14:57:32 Times Seen65 Hash 298ef372a1456ccb70ec28a8d34286d5 eb899110cd52492d73700e4f6a8a8b69de1f6c4a 6335202de7afbdb826ddbf8d91220ad146b8d98e4cf14e8d09ab24c3545fe713 Loading...

	static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1	117 kB	2023-03-08	2023-09-21
Pretty URL static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1 IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:36:56 Last Seen2023-09-21 03:50:16 Times Seen11701 Hash 91c536ff4d2c8db1822702f866e60b08 3370d3721e28923f099da1985f718a88015975aa d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a Loading...

HTTP Transactions (154)

URL IP Response Size

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2807
Expires: Fri, 03 Feb 2023 14:09:11 GMT
Date: Fri, 03 Feb 2023 13:22:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13821
Expires: Fri, 03 Feb 2023 17:12:45 GMT
Date: Fri, 03 Feb 2023 13:22:24 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 03 Feb 2023 12:36:10 GMT
content-type: application/json
age: 2774
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7d2222d41721947297aaeb5a6e3d0714
04cc1ee417c8bf6338657fd4c2e4e1c1ddfd3065
de0e45969a2ad95e52f7e2fbd0d021d9075dd7b14666c929346efe111f648f7c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE0E45969A2AD95E52F7E2FBD0D021D9075DD7B14666C929346EFE111F648F7C"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16188
Expires: Fri, 03 Feb 2023 17:52:12 GMT
Date: Fri, 03 Feb 2023 13:22:24 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: fHV88K7FKjlfg6ipTtyTz0WLecLcsUeGrVhZ2rPdOAFCyWi+FaGYmrsTZ4lIk7wX1SK+g+OkULI=
x-amz-request-id: BWF58KDZCTKA0KXT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 03 Feb 2023 12:52:25 GMT
age: 1799
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 13:22:24 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.dcocsp.cn/

79.133.176.230

200 OK

471 B

URL HTTP/1.1
ocsp.dcocsp.cn/
IP
79.133.176.230:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
471 B (471 bytes)
Hash
6e1d0982c3bc2881d8543151e8cf5721
e124faac2dd65c55e4262f8fbcbc7521907996d1
68da2915f4f501546c3bac3d0ef0eba083addd4d8fdaa4769a542869d0886a2c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Fri, 03 Feb 2023 12:58:27 GMT
Ali-Swift-Global-Savetime: 1675429107
Via: cache21.l2de2[0,0,200-0,H], cache2.l2de2[0,0], cache1.gb1[13,13,200-0,M], cache1.gb1[14,0]
Age: 1437
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Fri, 03 Feb 2023 13:22:24 GMT
X-Swift-CacheTime: 2163
Timing-Allow-Origin: *
EagleId: 4f85b09516754305443497649e

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 03 Feb 2023 12:49:06 GMT
age: 1998
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13719
Expires: Fri, 03 Feb 2023 17:11:03 GMT
Date: Fri, 03 Feb 2023 13:22:24 GMT
Connection: keep-alive

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/

163.171.134.56

200 OK

17 kB

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1566), with CRLF line terminators
Size
17 kB (17228 bytes)
Hash
6b0e7f5036d63daf1ca74f830352d935
6c612b2cf80f8de4f34ed849d713c44307cbec91
d6697485d35f1110340347108ee1fc77e7317d0b14c18c3ec836d1f32ce391dd

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /es/biz/ HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:24 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 17228
Connection: keep-alive
Expires: -1
Cache-Control: no-cache, no-store, max-age=0
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-887deb4b-e995-4557-a1b4-6bc43f2a52a7' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Content-Language: en-US
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Akamai-Transformed: 9 20360 0 pmb=mTOE,1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:fae6e9df-3ca7-4cef-9763-24339db9fbbd; Expires=Fri, 03-Feb-2023 13:22:54 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:0|g:fae6e9df-3ca7-4cef-9763-24339db9fbbd|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 03-Feb-2023 13:22:54 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 03-Feb-2023 13:22:54 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:491115; Expires=Fri, 03-Feb-2023 13:22:54 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=D4DE85BE6B2024CB8A9BC1CBB112B986; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=ES; Domain=.wellsfargo.com; Expires=Sat, 03-Feb-2024 13:22:24 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120230203052224886989156; domain=.wellsfargo.com; path=/; expires=31 Jan 2033 13:22:24 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=; path=/; Httponly; Secure
WesdAksn=A3xEcReGAQAAotWGVkG60HC888t72c83pvBQfZXPFwy3b-9E12zABPE_vtWMAaOrhiucuDv8wH8AAEB3AAAAAA|1|0|78d9030a4bf8ca0377f0580e39e73fc542c7e87c; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=cHlzej+trZk4euLjb%2fA9L3734PKxkrKkl37TKkDnhzs%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:24 GMT;Httponly; Secure
_abck=A0A156CC67DDC220D35A76A3044C2E80~-1~YAAQvWpkXxa0QsWFAQAAp0VxFwlRYRck4qDaFp90BgvnmhyRexEIb2t2eh5RUGOCoFdu0JoOVkydDE2tf0dn1lI96Fj+cMDe/7IqRsVszn2sH/9BbMnn9Le8oan/C0qgsFWQcTTJs0NBTRG1Bz/FxLlq0tCOzfmloZOQv7MLXPRmIsYMdhUm9NNl3qcy3XD+ck7b/LLu7HRmDwihn1VAhopqgEPo7gLS5kgse4T8F4apkdCqQinIQMXQwB8T3CKZiN5Ai75OoOQmSHZuBVTgFtKJQAeN/zPZYVGpaf6idCwQxdQMdzMGZmfk2cbeLdfgVMzjIYbn73c0nAyArq+atTWMhgsF51BlHQ4iBEN7MtyeYHIwUhmgEa7qDxlOY9ValQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 03 Feb 2024 13:22:24 GMT; Max-Age=31536000; Secure
bm_sz=6E63BBAF7E206880DB74392DD3CCF87C~YAAQvWpkXxe0QsWFAQAAp0VxFxJQBJ0bX0Po2EEIx+H82ayC99Tk/PdPhevqVjJ9KtksyGam5Dkzl7xbzZZbNLdw87ddOvfBlxZyHfF9KYnQh86CeGdP9q8D2xf91xs49fw0Rs6FaZlslXOia9nH+EO+p89kkR7dmuPTMiTq7uFQTaIpYHcA6TFVXv4OB5ib+JwdPzTD+iIoOlDTm9r8UesfYCoT73HpYAbxZwanbCtrDgXtQg2tQnm3ogsQ/Yo8xn5wjsnXXUtxw6tpBsGf1WhNCOotC9V2rZstoln91wlKx5/fcDPL~3355704~4342839; Domain=.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 17:22:24 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a90_VM-ARN-01cnE31_15583-40236

www17.wellsfargomedia.com/assets/es/images/rwd/wf_logo_220x23.png

104.110.27.78

200 OK

1.7 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/es/images/rwd/wf_logo_220x23.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.7 kB (1710 bytes)
Hash
c5f6eb132665afa77e8ac7a1a707e951
70d65ab0dcfaace4c1d8bbb772af4fd7c6f66c80
0d7727e08780a04f9c86fca16ed264664eea2b161744cfb70836880bf04fc1ac

HTTP Headers

GET /assets/es/images/rwd/wf_logo_220x23.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61c392e6-10c2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 1710
content-type: image/webp
cache-control: private, no-transform, max-age=1156067
expires: Thu, 16 Feb 2023 22:30:11 GMT
date: Fri, 03 Feb 2023 13:22:24 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_gettyimages-691573493_1700x700.jpg

104.110.27.78

200 OK

25 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_gettyimages-691573493_1700x700.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x423, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
25 kB (24624 bytes)
Hash
73d5e0b0076f087b0878d8d90308b115
6af270bc7003c54dcff68b2b283c43799bc85abc
490dbbb001e913bcb03b5b1099174db6ff6ff1fe8396f2ab44e63c29899f1168

HTTP Headers

GET /assets/images/contextual/responsive/hpprimary/wfi_ph_gettyimages-691573493_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61fc441a-17f0e"
last-modified: Thu, 14 Jul 2022 02:03:05 GMT
server: Akamai Image Manager
content-length: 24624
content-type: image/webp
cache-control: private, no-transform, max-age=1191819
expires: Fri, 17 Feb 2023 08:26:03 GMT
date: Fri, 03 Feb 2023 13:22:24 GMT
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7a47d89b5a5a0dfafc1c39b009df32ab
253bf6799cf2ca9ae34c639145f4d24c375ff52d
e0d668a5c7809779f6259271518f10c0c8c1d40dac230e18e638a89c4b1a7740

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1453
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:22:24 GMT
Last-Modified: Fri, 03 Feb 2023 12:58:11 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7a47d89b5a5a0dfafc1c39b009df32ab
253bf6799cf2ca9ae34c639145f4d24c375ff52d
e0d668a5c7809779f6259271518f10c0c8c1d40dac230e18e638a89c4b1a7740

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3034
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:22:24 GMT
Last-Modified: Fri, 03 Feb 2023 12:31:50 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7a47d89b5a5a0dfafc1c39b009df32ab
253bf6799cf2ca9ae34c639145f4d24c375ff52d
e0d668a5c7809779f6259271518f10c0c8c1d40dac230e18e638a89c4b1a7740

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3546
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:22:24 GMT
Last-Modified: Fri, 03 Feb 2023 12:23:18 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/4nZCCLdKTe/qWe_/p53y-w/wO5mfJtz/XltxfHBKBA/VC/ZFVR1TU0E

163.171.134.56

200 OK

73 kB

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/4nZCCLdKTe/qWe_/p53y-w/wO5mfJtz/XltxfHBKBA/VC/ZFVR1TU0E
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
data
Size
73 kB (72934 bytes)
Hash
c6dd15c3ee5a4bcd9d8e8a0c3d52fd41
ebba299bae409a0681ee4e00cc72c1458f73e049
ead22de7b5e9317ca777f867211c757f63e6efee96eab3baa6f9126e39a78659

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /4nZCCLdKTe/qWe_/p53y-w/wO5mfJtz/XltxfHBKBA/VC/ZFVR1TU0E HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:24 GMT
Content-Type: application/javascript
Content-Length: 72934
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 18:21:50 GMT
ETag: "c065b170d98e55180d9d0ec22203687e78580f5a9c71964c6b1b97f01595bfe0"
Content-Encoding: gzip
Cache-Control: max-age=21600
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=MB2c9BIWec2riIFNQHARJg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=4D59077DC7E02D40531F9C5A223CCE52~-1~YAAQjGpkX5/5vMKFAQAAQkZxFwmgpq6S9o3p74Gqqwzf0Gk+nK45qwJbPx832JcOw6Wc7WexSmmJMRZQNYFd49oWT+moMqYRZvI+6QHQs8kUvA9lUJ/8Z1ZIxooWwoa9NnPL5DU1XKCn948ZqWfRwzRtLMs6PStveyrjInND9hBXoedpHgYmyLSFH9wyqRCaBkzk2FfWMa0l7vyMF/lwiBHGV5QEkFGsWMjK4IzJp+yeAJgnwVPBc7h0j82d7vjA9IEzroGuegDiSwYFzNUjOibP0FUO68Ww6/DL4EynaUv1VjfeWObyXPAYePlfU0ZHIcCcdH1kbzCTfnUgbWNBPrSKX9nKjb1Xn85aIde3cy9uRkRnzVDBotg6zn0rmcFXnw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 03 Feb 2024 13:22:24 GMT; Max-Age=31536000; Secure
bm_sz=B8531E8AEF64CC4DA443427F0AB2D4DF~YAAQjGpkX6D5vMKFAQAAQkZxFxLJ8x6S/cxN8+EyXKE1I9Hijps0knadnUZp7x3awyU3RB4BRi0vNmYFAqNHDm18hIuMXBbtlqkohXINZ9c4qGsTzZMg4q0ecjx1zA079xGaZCtvzfRzXTWbW+S7JI+md4DDhSjhjkelVMitCo7zUgZ2GCkc+lNGClEse/wIcIuLOZ4T+ja/s8dB0sLwaDtn7a5msV7WXwaP5QvC7868fBPaZNv4jpuGDOhh4Q6ugPoTjWghGH7bpzoBAbghrSaPSM3xdLa18Kotnl3OjuYJNMAw7MlL~3355704~4342839; Domain=.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 17:22:24 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01cnE31:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a90_VM-ARN-01cnE31_15497-37610

static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js

95.101.10.152

200 OK

11 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
Unicode text, UTF-8 text, with very long lines (31790)
Size
11 kB (11076 bytes)
Hash
6d79a0dbc6ea2602aa38bbf53e43124e
8b53e45df3e4aea81cbfaa90081f6795bcfe39fc
d2aa003ecdd6c31e12964104bd23498a60e94fa2d163c6d1ff285db59f61bb6a

HTTP Headers

GET /assets/js/wfui/container/wfui-container-bottom.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Sat, 12 Feb 2022 17:58:28 GMT
Vary: Accept-Encoding
ETag: W/"6207f544-7c61"
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 11076
Date: Fri, 03 Feb 2023 13:22:24 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=JLyN20URReYqawFXzdsMLg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/assets/js/wfui/container/wfui-container-top.js

95.101.10.152

200 OK

17 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/container/wfui-container-top.js
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
Unicode text, UTF-8 text, with very long lines (48287)
Size
17 kB (16778 bytes)
Hash
a75fd8e10b107df2ef26038f1783ac4e
b27d8fc62fd83f944d638b93140ec05bd050ded4
9baeb568dd185db9aeaefd009c3778e3fe04b59acfa6c04fe96bdf608c8f2299

HTTP Headers

GET /assets/js/wfui/container/wfui-container-top.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Sat, 13 Aug 2022 13:50:11 GMT
Vary: Accept-Encoding
ETag: W/"62f7ac13-bcef"
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 16778
Date: Fri, 03 Feb 2023 13:22:24 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=7v49mZop8h%2fL491ieKN%2fgA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/ui/css/publicsite-ui/ps-global.css

163.171.134.56

200 OK

26 kB

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/ui/css/publicsite-ui/ps-global.css
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
ASCII text, with very long lines (65536), with no line terminators
Size
26 kB (26114 bytes)
Hash
2fa7fc2a6e81e8690f742b8c860787ca
bc1311f6f618fc318089767b6681ed007ba77625
5e4a87e0724000f577a071c64bb8dd65ef6823e675ff9cd9a146b2e8111f3682

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo
quad9	Sinkholed

HTTP Headers

GET /ui/css/publicsite-ui/ps-global.css HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:24 GMT
Content-Type: text/css
Content-Length: 26114
Connection: keep-alive
Expires: Fri, 03 Feb 2023 06:31:07 GMT
Last-Modified: Tue, 13 Dec 2022 16:55:42 GMT
ETag: "6398ae8e-32094"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VMdgflkfFRA2wp48:1 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a90_VM-ARN-01cnE31_15467-36975

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js

163.171.134.56

200 OK

18 kB

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
Unicode text, UTF-8 text, with very long lines (31326), with NEL line terminators
Size
18 kB (17856 bytes)
Hash
3c62755a932398b8a5d7d8cde9413fb3
8e0c91ea864ec3f0ff9385d6ddc6eb2c0987f8d4
980ef0d6507b3822543dff672ffcb8f9a51930638d23f417daaea928695881ae

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /ui/javascript/homepage-ui/homepage_iaoffer.js HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:24 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 17856
Connection: keep-alive
Expires: Fri, 03 Feb 2023 12:37:08 GMT
Last-Modified: Tue, 13 Dec 2022 16:55:38 GMT
ETag: "6398ae8a-d8e9"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01uY9168:5 (Cdn Cache Server V2.0), 1.1 VM-ARN-01XDr43:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a90_VM-ARN-01cnE31_15569-59878

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/ui/javascript/publicsite-ui/ps-global.js

163.171.134.56

200 OK

58 kB

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/ui/javascript/publicsite-ui/ps-global.js
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
Unicode text, UTF-8 text, with very long lines (65500), with no line terminators
Size
58 kB (57869 bytes)
Hash
3856ea0ad1e7ec4cdc112a9b6c68d2c9
e4557e1e0b57d124df4057c40bd424828eace3dd
484415bb3a1847027c03ccccbb21812d33727d9b40b86b2cf6a7e07b9ffc11f1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /ui/javascript/publicsite-ui/ps-global.js HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:25 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 57869
Connection: keep-alive
Expires: Fri, 03 Feb 2023 06:31:07 GMT
Last-Modified: Tue, 13 Dec 2022 16:55:42 GMT
ETag: "6398ae8e-2c19a"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VMdgflkfFRA2wp48:6 (Cdn Cache Server V2.0), 1.1 VM-ARN-01XDr43:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a90_VM-ARN-01cnE31_15447-42692

push.services.mozilla.com/

35.162.143.37

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.162.143.37:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +yqrRrn0Ks/v9YdafUQjvA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: vMVdBER30IJLu2lq21WmLudJTU8=

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single

163.171.134.56

200 OK

4.3 kB

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
ASCII text, with very long lines (9269)
Size
4.3 kB (4282 bytes)
Hash
c1cf84a2fa2f2ee41e223643a6d72ed4
bf7ded709838df2cf4495aa627882413274a1a37
e03d86a95b16578712c719145c16b43c8d8a439a37cfac7ff33383e1396ba8a2

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /auth/login/static/js/general_alt.js?single HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:25 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 4282
Connection: keep-alive
Content-Encoding: gzip
Expires: Fri, 03 Feb 2023 13:22:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A3RGcReGAQAAabhcxgNzIcYgAZF8Fz2V2Wou4TELqkL7V51V6Hme94Y11GJ7AaOrhiucuDv8wH8AAEB3AAAAAA|1|0|cafc9b4216688d73d15a01fec44dc9e73d10d3b7; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=maVKiFKOMIV2gWh0pnbNAkk0ZCrZ5jnjhwA8JfPTZoefPtiP6WBV2NeiQP20tpKV; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:24 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a90_VM-ARN-01cnE31_15583-40247

www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png

104.110.27.78

200 OK

49 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 1187 x 406, 8-bit colormap, non-interlaced\012- data
Size
49 kB (48569 bytes)
Hash
4576998e5446061faba47c4c609823e0
3beff60a8beab6ef65403e7bc02f996509c737a2
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39

HTTP Headers

GET /assets/images/sprite/responsive-sprite-v7.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 48569
last-modified: Thu, 21 Jul 2022 20:04:58 GMT
etag: "62d9b16a-bdb9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=2732243
expires: Tue, 07 Mar 2023 04:19:48 GMT
date: Fri, 03 Feb 2023 13:22:25 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2

104.110.27.78

200 OK

22 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Size
22 kB (22424 bytes)
Hash
0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc

HTTP Headers

GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=10270797
expires: Fri, 02 Jun 2023 10:22:22 GMT
date: Fri, 03 Feb 2023 13:22:25 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2

104.110.27.78

200 OK

23 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Size
23 kB (22600 bytes)
Hash
83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba

HTTP Headers

GET /assets/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5848"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=10270801
expires: Fri, 02 Jun 2023 10:22:26 GMT
date: Fri, 03 Feb 2023 13:22:25 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2

104.110.27.78

200 OK

22 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Size
22 kB (22172 bytes)
Hash
f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704

HTTP Headers

GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=10113974
expires: Wed, 31 May 2023 14:48:39 GMT
date: Fri, 03 Feb 2023 13:22:25 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2

104.110.27.78

200 OK

22 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107\012- data
Size
22 kB (21636 bytes)
Hash
1a2740c8df445989e4ee5f5396b6474c
a3f8545619fdd5b2a481952cd9e2c7b169bb43a6
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc

HTTP Headers

GET /assets/fonts/wellsfargosans-lt.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 21636
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5484"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=10270786
expires: Fri, 02 Jun 2023 10:22:11 GMT
date: Fri, 03 Feb 2023 13:22:25 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/4nZCCLdKTe/qWe_/p53y-w/wO5mfJtz/XltxfHBKBA/VC/ZFVR1TU0E

163.171.134.56

201 Created

18 B

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/4nZCCLdKTe/qWe_/p53y-w/wO5mfJtz/XltxfHBKBA/VC/ZFVR1TU0E
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

POST /4nZCCLdKTe/qWe_/p53y-w/wO5mfJtz/XltxfHBKBA/VC/ZFVR1TU0E HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2790
Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 201 Created
Date: Fri, 03 Feb 2023 13:22:25 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=F7P0rVM2d+2jBMpcL0NpUA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=F7P0rVM2d+2jBMpcL0NpUA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=FFC04208CFB83A36FD06112C0A3F546C~-1~YAAQjGpkX6L5vMKFAQAAgUdxFwlqpWZvCGc19piHBzUx+TjWyvGak+Bz2iPj5L5d1rkoYqtd7ZlR40XM25K1racmVMLw0it2/UiO+47RnSv9gJDYs1qDLR3cG1OT6hqnk3y3Cz4jKCIq4tIdfkmwA/HG0q0LVAcIU8FC66yDsNpLQBbq0Y6f89axFmYz4ePE8HZruTyHaJUrcfCEXWl1wl4rx27KBZuw+TQ2Dw+EhYPDwVf2MHsLaeSbNSbVE3nxLiSUVBcFmRw/8xGl9jp8NxRKhJ3E1Iyie0oz4ipHWJ81M53NYz5x3caOrsHGrvVwWF5M3ki/0MeMgfU5/0RC67tXcIfqqpAL7zMzWyhIC1F/Sw3Q+eC/ALX4zW/o/lW1ZA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 03 Feb 2024 13:22:25 GMT; Max-Age=31536000; Secure
bm_sz=A919CE07CE916C53C87E13F786051730~YAAQjGpkX6P5vMKFAQAAgUdxFxL3A1+Nltdg6kj9HG4QtjjOTmXHcAAeGLC8RBQLTobHQz5QstwbJBN1dHGpoItdYm+H4zylhrXKmGlJriNS8r+7Ld1DauHqJQLHnWmlTd/LPtb2G67dtOx5FNqWD1f59socE9Y4H5AWo5XEWxwr7dqbNdZEqdVuP+71x0wO7MAflu9odyo5kHACnrW0Ce+n1KkzCvzeZYj2ZVYFjsqPbKHjI/BIkAZI58HMiedi1ui2teuY4Wodg8CWs2DEoNmWnhRkEEK9O7pVgNYZNeim4Hptdyik~4405043~4536645; Domain=.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 17:22:25 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01cnE31:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a91_VM-ARN-01cnE31_15583-40252

static.wellsfargo.com/tracking/hp/utag.js

95.101.10.152

200 OK

55 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/hp/utag.js
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (15181)
Size
55 kB (54818 bytes)
Hash
3696ebaee8a4dce7a09695dd80b3aef8
0dabf76fc893ffa3d29ba90d81cc03708b798431
0987f794748b29c49ec899c0d7599f225ce1252f243ab35d168a8d853b1aceae

HTTP Headers

GET /tracking/hp/utag.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 24 Jan 2023 07:23:58 GMT
Vary: Accept-Encoding
ETag: W/"63cf878e-322c5"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 54818
Date: Fri, 03 Feb 2023 13:22:25 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=HJbddBVpINae04eBiUTx2g%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&cb=1675430544608&event=PageLoad&pid=tcm:703-225258-64&ptid=tcm:703-223694-128&pageUrl=https%3A%2F%2Fwww.wellsfargo.com%2Fes%2Fbiz%2F&clist=702-228795-16~91-2829-32|84-224686-16~91-2049-32|703-6793-16~91-223645-32|283-192509-16~91-223645-32|283-148263-16~91-223645-32|283-38072-16~91-223645-32|84-226264-16~91-223649-32|84-233306-16~91-223645-32|84-226382-16~91-223645-32|283-226516-16~91-223647-32|283-244189-16~91-236597-32|283-226480-16~91-226306-32|283-224785-16~91-223660-32|283-235016-16~91-223671-32|283-238621-16~91-228642-32|283-226262-16~91-223669-32|283-225008-16~91-223650-32|283-247102-16~91-244420-32|283-225025-16~91-223650-32|283-225026-16~91-223650-32|283-225027-16~91-223673-32|283-226514-16~91-223668-32|283-226635-16~91-223675-32

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&cb=1675430544608&event=PageLoad&pid=tcm:703-225258-64&ptid=tcm:703-223694-128&pageUrl=https%3A%2F%2Fwww.wellsfargo.com%2Fes%2Fbiz%2F&clist=702-228795-16~91-2829-32|84-224686-16~91-2049-32|703-6793-16~91-223645-32|283-192509-16~91-223645-32|283-148263-16~91-223645-32|283-38072-16~91-223645-32|84-226264-16~91-223649-32|84-233306-16~91-223645-32|84-226382-16~91-223645-32|283-226516-16~91-223647-32|283-244189-16~91-236597-32|283-226480-16~91-226306-32|283-224785-16~91-223660-32|283-235016-16~91-223671-32|283-238621-16~91-228642-32|283-226262-16~91-223669-32|283-225008-16~91-223650-32|283-247102-16~91-244420-32|283-225025-16~91-223650-32|283-225026-16~91-223650-32|283-225027-16~91-223673-32|283-226514-16~91-223668-32|283-226635-16~91-223675-32
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo
quad9	Sinkholed

HTTP Headers

GET /assets/images/global/s.gif?log=1&cb=1675430544608&event=PageLoad&pid=tcm:703-225258-64&ptid=tcm:703-223694-128&pageUrl=https%3A%2F%2Fwww.wellsfargo.com%2Fes%2Fbiz%2F&clist=702-228795-16~91-2829-32|84-224686-16~91-2049-32|703-6793-16~91-223645-32|283-192509-16~91-223645-32|283-148263-16~91-223645-32|283-38072-16~91-223645-32|84-226264-16~91-223649-32|84-233306-16~91-223645-32|84-226382-16~91-223645-32|283-226516-16~91-223647-32|283-244189-16~91-236597-32|283-226480-16~91-226306-32|283-224785-16~91-223660-32|283-235016-16~91-223671-32|283-238621-16~91-228642-32|283-226262-16~91-223669-32|283-225008-16~91-223650-32|283-247102-16~91-244420-32|283-225025-16~91-223650-32|283-225026-16~91-223650-32|283-225027-16~91-223673-32|283-226514-16~91-223668-32|283-226635-16~91-223675-32 HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:25 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 02 Feb 2023 13:22:25 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=tdoEaf6Qh8gZe3DJmOnbDKKkmEWZUcSz3CaM21zPyRtyvqE4lTd40NnMNKeBVm9O; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:25 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a91_VM-ARN-01cnE31_15497-37612

static.wellsfargo.com/assets/js/wfui/ndep/websdk/nuance-websdk-loader.js

95.101.10.152

200 OK

13 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/ndep/websdk/nuance-websdk-loader.js
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
Unicode text, UTF-8 text, with very long lines (41881)
Size
13 kB (13370 bytes)
Hash
346912f774e106a5ea6f78459c661c4a
71d774577bd02f71c5def49535f88a92bd1b7088
8e7d64f1048594472f76fc1b6796a2b8fe847953a2e5b15636f3862e629ff27b

HTTP Headers

GET /assets/js/wfui/ndep/websdk/nuance-websdk-loader.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 09 Nov 2022 04:37:54 GMT
Vary: Accept-Encoding
ETag: W/"636b2ea2-a3cb"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 13370
Date: Fri, 03 Feb 2023 13:22:25 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=KIbMjG1B6yPC7f0cR1SW5Q%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/assets/js/wfui/ndep/css/nuance-c2c-button.css

95.101.10.152

200 OK

2.7 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/ndep/css/nuance-c2c-button.css
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with CRLF line terminators
Size
2.7 kB (2671 bytes)
Hash
5257c2e188d24ddc00cc92573e5f2cfb
3526eb21d812e9ebfcb3514cc2ff9ad53abe442e
ae7a3a2c2db5a1dc74814e5001e439aeeae648e3b31cdb7474856dc52ea0b223

HTTP Headers

GET /assets/js/wfui/ndep/css/nuance-c2c-button.css HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Wed, 14 Jul 2021 10:08:23 GMT
Vary: Accept-Encoding
ETag: W/"60eeb797-2bb3"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 2671
Date: Fri, 03 Feb 2023 13:22:25 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=9wuF4CB1+m49io1Hg+o8ww%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/assets/js/wfui/ndep/css/nuance-chat.css

95.101.10.152

200 OK

505 B

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/ndep/css/nuance-chat.css
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with CRLF, LF line terminators
Size
505 B (505 bytes)
Hash
e2966fedd68930d5281a2ed6ea61c0d3
1ede5572cf49f251c212abdbd6f2df4bb48de1fe
c2ef5abb39d304068b5476114ebc952a97c091ea59348c8ba3adeadc715976ad

HTTP Headers

GET /assets/js/wfui/ndep/css/nuance-chat.css HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Tue, 17 Nov 2020 14:00:34 GMT
Vary: Accept-Encoding
ETag: W/"5fb3d782-52b"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 505
Date: Fri, 03 Feb 2023 13:22:25 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=m5aquETxfStQxqlMaxTGRw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/assets/js/wfui/ndep/js/nuan_websdk_bootstrap.js

95.101.10.152

200 OK

35 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/ndep/js/nuan_websdk_bootstrap.js
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (306), with CRLF line terminators
Size
35 kB (35227 bytes)
Hash
6b6e25186e12dddab5cfc7e3eaf88138
b10a74c86e7fa78e2c8a7b3797bcfaf7ccc717e7
c626e63ae020f2dff5a3dd67681ef69d4fb334218d325321dabfa5e206586602

HTTP Headers

GET /assets/js/wfui/ndep/js/nuan_websdk_bootstrap.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 09 Nov 2022 04:37:55 GMT
Vary: Accept-Encoding
ETag: W/"636b2ea3-24709"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 35227
Date: Fri, 03 Feb 2023 13:22:25 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=vwdPKA3fmZMCK5rCcg5gNw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/assets/js/wfui/ndep/js/nuan-c2c.js

95.101.10.152

200 OK

5.6 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/ndep/js/nuan-c2c.js
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (928), with CRLF line terminators
Size
5.6 kB (5649 bytes)
Hash
00e6f77045d9c92840a490cfcdc9ff6a
22f273b66fe0c5d43cf747fb9868b0904d5ee4b8
4d144f941f05ff42f2a818328b7524c6d3f2b6efc1fe93a09794af14ad262f6c

HTTP Headers

GET /assets/js/wfui/ndep/js/nuan-c2c.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 16 Mar 2022 05:41:26 GMT
Vary: Accept-Encoding
ETag: W/"62317886-590b"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 5649
Date: Fri, 03 Feb 2023 13:22:25 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=p%2f3GQotQc77NWG0Kjng2lQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/as/target/offers/conversations

163.171.134.56

200 OK

663 B

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/as/target/offers/conversations
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (1236), with no line terminators
Size
663 B (663 bytes)
Hash
b7b77ce014d931c44e28a7d569fccfbe
4c802b16b1f7c9c139828c94015af36de1e7b8e5
821b3b1a03b39aead8b5af8a922df89ca7e94f9795312497f205060fd2cf11f8

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

POST /as/target/offers/conversations HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 103
Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:25 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 663
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-0b345613-5e54-4200-ac32-7b5bcf8ecf81' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:34|g:d988e0b3-60f9-42d3-bfb3-ca66b1f258e7; Expires=Fri, 03-Feb-2023 13:22:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:34|g:d988e0b3-60f9-42d3-bfb3-ca66b1f258e7|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 03-Feb-2023 13:22:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 03-Feb-2023 13:22:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:34|i:206917; Expires=Fri, 03-Feb-2023 13:22:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:34|i:206917|e:52; Expires=Fri, 03-Feb-2023 13:22:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=3C6F6505A55ED13879164446536F7F4B; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 03-Feb-2024 13:22:25 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202302030522251609323277; domain=.wellsfargo.com; path=/; expires=31 Jan 2033 13:22:25 GMT; secure=true; SameSite=Lax; HttpOnly
DCID=2v+cYkQi9Fa67b587afvUXfHlvphwooSjXPSCx+wMK0mkgmBhB8aLwU14kCC1UBd; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:25 GMT;Httponly; Secure
_abck=A395A06E646702CE9E0B15186111CDC3~-1~YAAQjGpkX6T5vMKFAQAAoUhxFwnmOwjen7fy2wRnrqcA45qrQNcpsseGFksoGkjYe0qCuCk3tcYkRHbLhNOnRJqyjtRGoqAL4Wm8S6RNeDl2OGmqoEGIvQIKHsFxslqiggNL8+qp21KH9QXr8D5o5rphtGybeIj4ILEBVrwdRN93bDAw5zQOImLfn7v8i2orQEghwQVqtpdGJCktaVqV3edpnFjxeMZyt3GdjYF/2I6E3eOYyLaPCuqmzuOj5w6EGamn7MmUunsbOK+yP4IkJ5xFWBwByVanLbp3lwN4qTduEZ2rrhwcgbDrdDUu6f3gkpJ1jD4Vlj9S70Rnz6iAqa2iLqy7JeWT8izoW6IJSW0clFPjEBtaQVC4lH3RKChTnQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 03 Feb 2024 13:22:25 GMT; Max-Age=31536000; Secure
bm_sz=69638EC26689480FE0244D6956FF98C8~YAAQjGpkX6X5vMKFAQAAoUhxFxLlvXt4UYTImforyq14ouX3wN/1/peqVr3ysrEtLPZ/KIBWYKKApo9uyhT45JAGKtuJU76aK5dPfdD6gVFPPrOKqeFCjWlQEX5aCGRryi/Zh2Ihbvj4P3cRbkpO9Iqo8ELcrq3O7kPPS+SxH1M54M8+b7SKCELsYNiT+H/URf2pvLuUoBa2fkoWblY/21TDVpjKoEW3Nq4n2N2A2lQtOl1CK+guvhI99QkVlUWzrZYjYsPcNoZ0MtpjSlq51zlDw9pb/HYryAEDM6fHZHBzqnD8z10q~4405043~4536645; Domain=.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 17:22:25 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a91_VM-ARN-01cnE31_15569-59880

www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/credit_1700x700.jpg

104.110.27.78

200 OK

21 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/credit_1700x700.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x423, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
21 kB (20866 bytes)
Hash
88268efbf4efb0c2770520ac85649b7f
c56ae061d7c0e1e0c5c265e46a5a64a4c96f82d9
46a9cb09ecd93735beb4f66e131776139e7cf6eb8837af3f53e392d344d652e4

HTTP Headers

GET /assets/images/contextual/responsive/hpprimary/credit_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "63331202-1448b"
last-modified: Tue, 11 Oct 2022 21:11:03 GMT
server: Akamai Image Manager
content-length: 20866
content-type: image/webp
cache-control: private, no-transform, max-age=2015585
expires: Sun, 26 Feb 2023 21:15:30 GMT
date: Fri, 03 Feb 2023 13:22:25 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/icons/marketing_belt_icons/icn_marketing_belt_checking_64x64.png

104.110.27.78

200 OK

1.7 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/icons/marketing_belt_icons/icn_marketing_belt_checking_64x64.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.7 kB (1652 bytes)
Hash
7d5653912e62290c532bc8739c69731e
c48cd970eaa966f211e760a0fb19eda8fc6f4a8d
f7a7b6bbb8e06125faa2e4d2199f44d59c89cf361d3334f1db281d7e827602fe

HTTP Headers

GET /assets/images/rwd/icons/marketing_belt_icons/icn_marketing_belt_checking_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61c275a2-957"
last-modified: Thu, 14 Jul 2022 02:03:02 GMT
server: Akamai Image Manager
content-length: 1652
content-type: image/webp
cache-control: private, no-transform, max-age=1104684
expires: Thu, 16 Feb 2023 08:13:49 GMT
date: Fri, 03 Feb 2023 13:22:25 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png

104.110.27.78

200 OK

2.3 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.3 kB (2330 bytes)
Hash
cd43a2d200f1b8eec84495408eb299f0
2eb173b0af9b49b634e0645a96931f5fdf6e3ab3
659ec8c02bafa9c286c39731fb1d2d382a7a8dd2ee8cc4132146558dbe27b6a8

HTTP Headers

GET /assets/images/homepage/position-1-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61619278-9f2c"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 858
x-check-cacheable: YES
content-length: 2330
content-type: image/webp
cache-control: private, no-transform, max-age=1101499
expires: Thu, 16 Feb 2023 07:20:44 GMT
date: Fri, 03 Feb 2023 13:22:25 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png

104.110.27.78

200 OK

2.3 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.3 kB (2340 bytes)
Hash
2f9e97870725142046712437d067b97f
bf8db685193835edea05ac95e5671b24e0f49467
50ce7b0d954443e5fd62e3cd003bc7124bda0b30dd58d6a66485c72be96959c0

HTTP Headers

GET /assets/images/homepage/position-2-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61619278-cf3e"
last-modified: Thu, 14 Jul 2022 02:02:39 GMT
server: Akamai Image Manager
content-length: 2340
content-type: image/webp
cache-control: private, no-transform, max-age=1018421
expires: Wed, 15 Feb 2023 08:16:06 GMT
date: Fri, 03 Feb 2023 13:22:25 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png

104.110.27.78

200 OK

2.1 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.1 kB (2092 bytes)
Hash
bf02d082705f06162b2e73f68602e79e
219dbb45081fa5d8663bad2f96e9066e7f17aa6e
10c22e3b130204065c1a61e7995a9defe21f0408801e8b442035a03f8d16ad64

HTTP Headers

GET /assets/images/homepage/position-3-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61619278-7b35"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
x-serial: 416
x-check-cacheable: YES
content-length: 2092
content-type: image/webp
cache-control: private, no-transform, max-age=1132832
expires: Thu, 16 Feb 2023 16:02:57 GMT
date: Fri, 03 Feb 2023 13:22:25 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/homepage/position-4-bg-gradient.png

104.110.27.78

200 OK

2.6 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/homepage/position-4-bg-gradient.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.6 kB (2594 bytes)
Hash
1626a2f9535a10e8d076cab3de0df78f
4c2c4d82a3d4b49457a8a17a345c07c9617202fd
3fbf3b0d590832220370ac5dd608fa737315363f163967c6671d228bd3161084

HTTP Headers

GET /assets/images/homepage/position-4-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61619278-ea13"
last-modified: Thu, 14 Jul 2022 02:02:46 GMT
server: Akamai Image Manager
x-serial: 1250
x-check-cacheable: YES
content-length: 2594
content-type: image/webp
cache-control: private, no-transform, max-age=1196148
expires: Fri, 17 Feb 2023 09:38:13 GMT
date: Fri, 03 Feb 2023 13:22:25 GMT
X-Firefox-Spdy: h2

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AIDAXBeGAQAAOqG99eNxqAzqDfSvdecwKuWuQd39tW1IRZIi2dSu96CH3Nzq&X-G2Q3kxs3--z=q

163.171.134.56

200 OK

148 kB

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AIDAXBeGAQAAOqG99eNxqAzqDfSvdecwKuWuQd39tW1IRZIi2dSu96CH3Nzq&X-G2Q3kxs3--z=q
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
ASCII text, with very long lines (65536), with no line terminators
Size
148 kB (147907 bytes)
Hash
c6a68365cffc02a05dc5ce8c63b30d8f
30fdedbfd22ea9e85fdce34b2e2f4542134a867f
fc67a3f52da087372340d583c883b2480026b71002da32d1b8563caa78d2c28d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /auth/login/static/js/general_alt.js?async&seed=AIDAXBeGAQAAOqG99eNxqAzqDfSvdecwKuWuQd39tW1IRZIi2dSu96CH3Nzq&X-G2Q3kxs3--z=q HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:25 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Fri, 03 Feb 2023 13:22:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A1xHcReGAQAA_12pG0RldrHaAKHZguEUFByP2ipvWWJHquERSajzof_WxYaqAaOrhiucuDv8wH8AAEB3AAAAAA|1|0|9b843d0ede9c93aa2c6eb4435be3a7fc40986465; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=6C8HPNZ5kCjGIUgjGdlaXQHIPMWAvLW6QGDZMKy57AM%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:25 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a91_VM-ARN-01cnE31_15447-42695

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/4nZCCLdKTe/qWe_/p53y-w/wO5mfJtz/XltxfHBKBA/VC/ZFVR1TU0E

163.171.134.56

201 Created

18 B

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/4nZCCLdKTe/qWe_/p53y-w/wO5mfJtz/XltxfHBKBA/VC/ZFVR1TU0E
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

POST /4nZCCLdKTe/qWe_/p53y-w/wO5mfJtz/XltxfHBKBA/VC/ZFVR1TU0E HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3276
Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=; utag_main=v_id:01861771c0f10009385d58c40d5e00050003e00900918$_sn:1$_se:1$_ss:1$_st:1675432376369$ses_id:1675430576369%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 201 Created
Date: Fri, 03 Feb 2023 13:22:25 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Lyw+mAAeB5ftMPDZaoXNHw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=Lyw+mAAeB5ftMPDZaoXNHw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=CB1F4061CFAED6E5AD808F1158932883~-1~YAAQjGpkX6b5vMKFAQAAuElxFwkSpKWNIXfu6l9R4aGWVhltUBuMusigKRXffEepBvAwtdYkYti3NDDoqkr4Epcx/856y/R6ZOiFBayTDDB5x7Q9VoOf5w11wfSdTBT5h8kkuSCPdTgYiPpDlxv9QnYZwvc2AyIBKF94Gn+NPhlg+H+ZY7pogwqoSDHuo8XZdBgTVPAqCdTpHbhShFbYkhkiBaNAZXdGasBK/EOda/gyGn7CwaAqJaoF/k/zp04Ht/1MXCcjOlt4vP0VQFKqS0kaVgF1foLvC5TWJLQctPMCCRB+cosGdZ/HINf2RDdDGmoVpIY7SCK8jTTJlh8gT/GolerJA61nuYg/uBTCz5XePw4oquinYEEwpPKVJfbdHw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 03 Feb 2024 13:22:25 GMT; Max-Age=31536000; Secure
bm_sz=4C0C018C2592721D828A7E04101C8049~YAAQjGpkX6f5vMKFAQAAuElxFxLhTMd/vMzuPxQ+jFp5OomWmQaHnmR6DIv5DCFIr4eZ6ez7ZzUb62grX5nXh2DzSHZYCmunwpkaezkfRapnxrkFC2oh3Rrk9ZsYY3pEo6ya5Qj7JPa5apP7oMsTQGvnsqybXROuTd025eRjcWak3jjcxElQ/uq7nHLGgNgaA33xGVn9/3STgRClQhUIB5pM3YmOybSb+JpNgO8djI7DfysgQuqqJzqitrn2NrMntitCunuu1EhF5PeKK7RuM/2lltV7Bi5DJHquH1o892eSETEdWlb/~4405043~4536645; Domain=.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 17:22:25 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01cnE31:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a91_VM-ARN-01cnE31_15447-42705

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js

163.171.134.56

200 OK

306 kB

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
ASCII text, with very long lines (65356)
Size
306 kB (305866 bytes)
Hash
0a73606e47133a2d2a13f7b5e1750e3c
8faaf759f275f0b66491df1c5077939099282044
cadbb05fc74ea8549b09ebed74da9dddf5499847acbcfaf7775b67a48abfc1ed

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /auth/login/static/js/general_alt.js?1js HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:25 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Fri, 03 Feb 2023 13:22:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: DCID=4uG+gfuT0Cmw5imlziiHSDZ0exPLmpUmXaO5zkRrgz4HV%2f7+5ZJiVBDBM2tDX46l; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:25 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a91_VM-ARN-01cnE31_15467-36980

www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico

104.110.27.78

200 OK

9.2 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
9.2 kB (9198 bytes)
Hash
cd112f1acb59ef6e59e09c0effd8ce2a
bc104cd92adc32a8f695300d2b0cc69c2776f6af
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c

HTTP Headers

GET /assets/images/icons/ico/favicon.ico HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/x-icon
content-length: 9198
last-modified: Fri, 17 Dec 2021 21:10:38 GMT
etag: "61bcfcce-23ee"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=12385
expires: Fri, 03 Feb 2023 16:48:50 GMT
date: Fri, 03 Feb 2023 13:22:25 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png

104.110.27.78

200 OK

1.0 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
ISO Media, AVIF Image\012- data
Size
1.0 kB (1012 bytes)
Hash
4febe8c61db195a61e1bf6366a2dba1e
6b66fc1349bd2d08b0d9046a2f0c33d1b2925534
964596930b998b90463258b346ce36d991a0f28e7054770a1decfff35a9cda0c

HTTP Headers

GET /assets/images/icons/icon-hires_192x192.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6116f9a6-dcf"
last-modified: Tue, 17 Jan 2023 06:26:40 GMT
server: Akamai Image Manager
content-length: 1012
content-type: image/avif
cache-control: private, no-transform, max-age=1098172
expires: Thu, 16 Feb 2023 06:25:17 GMT
date: Fri, 03 Feb 2023 13:22:25 GMT
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14183
Expires: Fri, 03 Feb 2023 17:18:49 GMT
Date: Fri, 03 Feb 2023 13:22:26 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14183
Expires: Fri, 03 Feb 2023 17:18:49 GMT
Date: Fri, 03 Feb 2023 13:22:26 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14183
Expires: Fri, 03 Feb 2023 17:18:49 GMT
Date: Fri, 03 Feb 2023 13:22:26 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14183
Expires: Fri, 03 Feb 2023 17:18:49 GMT
Date: Fri, 03 Feb 2023 13:22:26 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14183
Expires: Fri, 03 Feb 2023 17:18:49 GMT
Date: Fri, 03 Feb 2023 13:22:26 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10796 bytes)
Hash
3490571dd2de0a747987b9a0e18cccc8
18e9f8f160d3515f1cb31fc7538ac762a6cab344
1c071d7f3b288b29254500f94f19c0db0633c6aa90812f2e92c4f64992f5221a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10796
x-amzn-requestid: 5c9b1a83-c99a-44b9-9a90-5edd7ef1e225
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi0XKG93oAMFtsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76760-01bf754d6c725c3275c02a1b;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 06:44:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vUJO-Pt9Hi1ndrCQQT1nNCGT7oDOYBpA8-EawHanESoZAsZv32dQdg==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 00:25:04 GMT
age: 46642
etag: "18e9f8f160d3515f1cb31fc7538ac762a6cab344"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.6 kB (5641 bytes)
Hash
d4041f3b5316bc84c9e6d88ddbc85b89
4978a4a20836b6f5d863d331bcedad782b7b4ac6
549b62d2c4ec965b8bec62010c0ce338dfea7992ee83eb7af61ff1a30d21f8b5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5641
x-amzn-requestid: b53b54b1-3b00-47cf-a25c-e93910c2ebfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fuvzpHsXoAMFsuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc2ce3-0c4fc8154763febb44460ac2;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 21:36:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x4-BZdG4JGRKCSdKynnuweZfo9l0XZtDB-MiANy7C2Yz1URYMHP4sQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:28:50 GMT
age: 53616
etag: "4978a4a20836b6f5d863d331bcedad782b7b4ac6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F524a46fd-88eb-4539-9d8b-1ac679ae5990.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.2 kB (8211 bytes)
Hash
114e345e134986d7451148fcea31b29d
541e878afee68c8802bb52b0cbbe5a5a0a185392
5030244d4babd1023166f39c935029d789a91ba90aa3a44c6f4c88ddc947b678

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F524a46fd-88eb-4539-9d8b-1ac679ae5990.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8211
x-amzn-requestid: 2df5779a-a808-46ec-9246-1a9b9bddd9e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmKLVHwroAMF72Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bd7b-3cfe97e07d17958836425784;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:04:27 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ZZXEXszbtmGh7kLfhabCGd41rZRnSmQvdcySUQRTDtJRBqZVUK3LaQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 07:19:27 GMT
age: 21779
etag: "541e878afee68c8802bb52b0cbbe5a5a0a185392"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11565 bytes)
Hash
e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: w0Zm5V0TQxsQ7917U3fdhS_n7qKE143PuhI2JmNCDM_Pf0yPLyW6yA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 04:53:21 GMT
age: 30545
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10166 bytes)
Hash
2a6aaf87a867f93dc9268a8b27973b97
f52ccbe6cbced1994acb13a00b05436553b6813e
3fbd7441712035f4d53c17eec93bc278e6c072043f3b5a721cac349fc0dabe77

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10166
x-amzn-requestid: 54fe0d12-360f-4d97-bcf3-b24747d956aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fY_4zHEcoAMF1iA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d379d1-4ba89e44005f616a0ed3ed24;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 07:14:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: G0R-0w9HtLB5OXb-w-RyR9QCnrddkS29FqF_GeAQa1CRWkqaUJwQoA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:27:53 GMT
age: 53673
etag: "f52ccbe6cbced1994acb13a00b05436553b6813e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (14071 bytes)
Hash
9ab97f766ee1ed6ebbb2b3889a9157b4
f87f165404dec4d65531e6e25146cb77601f3616
f3d0f76f956371b1733a526f10a8253fc3396a459d7af59380d8e8db7dee8ec2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 14071
x-amzn-requestid: 40cb363f-2c4d-4361-9fe1-10e4c8b2fe29
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fiTo4Ek2oAMFs6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d73305-6cb63d3c49f9f84e639467f6;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 03:01:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aTs6L8dJENFRdtBn7ggAbY5yaYRAzSY2B0bmElV4YNPrJg-KRDAyNA==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:46:56 GMT
age: 56130
etag: "f87f165404dec4d65531e6e25146cb77601f3616"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/photography/product/small-business/card/fatnav/cc-business-platinum_79x49.png

104.110.27.78

200 OK

1.4 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/photography/product/small-business/card/fatnav/cc-business-platinum_79x49.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.4 kB (1436 bytes)
Hash
0880265bd118920fd1ca18eabb29c528
49602ee1485b1f4055635d42c568546e13aa8c90
37dd0a3404af3c62777281c147d144378dd6809620e531e58a17423abc057c38

HTTP Headers

GET /assets/images/rwd/photography/product/small-business/card/fatnav/cc-business-platinum_79x49.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6335f9d5-1a8f"
last-modified: Mon, 03 Oct 2022 02:02:07 GMT
server: Akamai Image Manager
x-serial: 1888
x-check-cacheable: YES
content-length: 1436
content-type: image/webp
cache-control: private, no-transform, max-age=941549
expires: Tue, 14 Feb 2023 10:54:55 GMT
date: Fri, 03 Feb 2023 13:22:26 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/photography/product/small-business/card/fatnav/cc-business-elite_79x49.png

104.110.27.78

200 OK

1.4 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/photography/product/small-business/card/fatnav/cc-business-elite_79x49.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.4 kB (1350 bytes)
Hash
cc3d77556283919af04e0641e3e37250
1e96a649e7cb434597082cc204b050127e36e8f8
21c8d2fc781f13fb45ae4208b353c983d49d41c3505e94e29b5c1d5c31e19c68

HTTP Headers

GET /assets/images/rwd/photography/product/small-business/card/fatnav/cc-business-elite_79x49.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6335f9d8-1bfd"
last-modified: Sun, 18 Dec 2022 17:40:21 GMT
server: Akamai Image Manager
x-serial: 1005
x-check-cacheable: YES
content-length: 1350
content-type: image/webp
cache-control: private, no-transform, max-age=845297
expires: Mon, 13 Feb 2023 08:10:43 GMT
date: Fri, 03 Feb 2023 13:22:26 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/icons/marketing_belt_icons/icn-marketing-belt-cash-hand_64x64.png

104.110.27.78

200 OK

2.5 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/icons/marketing_belt_icons/icn-marketing-belt-cash-hand_64x64.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.5 kB (2520 bytes)
Hash
01695377e69f7063e1550746495c81f5
609ec8ee8dd28f128f0477b6147817750c9b341e
5c9d48467771247548445209a10047ced732d2da276c072f4c6c5a483405c944

HTTP Headers

GET /assets/images/rwd/icons/marketing_belt_icons/icn-marketing-belt-cash-hand_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61c275a2-103b"
last-modified: Thu, 14 Jul 2022 02:03:01 GMT
server: Akamai Image Manager
content-length: 2520
content-type: image/webp
cache-control: private, no-transform, max-age=1255730
expires: Sat, 18 Feb 2023 02:11:16 GMT
date: Fri, 03 Feb 2023 13:22:26 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/icons/marketing_belt_icons/icn_marekting_belt_credit_card_64x64.png

104.110.27.78

200 OK

1.6 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/icons/marketing_belt_icons/icn_marekting_belt_credit_card_64x64.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.6 kB (1648 bytes)
Hash
b6865ccc7a6df08112ed1669824be71c
1a51df486fd125ee8a966115a1373e4b34e49c11
f33f804c40891284e0c3afcd509b199e56f3a2821fcc2f83f60aa66cf60ba305

HTTP Headers

GET /assets/images/rwd/icons/marketing_belt_icons/icn_marekting_belt_credit_card_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61c275a2-9d0"
last-modified: Thu, 14 Jul 2022 02:03:02 GMT
server: Akamai Image Manager
content-length: 1648
content-type: image/webp
cache-control: private, no-transform, max-age=1221150
expires: Fri, 17 Feb 2023 16:34:56 GMT
date: Fri, 03 Feb 2023 13:22:26 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/icons/marketing_belt_icons/icn_marketing_belt_touchless_64x64.png

104.110.27.78

200 OK

1.9 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/icons/marketing_belt_icons/icn_marketing_belt_touchless_64x64.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.9 kB (1930 bytes)
Hash
2fd7f8c24576c73072097bf2e6259185
0fbda4c7e3b800aec15fea0539ad703ae61d6046
144529be2df1a6a4bbcbd82b300cd99b256fea8a768d3488f8080f4c0a908260

HTTP Headers

GET /assets/images/rwd/icons/marketing_belt_icons/icn_marketing_belt_touchless_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61c275a2-bde"
last-modified: Thu, 14 Jul 2022 02:03:01 GMT
server: Akamai Image Manager
content-length: 1930
content-type: image/webp
cache-control: private, no-transform, max-age=840187
expires: Mon, 13 Feb 2023 06:45:33 GMT
date: Fri, 03 Feb 2023 13:22:26 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/matchmaker_woman_1600x700.jpg

104.110.27.78

200 OK

35 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/matchmaker_woman_1600x700.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x502, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
35 kB (34606 bytes)
Hash
539b8a50b31186a56fc5f1ab1297ea78
575c94d22bac962bf0417f00c9539f28ad6296f0
bdb5cb84e084b4f210b9d4d961ed3c47d650e48d5010d6eeeba0a06338ca5988

HTTP Headers

GET /assets/images/contextual/responsive/lpromo/matchmaker_woman_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61c4837f-1857e"
last-modified: Thu, 14 Jul 2022 02:03:06 GMT
server: Akamai Image Manager
x-serial: 322
x-check-cacheable: YES
content-length: 34606
content-type: image/webp
cache-control: private, no-transform, max-age=1223849
expires: Fri, 17 Feb 2023 17:19:55 GMT
date: Fri, 03 Feb 2023 13:22:26 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/man_tablet_flower_shop_616x353.jpg

104.110.27.78

200 OK

33 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/man_tablet_flower_shop_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
33 kB (33186 bytes)
Hash
65a51929096fa18d4bb06f2a29891a75
d34df0eb676d584af89dfc2b6e022b4910b90cc0
d67a289220cf94e6d81eefe14a1a911aeeff5010229d78c409fe55761f2d8108

HTTP Headers

GET /assets/images/rwd/photography/616x353/man_tablet_flower_shop_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "62a189aa-d24b"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 33186
content-type: image/webp
cache-control: private, no-transform, max-age=1123649
expires: Thu, 16 Feb 2023 13:29:55 GMT
date: Fri, 03 Feb 2023 13:22:26 GMT
X-Firefox-Spdy: h2

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/4nZCCLdKTe/qWe_/p53y-w/wO5mfJtz/XltxfHBKBA/VC/ZFVR1TU0E

163.171.134.56

201 Created

18 B

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/4nZCCLdKTe/qWe_/p53y-w/wO5mfJtz/XltxfHBKBA/VC/ZFVR1TU0E
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

POST /4nZCCLdKTe/qWe_/p53y-w/wO5mfJtz/XltxfHBKBA/VC/ZFVR1TU0E HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3023
Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=; utag_main=v_id:01861771c0f10009385d58c40d5e00050003e00900918$_sn:1$_se:1$_ss:1$_st:1675432376369$ses_id:1675430576369%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 201 Created
Date: Fri, 03 Feb 2023 13:22:26 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=3Qah4RqFZtEZWOxM%2fPFE8w%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=3Qah4RqFZtEZWOxM%2fPFE8w%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=5FB8699E64F61C3E8A02C7BF2126D7F3~-1~YAAQjGpkX6v5vMKFAQAA+0txFwnOEZqzzzfAHDr7GoPe97e/EuwYCYRUmfgbOE6UG7wQNNkPc2Xt2O9R14Q2YVwy08HA6fcAXv1GLelkMRBRt1sFoipdYsg14/t2D0YWknX1MDRS9KD30fPR2Yn7Rg933PHxwKFhaypMuXk4OVaTibSglvFf1jZ+fOT/2NGWKxkk8iEkb9Qn3cCmy/TgQGZI4JnYvIdauqR//XkKdma8jMyymTLYoRu7KjmpnbKTqdnkRzTjOuVCkVHBkaxuduN3J76GaP+JkYSQ9NNuP6h78PI6sQ285Pt8luf5QRK95oAxTURHNnyXbh1umoYrK+mqvh/DFUG7+1qaJ9lumbJJiWDT93AIp25TlRGySF7ExQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 03 Feb 2024 13:22:26 GMT; Max-Age=31536000; Secure
bm_sz=5A6FC43663A047F64451DDD63FA87359~YAAQjGpkX6z5vMKFAQAA+0txFxKhA0aTV2jvYaGtZacFkepxyYKggTaCyuyak8jMBOGxt7QJrd9jWgObWlAHeAyhlueoSRJfddImz6YSzwM8JX7jC2D3aWI0hGEjNwc2ZkGndR+JbPvVK0OWRLKVgNq/YbccNWV86boH4wH69aAXKop+CwVSs3UiiIJh33QsdjCNOEJmg72XvRYDT9mcw5ifL6+KZzSMZfw4jAUHXSxSy5cNrkMewGbOwrhEst/PCu1+4muzKtMj4A96DwEtuIUExRTK+D+okPirXyku0Df1MTyLRoSn~4274500~4601153; Domain=.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 17:22:26 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01cnE31:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a92_VM-ARN-01cnE31_15467-36996

www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/2_woman_cafe_folder_616x353.jpg

104.110.27.78

200 OK

55 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/2_woman_cafe_folder_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
55 kB (54586 bytes)
Hash
a974c3d7e7eec33c0b3a6a51bc5dda5b
e3c5e2e739d51f334183573016c9e00de421bed5
ca43102cb524defb85fcf58b1236f271a8c02303e3e4e1df6351273867576cce

HTTP Headers

GET /assets/images/rwd/photography/616x353/2_woman_cafe_folder_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "62a189aa-11d15"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 54586
content-type: image/webp
cache-control: private, no-transform, max-age=1245320
expires: Fri, 17 Feb 2023 23:17:46 GMT
date: Fri, 03 Feb 2023 13:22:26 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/Navtive_App_Phone_Personal.png

104.110.27.78

200 OK

15 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/Navtive_App_Phone_Personal.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
15 kB (15388 bytes)
Hash
42f3bed043f7a3b4c585c74b98e35499
16d8482ca3e416cb9203f15bd0c0faa82e622327
ecfea4fcc40f95576acdf90df879a5bed9a1c481a69c127d940c616e5332cc98

HTTP Headers

GET /assets/images/rwd/Navtive_App_Phone_Personal.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61a934dd-41c5b"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 15388
content-type: image/webp
cache-control: private, no-transform, max-age=1134611
expires: Thu, 16 Feb 2023 16:32:37 GMT
date: Fri, 03 Feb 2023 13:22:26 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/food_truck_card_insert_616x353.jpg

104.110.27.78

200 OK

26 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/food_truck_card_insert_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
26 kB (25792 bytes)
Hash
e004488f9fb67721f39390f524ad5c78
24a7cf417462d429cc72dc5ea55873c4cdeef796
1b422aeb872e1f5c9a0c4ea9db41f1022d6c38a83d7e5e806d1ca6741ab3be6a

HTTP Headers

GET /assets/images/rwd/photography/616x353/food_truck_card_insert_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "62a189a9-b2b6"
last-modified: Thu, 14 Jul 2022 02:02:38 GMT
server: Akamai Image Manager
content-length: 25792
content-type: image/webp
cache-control: private, no-transform, max-age=1152519
expires: Thu, 16 Feb 2023 21:31:05 GMT
date: Fri, 03 Feb 2023 13:22:26 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/woman_kitchen_tablet_616x353.jpg

104.110.27.78

200 OK

26 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/woman_kitchen_tablet_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
26 kB (25762 bytes)
Hash
ce943ec0868d0b5769548025730ebb06
31d26f01d9a1e62d683b1165bec3d6e5b5310093
be1ec3a15be24dbd2904218e9def59d04b54bdca02738ee718a55823572f179a

HTTP Headers

GET /assets/images/rwd/photography/616x353/woman_kitchen_tablet_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "62a189a8-c00f"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 25762
content-type: image/webp
cache-control: private, no-transform, max-age=1254361
expires: Sat, 18 Feb 2023 01:48:27 GMT
date: Fri, 03 Feb 2023 13:22:26 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/man_computer_paper_shop_616x353.jpg

104.110.27.78

200 OK

33 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/man_computer_paper_shop_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 616x353, components 3\012- data
Size
33 kB (32871 bytes)
Hash
816d65c2758ff533fa6e21801daeb1e6
08e4d8044b39ddbef43651cb29b371c450e651c1
72137441f0a479553ec1c095ac9f20ae25a6a1a631f910415ea2e18eb367f2bd

HTTP Headers

GET /assets/images/rwd/photography/616x353/man_computer_paper_shop_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "62a189aa-a3e7"
last-modified: Thu, 14 Jul 2022 02:02:38 GMT
server: Akamai Image Manager
x-serial: 510
x-check-cacheable: YES
content-length: 32871
content-type: image/jpeg
cache-control: private, no-transform, max-age=851185
expires: Mon, 13 Feb 2023 09:48:51 GMT
date: Fri, 03 Feb 2023 13:22:26 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/man_woman_shoes_616x353.jpg

104.110.27.78

200 OK

25 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/man_woman_shoes_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
25 kB (25094 bytes)
Hash
11d5c849b66051138628a9cbe63132fd
7b30e03cf2ba108867c248ecdc8207bd6a4bb80c
ba5375591bbba655a050fea8fb3c9dfa7561d09a102c7b4a987999cc7b4ddb0d

HTTP Headers

GET /assets/images/rwd/photography/616x353/man_woman_shoes_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "62a189a9-d12c"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 25094
content-type: image/webp
cache-control: private, no-transform, max-age=1129525
expires: Thu, 16 Feb 2023 15:07:51 GMT
date: Fri, 03 Feb 2023 13:22:26 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/woman_computer_writing_mugs_616x353.jpg

104.110.27.78

200 OK

34 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/woman_computer_writing_mugs_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
34 kB (33632 bytes)
Hash
58ede609c8abd3ba38aa9d0e8de3298e
b2236e0ac30a78ef74c1db03a331f2cdc78dbf34
8e7880330ef42f2dd950fea1001a6124574a5a03afc384b88a2b744b9875fbb5

HTTP Headers

GET /assets/images/rwd/photography/616x353/woman_computer_writing_mugs_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "62a189a8-e4dd"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 33632
content-type: image/webp
cache-control: private, no-transform, max-age=1094078
expires: Thu, 16 Feb 2023 05:17:04 GMT
date: Fri, 03 Feb 2023 13:22:26 GMT
X-Firefox-Spdy: h2

static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1

95.101.10.152

200 OK

45 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65507), with CRLF line terminators
Size
45 kB (45055 bytes)
Hash
02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4

HTTP Headers

GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 03 Feb 2023 13:22:26 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=SKyjufvLpL2XRhR4kyTylQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/tracking/gb/detector-dom.min.js

95.101.10.152

200 OK

132 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/gb/detector-dom.min.js
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65434)
Size
132 kB (131829 bytes)
Hash
73ad7a8f8ccda765b898b038f90d8274
756ac35ad2422d93a0b327dfeff7fe9200695883
60ccc38cf175aba7cbe63bf1ec6319b5c1648d9a52014dfefa6ec718476a17b7

HTTP Headers

GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:03:51 GMT
Vary: Accept-Encoding
ETag: W/"632cbfa7-6b8d3"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 131829
Date: Fri, 03 Feb 2023 13:22:26 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Blr9qhUpY4sqK5Sl0E%2fk2w%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
8e4b7b47ed75e9e975adc9fc304e3219
0b4f8dacc8685161103a352dd4221f69aa111626
852df028f28349db72a347eb3627f3f102c4e4dd6418cbdba6b94e44092ab43f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5343
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:22:26 GMT
Last-Modified: Fri, 03 Feb 2023 11:53:23 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
8a41a6e5225635ecc02de9eabd9a472b
585d12a70f821899fdfad9c09cc87fc46cac9ea0
997fff4ada3bc79630777b4f847861230bb5ae6c58627220d8ef2c693bb92cbf

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:26 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 13:42:56 GMT
Expires: Wed, 08 Feb 2023 13:42:55 GMT
Etag: "585d12a70f821899fdfad9c09cc87fc46cac9ea0"
Cache-Control: max-age=432628,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 793b79b41dcab51d-OSL

dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1675430577420

54.195.228.119

200 OK

320 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1675430577420
IP
54.195.228.119:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Size
320 B (320 bytes)
Hash
5c3ae11325bff3c547a30a334906f183
e1d73377330d5ab9f26170dc3ba9de7419916893
29fe3f13d080ed899321612578756388158db7eb28b146317c97e580c3ea99b3

HTTP Headers

GET /id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1675430577420 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0e1f48b6d.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=08013724987510789583854292564102424643; Max-Age=15552000; Expires=Wed, 02 Aug 2023 13:22:26 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: QTwa1ldhSOs=
Content-Length: 320
Connection: keep-alive

api.rlcdn.com/api/identity/idl?pid=1317

34.120.133.55

451 Unavailable For Legal Reasons

0 B

URL HTTP/2
api.rlcdn.com/api/identity/idl?pid=1317
IP
34.120.133.55:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /api/identity/idl?pid=1317 HTTP/1.1
Host: api.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 451 Unavailable For Legal Reasons
date: Fri, 03 Feb 2023 13:22:26 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=07977065565064540773850642839419703888&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%011120230203052224886989156%011&ts=1675430577730

54.195.228.119

200 OK

321 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=07977065565064540773850642839419703888&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%011120230203052224886989156%011&ts=1675430577730
IP
54.195.228.119:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Size
321 B (321 bytes)
Hash
ce1e20b719af75c159d847218de87cc8
24aca74341211a1d811285163b569e368b9c655d
26740e0f844463fe677cf67701c7dc6a16b717feb2094685d49eea721ccdd6a7

HTTP Headers

GET /id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=07977065565064540773850642839419703888&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%011120230203052224886989156%011&ts=1675430577730 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0fb9f79b9.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=74997857259785585073984283864614325719; Max-Age=15552000; Expires=Wed, 02 Aug 2023 13:22:26 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: V+ytLYm1Qrg=
Content-Length: 321
Connection: keep-alive

static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js

95.101.10.152

200 OK

14 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (32088), with CRLF line terminators
Size
14 kB (14304 bytes)
Hash
3aebe41731e9656c48b87e8e8b2d1177
43369d1732f4ad8a5e7a1e9a3e133d96945afe02
6cf0cd136cefa8b4cce2da6ead22c33b83af4af3e87d7e4e9589b60f6ce4e395

HTTP Headers

GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 14304
Date: Fri, 03 Feb 2023 13:22:26 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=liHE%2fVrPky9wCD2dAmvNvw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/tracking/ga/gtag.js?t=UA-107148943-1

95.101.10.152

200 OK

45 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/gtag.js?t=UA-107148943-1
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65507), with CRLF line terminators
Size
45 kB (45055 bytes)
Hash
02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4

HTTP Headers

GET /tracking/ga/gtag.js?t=UA-107148943-1 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 03 Feb 2023 13:22:26 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=XYW5siehvw2bVCdWxPcGoQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/tracking/ga/gtag.js?t=AW-984436569

95.101.10.152

200 OK

45 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/gtag.js?t=AW-984436569
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65507), with CRLF line terminators
Size
45 kB (45055 bytes)
Hash
02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4

HTTP Headers

GET /tracking/ga/gtag.js?t=AW-984436569 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 03 Feb 2023 13:22:26 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=dmNaTx8szmLvATy%2f0yHPdQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA

163.171.134.56

200 OK

180 B

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
180 B (180 bytes)
Hash
eff08598645f915c3cfad489178e6694
74d543baf9f052cb975d86aad1f8fa2b71182cc3
777efa37d6833b0ae2596267e813b498f226a44553293373b13219773888eca4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

POST /dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Content-Type: multipart/form-data; boundary=---------------------------411882563930535166961089422946
Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Content-Length: 171
Connection: keep-alive
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=; utag_main=v_id:01861771c0f10009385d58c40d5e00050003e00900918$_sn:1$_se:1$_ss:1$_st:1675432376369$ses_id:1675430576369%3Bexp-session$_pn:1%3Bexp-session; __ts_xfdF3__=833536919; dti_apg=%7B%22_rt%22%3A%22DQMZTop0gxDL8CmqoSK2w7daN%2FGP6y%2BR4h151ByrpZU%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:26 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 180
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
x-envoy-decorator-operation: ingress DeviceCategoryPost4
X-Akamai-Transformed: 9 175 0 pmb=mTOE,1
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=llndhJwKzqhFjiroUDdiDC9+29Y3U406+ye0oUkT9A0%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:26 GMT;Httponly; Secure
_abck=4701F39E56DDD3CAF74666B47B5459A4~-1~YAAQvWpkXz+0QsWFAQAArE1xFwk/1eQFh3pQi/QVtlVrwpT394+KuK55mE+muzi/upAAS+Y3Q8c4S6ua308sZSNKQH7PUobXUOs757Yi2dgdDvH5AkP9WvNEkTpyaC1+MvPojSalsjORmgG9gy720CZBgoA7/eLCnW/o45rkWpZsTx7NjWi0Te+OxnQAd4iuAaBccjVQ9QNDNuVzLUO1P+IvtjJr/33doElGIyEbCbBQufKN2Z22k7xT+mEBhetpVeQEjpIKsH78nydyWpOqThQRela5JPoffkf/eB+tz0ewQ2TS8BP2Jpr2ey9wo9LvSg8iUST3BFRN/HQFkwrHatwe65xwGAXxjTsY+TBCxZfP6U+lN7Lis+Pk0lNGgicttQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 03 Feb 2024 13:22:26 GMT; Max-Age=31536000; Secure
bm_sz=10EABD70416E6DA027428E2BAAB8C963~YAAQvWpkX0C0QsWFAQAArE1xFxLwQ5HZX40yLK1VZilmKJOV2E1IWeJ4S3Ar8hyK31mGG2pcA33oZy41v1zWP/WLywVD4+/5kQfnW9qsUnrEgfvEQnHMeZh9Re1gfspgGiGW0aNjG6Ea0G/uELEGhwrulB+fv9Ut2ynxdX98Gvth+Bj75Vx2yDrTZF2STzVD6itvFFHDKwRT4SSCqd6KrcQ8KNmqmtUZRG8Y625Dmm9y+DQex/E7jTUtaWjwZH5xKkeFOTMSpoJRskchVK8PMfLENJPDfR6U2+Xlc2T+wBSXOHB2bcvx~4274500~4601153; Domain=.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 17:22:26 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01XDr43:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a92_VM-ARN-01cnE31_15467-36998

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
8a41a6e5225635ecc02de9eabd9a472b
585d12a70f821899fdfad9c09cc87fc46cac9ea0
997fff4ada3bc79630777b4f847861230bb5ae6c58627220d8ef2c693bb92cbf

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:26 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 13:42:56 GMT
Expires: Wed, 08 Feb 2023 13:42:55 GMT
Etag: "585d12a70f821899fdfad9c09cc87fc46cac9ea0"
Cache-Control: max-age=432628,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 793b79b4df15b51d-OSL

wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1675430577432

54.171.68.161

200 OK

322 B

URL HTTP/1.1
wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1675430577432
IP
54.171.68.161:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (596), with no line terminators
Size
322 B (322 bytes)
Hash
ab4da7cf54e7fa8abfb8dcc4c6695428
52d53125312f1a9f40292564e58a23df4e4429b1
f4bc9adcbb01d80673e256375e85e1577e910aabc4f2fc8989b4e9a8a5b97990

HTTP Headers

POST /event?d_dil_ver=9.5&_ts=1675430577432 HTTP/1.1
Host: wellsfargobankna.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 375
Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-027dff91d.edge-irl1.demdex.com 5 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=08013724987510789583854292564102424643; Max-Age=15552000; Expires=Wed, 02 Aug 2023 13:22:26 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: ZlM4aKJOSs0=
Content-Length: 322
Connection: keep-alive

static.wellsfargo.com/tracking/ga/ga.js

95.101.10.152

200 OK

20 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/ga.js
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (49163)
Size
20 kB (19477 bytes)
Hash
d76c07f3794667edfb1c8ac0df3aac66
23e1915175dad06223c692b49c7b3c2aad1a5820
e0a246ff71144016a26e53493b8275a3a02b9386c690a169801840072851136b

HTTP Headers

GET /tracking/ga/ga.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-c025"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 19477
Date: Fri, 03 Feb 2023 13:22:26 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=vMkAgmH24HMyOONqn2OEmA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/tracking/ga/gtag.js?t=DC-2549153

95.101.10.152

200 OK

45 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/gtag.js?t=DC-2549153
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65507), with CRLF line terminators
Size
45 kB (45055 bytes)
Hash
02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4

HTTP Headers

GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 03 Feb 2023 13:22:26 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=CFc+VUs7+7JJeRnxEmq8fw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js

95.101.10.194

200 OK

152 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
152 kB (151899 bytes)
Hash
3182edea8f4e9c271d5c825842b4181d
a3cc426d7eebef371977626227eb73283496e1b7
be919b9b7be0a071fd53085823e9b636e6e78784da68fc1c9ddd2f9bda2ef1cd

HTTP Headers

GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Allow: GET, POST, OPTIONS
Access-Control-Allow-Methods: POST
X-Frame-Options: SAMEORIGIN
ETag: W/"63d032c0-172f"
Last-Modified: Tue, 24 Jan 2023 19:34:24 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Fri, 03 Feb 2023 13:22:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
WesdAksn=A75NcReGAQAATopYf5ZtDE8AZgxbAr594eu9sFNmOaBX0THLCK1BYf7juCpcAVtaKpqcuDv8wH8AAEB3AAAAAA|1|0|7562cb24b49675e5b842479b9950a6fd3534a5fe; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=%2f3STXuGxQyhC6xVFy1uFG61PwOrB9RVnlSzWjL+19BjDIICoKX%2f83MlhMeYnszPv; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:26 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
41648db5504a5e4bce1dbb5772bf1c2f
2f21925d805cc85ad9e45984dc06fec04f5e2ce0
8e2d864a645cafba5ef7e67fe98a3c6d2a5e9fd0635c5c06bd0f876630ba6e4c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1437
Cache-Control: max-age=107807
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:22:26 GMT
Etag: "63dc0714-1d7"
Expires: Sat, 04 Feb 2023 19:19:13 GMT
Last-Modified: Thu, 02 Feb 2023 18:55:16 GMT
Server: ECS (amb/6B80)
X-Cache: HIT
Content-Length: 471

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/as/jsLog

163.171.134.56

200 OK

0 B

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/as/jsLog
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

POST /as/jsLog HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 173
Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=; utag_main=v_id:01861771c0f10009385d58c40d5e00050003e00900918$_sn:1$_se:2$_ss:0$_st:1675432377773$ses_id:1675430576369%3Bexp-session$_pn:1%3Bexp-session; __ts_xfdF3__=833536919; dti_apg=%7B%22_rt%22%3A%22DQMZTop0gxDL8CmqoSK2w7daN%2FGP6y%2BR4h151ByrpZU%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C07977065565064540773850642839419703888%7CMCAAMLH-1676035377%7C6%7CMCAAMB-1676035377%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1597964350%7CMCOPTOUT-1675437777s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=960445f0-f750-4d3f-97ed-7d764052fd93; _cls_s=6436cc74-5d93-4597-a89a-188a77326dcb:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:26 GMT
Content-Length: 0
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-b27ebb2f-4032-4098-a439-2b64b2fd7c4b' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Set-Cookie: ADRUM_BTa=R:34|g:f3d78f6e-5250-42cd-98d1-bb58a15df593; Expires=Fri, 03-Feb-2023 13:22:56 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:34|g:f3d78f6e-5250-42cd-98d1-bb58a15df593|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 03-Feb-2023 13:22:56 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 03-Feb-2023 13:22:56 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=C1008024E54B0436B17EB5491CBCA374; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 03-Feb-2024 13:22:26 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120230203052226613009613; domain=.wellsfargo.com; path=/; expires=31 Jan 2033 13:22:26 GMT; secure=true; SameSite=Lax; HttpOnly
ADRUM_BT1=R:34|i:206915; Expires=Fri, 03-Feb-2023 13:22:56 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:34|i:206915|e:7; Expires=Fri, 03-Feb-2023 13:22:56 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:34|i:206915|e:7|d:0; Expires=Fri, 03-Feb-2023 13:22:56 GMT; Path=/; Secure; SameSite=Lax; Httponly
DCID=yyXM+qbSjqjrHgXM8f2fKn23Gtbt5Zh5rAhYe21UuI4%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:26 GMT;Httponly; Secure
_abck=2C093FC895ECD7523DD5D2DC23238989~-1~YAAQjGpkX635vMKFAQAAOk5xFwkqixv+J53lB0i/ixpBU4qxE6dLRV92e+r/C8MtsnnRPJZWTvFXC2IcXAQ6vxS9w3h9vwe+sGuSuQ8siytdrWcZAFJnroV0GrFPKQ3jbNZqf5oP/0KPHa/AV9KdNh/XvJBPJhubSo8eg9PJzY2QUtfPZbPj/oQ3m4iUSbJNm0v17KLpr7j7Erp8YEQ4krS/07ssudjHPnsZ9AxkMbGV9RARlKrmPuNApTdbekVnnbK/p+G22xnCm0BY78WwmgzjfLX3mxfum35xJu2hNOcPUPht2BjW4dTencVAwVaDZh/T1LOnNrAC2nXaS8jMnG0r/ipijQbg/+shufSnefdiJ2HbIWnXTLGcbGIfv6Zx+A==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 03 Feb 2024 13:22:27 GMT; Max-Age=31536000; Secure
bm_sz=17CD6F05BB4D67DBA82D8F3BB4A2FED1~YAAQjGpkX675vMKFAQAAOk5xFxKSrFJkO4rRd54LMXUsSIXm3misuC8uuOWgt2cZ3YUafgLUQqwKWBgl+IlYQX1SKFd5bWSsfkKHog0gS3q7TUr28/usYbJFzUtu4pzbjBkp+tKJSZyNHPet8nZVeOVrI7IlMc1GH2WEDIbEDkVvlOZV47rn5TWsJYIFjWPRTiv4IQ/MA6eJOHMxrehnhPJF3If9nYm6k69W4VFqdm/w/MyRzDfpKD2AZm8GpRyf1EhHx9r2Am14qG5ZBZjtVhjvXTMmH7f/QVzzTPj1YDcmT8MZnAtf~4274500~4601153; Domain=.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 17:22:26 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a92_VM-ARN-01cnE31_15447-42733

rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=6436cc74-5d93-4597-a89a-188a77326dcb%3A0&_cls_v=960445f0-f750-4d3f-97ed-7d764052fd93&pv=2&f_cls_s=true

95.101.10.104

200 OK

76 B

URL HTTP/1.1
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=6436cc74-5d93-4597-a89a-188a77326dcb%3A0&_cls_v=960445f0-f750-4d3f-97ed-7d764052fd93&pv=2&f_cls_s=true
IP
95.101.10.104:0
ASN
#20940 Akamai International B.V.

File type
JSON data\012- , ASCII text, with no line terminators
Size
76 B (76 bytes)
Hash
c214714989b066f837597572ebde2320
21b14b4e0f84133416c3941ccb6b89c71e54651f
7b1f3f3283aa3642726e1ea812683b10e8de04016e3b008f82f62b954c72b842

HTTP Headers

GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=6436cc74-5d93-4597-a89a-188a77326dcb%3A0&_cls_v=960445f0-f750-4d3f-97ed-7d764052fd93&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 76
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Fri, 03 Feb 2023 13:22:27 GMT
Connection: keep-alive
Set-Cookie: _cls_v=960445f0-f750-4d3f-97ed-7d764052fd93; Secure; SameSite=None;HttpOnly;Secure
_cls_s=6436cc74-5d93-4597-a89a-188a77326dcb:0; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!OFwz64KGJsWjDLEq/D2JHXmrrcNtCwxEpL55RsKQaO/3+0BHCYZ4+l9JKgEvFXNGiuui+w8qX70mZg==; path=/; Httponly; Secure
DCID=Y8d7PijUDpi50%2fZcVyGUZXBxUN0wEvNP1eDfwDZv%2fugeKrFxMOcxgpvguGlt1bwy; Domain=rubicon.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:26 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
9c45ea25709afbea416f215ee34611b0
117c52c0ee3ff15a2485c0b1e39cc12c7c2021ed
7fbc3c806c7fc6d70d70b55723dbbfc00698b14fcad55014218bc5e03e92a118

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:22:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=732439162&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&ul=en-us&de=UTF-8&dt=Servicios%20bancarios%2C%20pr%C3%A9stamos%20e%20informaci%C3%B3n%20para%20peque%C3%B1as%20empresas%20%7C%20Wells%20Fargo&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUABBAAAAC~&jid=1659524041&gjid=31467046&cid=1632986498.1675430578&tid=UA-107148943-1&_gid=352498750.1675430578&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120230203052224886989156&cd12=BROWSER&cd22=hp&cd23=4.49.0&gtm=2ou8g0&cd35=1632986498.1675430578&z=65735583

142.250.74.110

200 OK

2 B

URL HTTP/2
www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=732439162&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&ul=en-us&de=UTF-8&dt=Servicios%20bancarios%2C%20pr%C3%A9stamos%20e%20informaci%C3%B3n%20para%20peque%C3%B1as%20empresas%20%7C%20Wells%20Fargo&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUABBAAAAC~&jid=1659524041&gjid=31467046&cid=1632986498.1675430578&tid=UA-107148943-1&_gid=352498750.1675430578&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120230203052224886989156&cd12=BROWSER&cd22=hp&cd23=4.49.0&gtm=2ou8g0&cd35=1632986498.1675430578&z=65735583
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
cc7a1e792bca8ccb1946b7a07f6dbc03
11a2757082428311f587b7664fa9840376137f80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

HTTP Headers

POST /j/collect?v=1&_v=j92&aip=1&a=732439162&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&ul=en-us&de=UTF-8&dt=Servicios%20bancarios%2C%20pr%C3%A9stamos%20e%20informaci%C3%B3n%20para%20peque%C3%B1as%20empresas%20%7C%20Wells%20Fargo&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUABBAAAAC~&jid=1659524041&gjid=31467046&cid=1632986498.1675430578&tid=UA-107148943-1&_gid=352498750.1675430578&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120230203052224886989156&cd12=BROWSER&cd22=hp&cd23=4.49.0&gtm=2ou8g0&cd35=1632986498.1675430578&z=65735583 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
date: Fri, 03 Feb 2023 13:22:27 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js

95.101.10.152

200 OK

16 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (599)
Size
16 kB (15970 bytes)
Hash
18a9dcc7cee831010cf1647c8e39088a
731f39c30835414c6e165dd4687bf4071fe0eb10
1dc439a17ef08f995584c4869ccc397120b2502b57ba40240887df28e347be9b

HTTP Headers

GET /assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 Mar 2021 23:46:24 GMT
Vary: Accept-Encoding
ETag: W/"60401fd0-bbed"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15970
Date: Fri, 03 Feb 2023 13:22:27 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=3GGUj2f9JQGjcvNmtIvwXQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
9c45ea25709afbea416f215ee34611b0
117c52c0ee3ff15a2485c0b1e39cc12c7c2021ed
7fbc3c806c7fc6d70d70b55723dbbfc00698b14fcad55014218bc5e03e92a118

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:22:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430577988&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430577988&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo
quad9	Sinkholed

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430577988&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=; utag_main=v_id:01861771c0f10009385d58c40d5e00050003e00900918$_sn:1$_se:2$_ss:0$_st:1675432377773$ses_id:1675430576369%3Bexp-session$_pn:1%3Bexp-session; __ts_xfdF3__=196145771; dti_apg=%7B%22_rt%22%3A%22DQMZTop0gxDL8CmqoSK2w7daN%2FGP6y%2BR4h151ByrpZU%3D%22%2C%22_s%22%3A%22RhsKIrNG%22%2C%22c%22%3A%22OVo5MjA5Z0tlbVdUMTJwUA%3D%3DE-FCRKZn6JF1qRIkuVyEJTDZOh6qzIq4kHmSuCKKdO-Z55u9bhLds5eL1t6Q7A9co6v3yhAagGvypbwYQCpIIHP77TecqNN6VTg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C07977065565064540773850642839419703888%7CMCAAMLH-1676035377%7C6%7CMCAAMB-1676035377%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1597964350%7CMCOPTOUT-1675437777s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=960445f0-f750-4d3f-97ed-7d764052fd93; _cls_s=6436cc74-5d93-4597-a89a-188a77326dcb:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:27 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 02 Feb 2023 13:22:27 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=KsbmIyBRYYilYHYNcQjp0FO0XVN3lHrq+X71JfCefgA%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a93_VM-ARN-01cnE31_15467-37003

tag-wellsfargo.nod-glb.nuance.com/tagserver/nuanceChat.html?UUID=WF_10006005

8.39.193.5

200 OK

266 B

URL HTTP/1.1
tag-wellsfargo.nod-glb.nuance.com/tagserver/nuanceChat.html?UUID=WF_10006005
IP
8.39.193.5:0
ASN
#54396 NUANCE-MOBILITY

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
266 B (266 bytes)
Hash
a671bc4e541aadc71fd7812d93af15e7
3b8c76ac113e54f3d413e09807f3661c72d0f6b5
ef16255038c7c5847295c3c434243418d898b7b40a9095aeeb65e3ddb7579383

HTTP Headers

GET /tagserver/nuanceChat.html?UUID=WF_10006005 HTTP/1.1
Host: tag-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: max-age=3600
P3P: policyref="http://tag-wellsfargo.nod-glb.nuance.com/w3c/p3p.xml", CP="NON DSP LAW CUR ADMi TAIi PSAi PSD TELi OUR SAMi IND
ETag: "+6ZNxP/6RTk"
Last-Modified: Wed, 18 Jan 2023 03:47:27 GMT
Accept-Ranges: bytes
Content-Type: text/html; charset=utf-8
Content-Length: 266
Date: Fri, 03 Feb 2023 13:22:27 GMT

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578052&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A283-226516-16%7Etcm%3A91-223647-32

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578052&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A283-226516-16%7Etcm%3A91-223647-32
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo
quad9	Sinkholed

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578052&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A283-226516-16%7Etcm%3A91-223647-32 HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=; utag_main=v_id:01861771c0f10009385d58c40d5e00050003e00900918$_sn:1$_se:2$_ss:0$_st:1675432377773$ses_id:1675430576369%3Bexp-session$_pn:1%3Bexp-session; __ts_xfdF3__=196145771; dti_apg=%7B%22_rt%22%3A%22DQMZTop0gxDL8CmqoSK2w7daN%2FGP6y%2BR4h151ByrpZU%3D%22%2C%22_s%22%3A%22RhsKIrNG%22%2C%22c%22%3A%22OVo5MjA5Z0tlbVdUMTJwUA%3D%3DE-FCRKZn6JF1qRIkuVyEJTDZOh6qzIq4kHmSuCKKdO-Z55u9bhLds5eL1t6Q7A9co6v3yhAagGvypbwYQCpIIHP77TecqNN6VTg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C07977065565064540773850642839419703888%7CMCAAMLH-1676035377%7C6%7CMCAAMB-1676035377%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1597964350%7CMCOPTOUT-1675437777s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=960445f0-f750-4d3f-97ed-7d764052fd93; _cls_s=6436cc74-5d93-4597-a89a-188a77326dcb:0; _ga=GA1.2.1632986498.1675430578; _gid=GA1.2.352498750.1675430578; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:27 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 02 Feb 2023 13:22:27 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=J89qBXvD1CGRC3UuXOpRYCPWF5b5RhTZrj5rvGELfUwVvIU3mXq0ahP6QtbhBrub; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a93_VM-ARN-01cnE31_15497-37631

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
9bfd33253208c9d034988400d66abd5d
8811fd76d9bc56c15431433f8f08d648185992ed
6382de7eb2bc0b40dc6d2e21ab8b6cb90cc0effe3241e3fb5008d2e4f626e92c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:22:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578065&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-253922-16%7Etcm%3A91-223657-32

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578065&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-253922-16%7Etcm%3A91-223657-32
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo
quad9	Sinkholed

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578065&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-253922-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=; utag_main=v_id:01861771c0f10009385d58c40d5e00050003e00900918$_sn:1$_se:2$_ss:0$_st:1675432377773$ses_id:1675430576369%3Bexp-session$_pn:1%3Bexp-session; __ts_xfdF3__=196145771; dti_apg=%7B%22_rt%22%3A%22DQMZTop0gxDL8CmqoSK2w7daN%2FGP6y%2BR4h151ByrpZU%3D%22%2C%22_s%22%3A%22RhsKIrNG%22%2C%22c%22%3A%22OVo5MjA5Z0tlbVdUMTJwUA%3D%3DE-FCRKZn6JF1qRIkuVyEJTDZOh6qzIq4kHmSuCKKdO-Z55u9bhLds5eL1t6Q7A9co6v3yhAagGvypbwYQCpIIHP77TecqNN6VTg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C07977065565064540773850642839419703888%7CMCAAMLH-1676035377%7C6%7CMCAAMB-1676035377%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1597964350%7CMCOPTOUT-1675437777s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=960445f0-f750-4d3f-97ed-7d764052fd93; _cls_s=6436cc74-5d93-4597-a89a-188a77326dcb:0; _ga=GA1.2.1632986498.1675430578; _gid=GA1.2.352498750.1675430578; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:27 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 02 Feb 2023 13:22:27 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=ztQ96H8O3b22xGG4x9caygMMV9NjvlNzIMrHr7SWD9okV332wgYA9whzWQESIrpg; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a93_VM-ARN-01cnE31_15569-59900

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=1632986498.1675430578&jid=1659524041&gjid=31467046&_gid=352498750.1675430578&_u=4GBACUAABAAAAC~&z=1165780576

64.233.164.155

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=1632986498.1675430578&jid=1659524041&gjid=31467046&_gid=352498750.1675430578&_u=4GBACUAABAAAAC~&z=1165780576
IP
64.233.164.155:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=1632986498.1675430578&jid=1659524041&gjid=31467046&_gid=352498750.1675430578&_u=4GBACUAABAAAAC~&z=1165780576 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 03 Feb 2023 13:22:27 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

static.wellsfargo.com/tracking/ga/ga_conversion_async.js

95.101.10.152

200 OK

14 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/ga_conversion_async.js
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (35846)
Size
14 kB (13593 bytes)
Hash
42c817a7b5f9583b2bc70f742dc950c9
ff75711716f8605860abe551b0235f7194e4348e
881b430ac699f32b3b5234582494d1f4fc0d22be1e6ac797847d66bc5ebc250f

HTTP Headers

GET /tracking/ga/ga_conversion_async.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-8c31"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 13593
Date: Fri, 03 Feb 2023 13:22:27 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=ux2ldyqtUgD4ixmw%2fL8wig%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578061&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-226451%7Etcm%3A84-1029-2

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578061&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-226451%7Etcm%3A84-1029-2
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo
quad9	Sinkholed

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578061&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-226451%7Etcm%3A84-1029-2 HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=; utag_main=v_id:01861771c0f10009385d58c40d5e00050003e00900918$_sn:1$_se:2$_ss:0$_st:1675432377773$ses_id:1675430576369%3Bexp-session$_pn:1%3Bexp-session; __ts_xfdF3__=196145771; dti_apg=%7B%22_rt%22%3A%22DQMZTop0gxDL8CmqoSK2w7daN%2FGP6y%2BR4h151ByrpZU%3D%22%2C%22_s%22%3A%22RhsKIrNG%22%2C%22c%22%3A%22OVo5MjA5Z0tlbVdUMTJwUA%3D%3DE-FCRKZn6JF1qRIkuVyEJTDZOh6qzIq4kHmSuCKKdO-Z55u9bhLds5eL1t6Q7A9co6v3yhAagGvypbwYQCpIIHP77TecqNN6VTg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C07977065565064540773850642839419703888%7CMCAAMLH-1676035377%7C6%7CMCAAMB-1676035377%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1597964350%7CMCOPTOUT-1675437777s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=960445f0-f750-4d3f-97ed-7d764052fd93; _cls_s=6436cc74-5d93-4597-a89a-188a77326dcb:0; _ga=GA1.2.1632986498.1675430578; _gid=GA1.2.352498750.1675430578; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:27 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 02 Feb 2023 13:22:27 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=3DnCFYjpOlS1ESl8BWBqu35WSOucIpIlT66UPfoA6L0%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a93_VM-ARN-01cnE31_15583-40274

static.wellsfargo.com/tracking/ga/ec.js

95.101.10.152

200 OK

1.3 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/ec.js
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (2771)
Size
1.3 kB (1313 bytes)
Hash
8a1d22ba0de1104dcdc02a582b407ed2
e4d90fd13a73c7379c46b197ded523a5d33c69b9
4a44a1a7efd65360f31e0b1842ad06b7fedc7c0373c69c0077c696cd49cc35de

HTTP Headers

GET /tracking/ga/ec.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-aed"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1313
Date: Fri, 03 Feb 2023 13:22:27 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=O2+oVrd4XXEgQ7LsJnSrmQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

connect.secure.wellsfargo.com/auth/static/prefs/atadun.js

95.101.10.194

200 OK

607 B

URL HTTP/1.1
connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with CRLF line terminators
Size
607 B (607 bytes)
Hash
00c66df208db2e1ba86a1bf44853001c
703b030e21167b9bbb52ae54bca96921a886c2dc
ab1989dd07ba1ed256db9131647ea9cb1b3735fac736fd27fb73b4b44c6e45b9

HTTP Headers

GET /auth/static/prefs/atadun.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 24 Jan 2023 19:34:23 GMT
Vary: Accept-Encoding
ETag: W/"63d032bf-4a0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Content-Encoding: gzip
Content-Length: 607
Date: Fri, 03 Feb 2023 13:22:27 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=Xn9opEQSNG%2flVSxIORlch7wdRJSZa%2f66XXLqoqM6nHR1k0qavNiZitkx%2fQftI9HR; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
9bfd33253208c9d034988400d66abd5d
8811fd76d9bc56c15431433f8f08d648185992ed
6382de7eb2bc0b40dc6d2e21ab8b6cb90cc0effe3241e3fb5008d2e4f626e92c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:22:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
636897389814ca4d23aa4009b8fb1458
14394dbd8f0e226b71e1bd35c6da2278828feae4
85bcc6e816cf5ea2028e9dc4862f3de068d0606949b3fef3fcc5b32fab37ad86

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:22:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

2549153.fls.doubleclick.net/activityi;src=2549153;type=bisf90;cat=all_a0;ord=8590137260895;gtm=2od8g0;auiddc=129369994.1675430578;u1=1120230203052224886989156;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F?

142.250.74.6

200 OK

318 B

URL HTTP/2
2549153.fls.doubleclick.net/activityi;src=2549153;type=bisf90;cat=all_a0;ord=8590137260895;gtm=2od8g0;auiddc=129369994.1675430578;u1=1120230203052224886989156;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F?
IP
142.250.74.6:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (555), with no line terminators
Size
318 B (318 bytes)
Hash
d30551fb308d1e20c66f2bc7f4a12cea
64177387fb85a7216ecb22f4d2f273180fff519e
cdc4c56f96de6a0d6a3003f4fe19a771a5b2582c23eed77df593133a21c84944

HTTP Headers

GET /activityi;src=2549153;type=bisf90;cat=all_a0;ord=8590137260895;gtm=2od8g0;auiddc=129369994.1675430578;u1=1120230203052224886989156;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F? HTTP/1.1
Host: 2549153.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 03 Feb 2023 13:22:27 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 318
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 03-Feb-2023 13:37:27 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/as/target/offers/dispositions

163.171.134.56

200 OK

974 B

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with very long lines (2443), with no line terminators
Size
974 B (974 bytes)
Hash
989c748ed2de025bc5707aa32c0603fd
228a27b3b51556760a1164a681c605dc642041ff
e6c17ae321006073ccefc7b63f532b17d3f9104490aecb5d371cc56766c47cee

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Content-Type: application/json
Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Content-Length: 268
Connection: keep-alive
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=; utag_main=v_id:01861771c0f10009385d58c40d5e00050003e00900918$_sn:1$_se:2$_ss:0$_st:1675432377773$ses_id:1675430576369%3Bexp-session$_pn:1%3Bexp-session; __ts_xfdF3__=196145771; dti_apg=%7B%22_rt%22%3A%22DQMZTop0gxDL8CmqoSK2w7daN%2FGP6y%2BR4h151ByrpZU%3D%22%2C%22_s%22%3A%22RhsKIrNG%22%2C%22c%22%3A%22OVo5MjA5Z0tlbVdUMTJwUA%3D%3DE-FCRKZn6JF1qRIkuVyEJTDZOh6qzIq4kHmSuCKKdO-Z55u9bhLds5eL1t6Q7A9co6v3yhAagGvypbwYQCpIIHP77TecqNN6VTg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C07977065565064540773850642839419703888%7CMCAAMLH-1676035377%7C6%7CMCAAMB-1676035377%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1597964350%7CMCOPTOUT-1675437777s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=960445f0-f750-4d3f-97ed-7d764052fd93; _cls_s=6436cc74-5d93-4597-a89a-188a77326dcb:0; _ga=GA1.2.1632986498.1675430578; _gid=GA1.2.352498750.1675430578; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:27 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 974
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-b6c30397-77a2-420c-91ad-c4e11e1c4eb5' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:34|g:1e2b7b95-1913-421d-b9e3-ef73e27da7a0; Expires=Fri, 03-Feb-2023 13:22:57 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:34|g:1e2b7b95-1913-421d-b9e3-ef73e27da7a0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 03-Feb-2023 13:22:57 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 03-Feb-2023 13:22:57 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:34|i:206917; Expires=Fri, 03-Feb-2023 13:22:57 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:34|i:206917|e:52; Expires=Fri, 03-Feb-2023 13:22:57 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=8EBDF2F4A27FFF3E13FACAD76344BB84; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 03-Feb-2024 13:22:27 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202302030522271043853003; domain=.wellsfargo.com; path=/; expires=31 Jan 2033 13:22:27 GMT; secure=true; SameSite=Lax; HttpOnly
DCID=bLEZqzmCmZsbM26zZoIdGJ5CYuJOZ5ORUAWVIvSNtZ1olvwjgLea98oWXinGxgFy; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:27 GMT;Httponly; Secure
_abck=AD995593C65708F3CF028E30C5BD7E91~-1~YAAQjGpkX7H5vMKFAQAACFBxFwk+Zu11zsUIKtKQ+X/W9YgaP3zNvN8gsmOWir6xZaxysaghny8V50boUUBWz7xrAOkp/P87G5enx2/BPAtWR+codlxCZHKye1FmyUHQ/2k/iHngxk0LzM3bg2D2ntslrH71MjUXx6u/f7veWUxAyFduP81EQU9TLASe1YbF5jPEi2kAEOMp+MCAtCkZR4MpOO8oPiT5pdFx4yvfKNrMY3s5bfooxUv+12Zz5J0ny4s8R0cb5Rbg3SbjCTKwDxjlF90YZjF57rMdsV3wZtYvKDAAzHzdm7vRwgyv/mpRq0u6wFebQJRi6mwT0q6sBSuNnwplte0FsSfNTJL7gNCXlDEtU9+knsz7UvLBoBstkw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 03 Feb 2024 13:22:27 GMT; Max-Age=31536000; Secure
bm_sz=84C5540C394BEA80FDF09D46B6CCA0C5~YAAQjGpkX7L5vMKFAQAACFBxFxJSm1TAKaCVYwm1iW3RDdTa1J8RrAfP0mvD+adjz0sBKkBuZZOtfr8Q6vj0io/dBVdVfVPohFDw+bE0HGfs2YIkD4vLwOZSKAvieeIeWBR3FGnbEgT/dXMMbTQaSfBx5HOCppZPAek0TXXdhXqF0GlD9rCXJUFesgn0pgU+PPkuOvk7KG4wXKt8Wg1RTPmBK2VTc2rhXv+wMtTUHuzCC5G33rZ8X+Qv3D3/iRVrDO2dDkaxR938oS+EBhNH1MPDGym6TaOenAlM3ubLRjAkogTx9Ds1~3553074~3486774; Domain=.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 17:22:27 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a93_VM-ARN-01cnE31_15447-42738

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
636897389814ca4d23aa4009b8fb1458
14394dbd8f0e226b71e1bd35c6da2278828feae4
85bcc6e816cf5ea2028e9dc4862f3de068d0606949b3fef3fcc5b32fab37ad86

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:22:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578071&offerType=iaRendered&slotId=WF_BIZ_HP_PRIMARY_BNR&offerId=B_oth_sbdigitalrsvp_bishpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-253922-16%7Etcm%3A91-223657-32

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578071&offerType=iaRendered&slotId=WF_BIZ_HP_PRIMARY_BNR&offerId=B_oth_sbdigitalrsvp_bishpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-253922-16%7Etcm%3A91-223657-32
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo
quad9	Sinkholed

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578071&offerType=iaRendered&slotId=WF_BIZ_HP_PRIMARY_BNR&offerId=B_oth_sbdigitalrsvp_bishpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-253922-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=; utag_main=v_id:01861771c0f10009385d58c40d5e00050003e00900918$_sn:1$_se:2$_ss:0$_st:1675432377773$ses_id:1675430576369%3Bexp-session$_pn:1%3Bexp-session; __ts_xfdF3__=196145771; dti_apg=%7B%22_rt%22%3A%22DQMZTop0gxDL8CmqoSK2w7daN%2FGP6y%2BR4h151ByrpZU%3D%22%2C%22_s%22%3A%22RhsKIrNG%22%2C%22c%22%3A%22OVo5MjA5Z0tlbVdUMTJwUA%3D%3DE-FCRKZn6JF1qRIkuVyEJTDZOh6qzIq4kHmSuCKKdO-Z55u9bhLds5eL1t6Q7A9co6v3yhAagGvypbwYQCpIIHP77TecqNN6VTg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C07977065565064540773850642839419703888%7CMCAAMLH-1676035377%7C6%7CMCAAMB-1676035377%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1597964350%7CMCOPTOUT-1675437777s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=960445f0-f750-4d3f-97ed-7d764052fd93; _cls_s=6436cc74-5d93-4597-a89a-188a77326dcb:0; _ga=GA1.2.1632986498.1675430578; _gid=GA1.2.352498750.1675430578; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:27 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 02 Feb 2023 13:22:27 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=nsVmMqIlEPz%2feqRDGwLw2qD7zspc26dUlnTnXsdISvE%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a93_VM-ARN-01cnE31_15467-37006

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578076&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A283-238607-16%7Etcm%3A91-228643-32

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578076&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A283-238607-16%7Etcm%3A91-228643-32
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo
quad9	Sinkholed

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578076&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A283-238607-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=; utag_main=v_id:01861771c0f10009385d58c40d5e00050003e00900918$_sn:1$_se:2$_ss:0$_st:1675432377773$ses_id:1675430576369%3Bexp-session$_pn:1%3Bexp-session; __ts_xfdF3__=196145771; dti_apg=%7B%22_rt%22%3A%22DQMZTop0gxDL8CmqoSK2w7daN%2FGP6y%2BR4h151ByrpZU%3D%22%2C%22_s%22%3A%22RhsKIrNG%22%2C%22c%22%3A%22OVo5MjA5Z0tlbVdUMTJwUA%3D%3DE-FCRKZn6JF1qRIkuVyEJTDZOh6qzIq4kHmSuCKKdO-Z55u9bhLds5eL1t6Q7A9co6v3yhAagGvypbwYQCpIIHP77TecqNN6VTg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C07977065565064540773850642839419703888%7CMCAAMLH-1676035377%7C6%7CMCAAMB-1676035377%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1597964350%7CMCOPTOUT-1675437777s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=960445f0-f750-4d3f-97ed-7d764052fd93; _cls_s=6436cc74-5d93-4597-a89a-188a77326dcb:0; _ga=GA1.2.1632986498.1675430578; _gid=GA1.2.352498750.1675430578; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:27 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 02 Feb 2023 13:22:27 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=Uy8HF8e6AqeIdPhSv0SKLX4xQ8ireeTNtR0bNq8nJEo%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a93_VM-ARN-01cnE31_15497-37634

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1675430578093&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=1

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1675430578093&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=1
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo
quad9	Sinkholed

HTTP Headers

GET /assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1675430578093&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=1 HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=; utag_main=v_id:01861771c0f10009385d58c40d5e00050003e00900918$_sn:1$_se:2$_ss:0$_st:1675432377773$ses_id:1675430576369%3Bexp-session$_pn:1%3Bexp-session; __ts_xfdF3__=196145771; dti_apg=%7B%22_rt%22%3A%22DQMZTop0gxDL8CmqoSK2w7daN%2FGP6y%2BR4h151ByrpZU%3D%22%2C%22_s%22%3A%22RhsKIrNG%22%2C%22c%22%3A%22OVo5MjA5Z0tlbVdUMTJwUA%3D%3DE-FCRKZn6JF1qRIkuVyEJTDZOh6qzIq4kHmSuCKKdO-Z55u9bhLds5eL1t6Q7A9co6v3yhAagGvypbwYQCpIIHP77TecqNN6VTg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C07977065565064540773850642839419703888%7CMCAAMLH-1676035377%7C6%7CMCAAMB-1676035377%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1597964350%7CMCOPTOUT-1675437777s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=960445f0-f750-4d3f-97ed-7d764052fd93; _cls_s=6436cc74-5d93-4597-a89a-188a77326dcb:0; _ga=GA1.2.1632986498.1675430578; _gid=GA1.2.352498750.1675430578; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:27 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 02 Feb 2023 13:22:27 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=JpTUjM1Jxk3PWRyhkP0+GJNN%2fg4eLJ75%2fXc5ZNFwq08%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a93_VM-ARN-01cnE31_15569-59904

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578098&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A283-238608-16%7Etcm%3A91-228643-32

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578098&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A283-238608-16%7Etcm%3A91-228643-32
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo
quad9	Sinkholed

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578098&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A283-238608-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=; utag_main=v_id:01861771c0f10009385d58c40d5e00050003e00900918$_sn:1$_se:2$_ss:0$_st:1675432377773$ses_id:1675430576369%3Bexp-session$_pn:1%3Bexp-session; __ts_xfdF3__=196145771; dti_apg=%7B%22_rt%22%3A%22DQMZTop0gxDL8CmqoSK2w7daN%2FGP6y%2BR4h151ByrpZU%3D%22%2C%22_s%22%3A%22RhsKIrNG%22%2C%22c%22%3A%22OVo5MjA5Z0tlbVdUMTJwUA%3D%3DE-FCRKZn6JF1qRIkuVyEJTDZOh6qzIq4kHmSuCKKdO-Z55u9bhLds5eL1t6Q7A9co6v3yhAagGvypbwYQCpIIHP77TecqNN6VTg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C07977065565064540773850642839419703888%7CMCAAMLH-1676035377%7C6%7CMCAAMB-1676035377%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1597964350%7CMCOPTOUT-1675437777s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=960445f0-f750-4d3f-97ed-7d764052fd93; _cls_s=6436cc74-5d93-4597-a89a-188a77326dcb:0; _ga=GA1.2.1632986498.1675430578; _gid=GA1.2.352498750.1675430578; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:27 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 02 Feb 2023 13:22:27 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=KoYQIUejhjhS8AFdah%2fJxbawUoMY8JSQlETd3uMbcZ8UhIhbZUXlQc00tnQtrZVX; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a93_VM-ARN-01cnE31_15583-40276

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578057&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A283-226480-16%7Etcm%3A91-226306-32

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578057&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A283-226480-16%7Etcm%3A91-226306-32
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo
quad9	Sinkholed

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578057&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A283-226480-16%7Etcm%3A91-226306-32 HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=; utag_main=v_id:01861771c0f10009385d58c40d5e00050003e00900918$_sn:1$_se:2$_ss:0$_st:1675432377773$ses_id:1675430576369%3Bexp-session$_pn:1%3Bexp-session; __ts_xfdF3__=196145771; dti_apg=%7B%22_rt%22%3A%22DQMZTop0gxDL8CmqoSK2w7daN%2FGP6y%2BR4h151ByrpZU%3D%22%2C%22_s%22%3A%22RhsKIrNG%22%2C%22c%22%3A%22OVo5MjA5Z0tlbVdUMTJwUA%3D%3DE-FCRKZn6JF1qRIkuVyEJTDZOh6qzIq4kHmSuCKKdO-Z55u9bhLds5eL1t6Q7A9co6v3yhAagGvypbwYQCpIIHP77TecqNN6VTg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C07977065565064540773850642839419703888%7CMCAAMLH-1676035377%7C6%7CMCAAMB-1676035377%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1597964350%7CMCOPTOUT-1675437777s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=960445f0-f750-4d3f-97ed-7d764052fd93; _cls_s=6436cc74-5d93-4597-a89a-188a77326dcb:0; _ga=GA1.2.1632986498.1675430578; _gid=GA1.2.352498750.1675430578; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:27 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 02 Feb 2023 13:22:27 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=zPXNqJN%2fFC2ZXdGxd%2fl0+af5snmB5bSBWeaccFJhoRc%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a93_VM-ARN-01cnE31_15569-59899

rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=6436cc74-5d93-4597-a89a-188a77326dcb:0&_cls_v=960445f0-f750-4d3f-97ed-7d764052fd93&pid=9c1f55e2-9139-4a8a-b108-06f97a397542&sn=1&cfg&pv=2&aid=

95.101.10.104

200 OK

1.1 kB

URL HTTP/1.1
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=6436cc74-5d93-4597-a89a-188a77326dcb:0&_cls_v=960445f0-f750-4d3f-97ed-7d764052fd93&pid=9c1f55e2-9139-4a8a-b108-06f97a397542&sn=1&cfg&pv=2&aid=
IP
95.101.10.104:0
ASN
#20940 Akamai International B.V.

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (4922), with no line terminators
Size
1.1 kB (1075 bytes)
Hash
4cdea2f7cfb54cd1e609c2fdfcecfd3a
a440ecdd4433c09dc7adfbac5e23d36f728d1626
759f9114baddfd4bf89ba879319b607746038bba45aeb5652763d79d03538780

HTTP Headers

POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=6436cc74-5d93-4597-a89a-188a77326dcb:0&_cls_v=960445f0-f750-4d3f-97ed-7d764052fd93&pid=9c1f55e2-9139-4a8a-b108-06f97a397542&sn=1&cfg&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 2940
Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Cookie: _cls_v=960445f0-f750-4d3f-97ed-7d764052fd93; _cls_s=6436cc74-5d93-4597-a89a-188a77326dcb:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1075
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Fri, 03 Feb 2023 13:22:27 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=de760e43; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!pe2+udwKV0uGgULpnNE5eVRfS7HzY2YigX0FTbbTHfEChelqD/rVR7MaoDy5qGZJKPsP+4j/iPxJCA==; path=/; Httponly; Secure
DCID=pmKe0+Y1XHFkxpxmx7fZtYf8WVrFKINN62g%2fMCs5df7yCzgqqIt2RAFsBGq6X9+X; Domain=rubicon.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0c15fd84f4711d994724c35236542194
c47d77fe5b373a86bd9a116bd8baac07ec746add
a210a4599baaa980674b456f020282cd470559b319be263fdcf9eaec7cff0d3b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:22:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
471f739744173e022e110a4fc51b049c
275673a1b3848aa5dc145deb640ef5174a2e86b1
b198b2c09b77fd1c2626b904b6ce277582f7a4fef9b0c9605eadbb969b23c07b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1727
Cache-Control: max-age=99119
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:22:27 GMT
Etag: "63dbe403-1d7"
Expires: Sat, 04 Feb 2023 16:54:26 GMT
Last-Modified: Thu, 02 Feb 2023 16:25:39 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
471f739744173e022e110a4fc51b049c
275673a1b3848aa5dc145deb640ef5174a2e86b1
b198b2c09b77fd1c2626b904b6ce277582f7a4fef9b0c9605eadbb969b23c07b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5412
Cache-Control: max-age=102804
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:22:27 GMT
Etag: "63dbe403-1d7"
Expires: Sat, 04 Feb 2023 17:55:51 GMT
Last-Modified: Thu, 02 Feb 2023 16:25:39 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471

adservice.google.com/ddm/fls/i/src=2549153;type=bisf90;cat=all_a0;ord=8590137260895;gtm=2od8g0;auiddc=129369994.1675430578;u1=1120230203052224886989156;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F

142.250.74.98

200 OK

319 B

URL HTTP/2
adservice.google.com/ddm/fls/i/src=2549153;type=bisf90;cat=all_a0;ord=8590137260895;gtm=2od8g0;auiddc=129369994.1675430578;u1=1120230203052224886989156;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F
IP
142.250.74.98:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (554), with no line terminators
Size
319 B (319 bytes)
Hash
3d9e49fb7ff5194621c8c89081c0eaf1
a41011750eda8b7e76d25c3846254018d054b5d4
6b31ec280412480641b587d251c50c75d9e75147c20505023f6b6b5894d78542

HTTP Headers

GET /ddm/fls/i/src=2549153;type=bisf90;cat=all_a0;ord=8590137260895;gtm=2od8g0;auiddc=129369994.1675430578;u1=1120230203052224886989156;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2549153.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 03 Feb 2023 13:22:27 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 319
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0c15fd84f4711d994724c35236542194
c47d77fe5b373a86bd9a116bd8baac07ec746add
a210a4599baaa980674b456f020282cd470559b319be263fdcf9eaec7cff0d3b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:22:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tag-wellsfargo.nod-glb.nuance.com/tagserver/frame-bridge.js

8.39.193.5

200 OK

5.9 kB

URL HTTP/1.1
tag-wellsfargo.nod-glb.nuance.com/tagserver/frame-bridge.js
IP
8.39.193.5:0
ASN
#54396 NUANCE-MOBILITY

File type
ASCII text
Size
5.9 kB (5926 bytes)
Hash
0ceb2e3aaf3130b64517eee5e5583179
49fb8fbb16b1585e19a8911f59cd7ea234c5b607
9d486489da6c1ff7c439641bc384a2e0c9e4da32c2ab73f71d1fffc4bacefc5b

HTTP Headers

GET /tagserver/frame-bridge.js HTTP/1.1
Host: tag-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/tagserver/nuanceChat.html?UUID=WF_10006005
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: max-age=3600
P3P: policyref="http://tag-wellsfargo.nod-glb.nuance.com/w3c/p3p.xml", CP="NON DSP LAW CUR ADMi TAIi PSAi PSD TELi OUR SAMi IND
ETag: "+YmUhczVC0A"
Last-Modified: Wed, 18 Jan 2023 03:47:27 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/javascript
Content-Length: 5926
Date: Fri, 03 Feb 2023 13:22:27 GMT

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578107&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A283-238609-16%7Etcm%3A91-228643-32

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578107&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A283-238609-16%7Etcm%3A91-228643-32
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo
quad9	Sinkholed

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578107&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A283-238609-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=; utag_main=v_id:01861771c0f10009385d58c40d5e00050003e00900918$_sn:1$_se:2$_ss:0$_st:1675432377773$ses_id:1675430576369%3Bexp-session$_pn:1%3Bexp-session; __ts_xfdF3__=196145771; dti_apg=%7B%22_rt%22%3A%22DQMZTop0gxDL8CmqoSK2w7daN%2FGP6y%2BR4h151ByrpZU%3D%22%2C%22_s%22%3A%22RhsKIrNG%22%2C%22c%22%3A%22OVo5MjA5Z0tlbVdUMTJwUA%3D%3DE-FCRKZn6JF1qRIkuVyEJTDZOh6qzIq4kHmSuCKKdO-Z55u9bhLds5eL1t6Q7A9co6v3yhAagGvypbwYQCpIIHP77TecqNN6VTg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C07977065565064540773850642839419703888%7CMCAAMLH-1676035377%7C6%7CMCAAMB-1676035377%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1597964350%7CMCOPTOUT-1675437777s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=960445f0-f750-4d3f-97ed-7d764052fd93; _cls_s=6436cc74-5d93-4597-a89a-188a77326dcb:0; _ga=GA1.2.1632986498.1675430578; _gid=GA1.2.352498750.1675430578; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:27 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 02 Feb 2023 13:22:27 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=pYbGPlP8doNiQC%2fMbmbKDsSRFyxUJvdLBbtUyygbiuY%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a93_VM-ARN-01cnE31_15467-37007

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578115&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A283-238610-16%7Etcm%3A91-228643-32

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578115&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A283-238610-16%7Etcm%3A91-228643-32
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo
quad9	Sinkholed

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1675430578115&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A283-238610-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=; utag_main=v_id:01861771c0f10009385d58c40d5e00050003e00900918$_sn:1$_se:2$_ss:0$_st:1675432377773$ses_id:1675430576369%3Bexp-session$_pn:1%3Bexp-session; __ts_xfdF3__=196145771; dti_apg=%7B%22_rt%22%3A%22DQMZTop0gxDL8CmqoSK2w7daN%2FGP6y%2BR4h151ByrpZU%3D%22%2C%22_s%22%3A%22RhsKIrNG%22%2C%22c%22%3A%22OVo5MjA5Z0tlbVdUMTJwUA%3D%3DE-FCRKZn6JF1qRIkuVyEJTDZOh6qzIq4kHmSuCKKdO-Z55u9bhLds5eL1t6Q7A9co6v3yhAagGvypbwYQCpIIHP77TecqNN6VTg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C07977065565064540773850642839419703888%7CMCAAMLH-1676035377%7C6%7CMCAAMB-1676035377%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1597964350%7CMCOPTOUT-1675437777s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=960445f0-f750-4d3f-97ed-7d764052fd93; _cls_s=6436cc74-5d93-4597-a89a-188a77326dcb:0; _ga=GA1.2.1632986498.1675430578; _gid=GA1.2.352498750.1675430578; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:27 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 02 Feb 2023 13:22:27 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=9p%2fyz3rYOjYb+MvkeRRlDGZL8xhyApqaILHpm9VT99I%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a93_VM-ARN-01cnE31_15569-59908

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1675430578119&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=4

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1675430578119&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=4
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo
quad9	Sinkholed

HTTP Headers

GET /assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1675430578119&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=4 HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=; utag_main=v_id:01861771c0f10009385d58c40d5e00050003e00900918$_sn:1$_se:2$_ss:0$_st:1675432377773$ses_id:1675430576369%3Bexp-session$_pn:1%3Bexp-session; __ts_xfdF3__=196145771; dti_apg=%7B%22_rt%22%3A%22DQMZTop0gxDL8CmqoSK2w7daN%2FGP6y%2BR4h151ByrpZU%3D%22%2C%22_s%22%3A%22RhsKIrNG%22%2C%22c%22%3A%22OVo5MjA5Z0tlbVdUMTJwUA%3D%3DE-FCRKZn6JF1qRIkuVyEJTDZOh6qzIq4kHmSuCKKdO-Z55u9bhLds5eL1t6Q7A9co6v3yhAagGvypbwYQCpIIHP77TecqNN6VTg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C07977065565064540773850642839419703888%7CMCAAMLH-1676035377%7C6%7CMCAAMB-1676035377%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1597964350%7CMCOPTOUT-1675437777s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=960445f0-f750-4d3f-97ed-7d764052fd93; _cls_s=6436cc74-5d93-4597-a89a-188a77326dcb:0; _ga=GA1.2.1632986498.1675430578; _gid=GA1.2.352498750.1675430578; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:27 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 02 Feb 2023 13:22:27 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=YW1gPwwShWUJK9Ton+1Np27nm7XzTAYd6xG3D8wtZos%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a93_VM-ARN-01cnE31_15583-40280

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1675430578111&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=3

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1675430578111&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=3
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo
quad9	Sinkholed

HTTP Headers

GET /assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1675430578111&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=3 HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=; utag_main=v_id:01861771c0f10009385d58c40d5e00050003e00900918$_sn:1$_se:2$_ss:0$_st:1675432377773$ses_id:1675430576369%3Bexp-session$_pn:1%3Bexp-session; __ts_xfdF3__=196145771; dti_apg=%7B%22_rt%22%3A%22DQMZTop0gxDL8CmqoSK2w7daN%2FGP6y%2BR4h151ByrpZU%3D%22%2C%22_s%22%3A%22RhsKIrNG%22%2C%22c%22%3A%22OVo5MjA5Z0tlbVdUMTJwUA%3D%3DE-FCRKZn6JF1qRIkuVyEJTDZOh6qzIq4kHmSuCKKdO-Z55u9bhLds5eL1t6Q7A9co6v3yhAagGvypbwYQCpIIHP77TecqNN6VTg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C07977065565064540773850642839419703888%7CMCAAMLH-1676035377%7C6%7CMCAAMB-1676035377%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1597964350%7CMCOPTOUT-1675437777s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=960445f0-f750-4d3f-97ed-7d764052fd93; _cls_s=6436cc74-5d93-4597-a89a-188a77326dcb:0; _ga=GA1.2.1632986498.1675430578; _gid=GA1.2.352498750.1675430578; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:27 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 02 Feb 2023 13:22:27 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=u63gqg86UJRT5kjXa741XalYvQYLuUYk%2fW36P%2fVgAyOpPMQcQ9r8IQ%2faqw7Gdclz; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a93_VM-ARN-01cnE31_15497-37636

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2bef39ac599211fe23ad884ceacf1c9b
c19b32a600412658c49a3e55d5d8353a5101c31d
0ff4181df99351d3aa3490540d2f19474531fb07e13ee457b9339efab1a47ad9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:22:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

adservice.google.no/ddm/fls/i/src=2549153;type=bisf90;cat=all_a0;ord=8590137260895;gtm=2od8g0;auiddc=129369994.1675430578;u1=1120230203052224886989156;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F

142.250.74.162

200 OK

85 B

URL HTTP/2
adservice.google.no/ddm/fls/i/src=2549153;type=bisf90;cat=all_a0;ord=8590137260895;gtm=2od8g0;auiddc=129369994.1675430578;u1=1120230203052224886989156;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
85 B (85 bytes)
Hash
4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb

HTTP Headers

GET /ddm/fls/i/src=2549153;type=bisf90;cat=all_a0;ord=8590137260895;gtm=2od8g0;auiddc=129369994.1675430578;u1=1120230203052224886989156;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 03 Feb 2023 13:22:27 GMT
expires: Fri, 03 Feb 2023 13:22:27 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

connect.secure.wellsfargo.com/PIDO/pic.js?r=0.016323468261771223

95.101.10.194

200 OK

51 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/PIDO/pic.js?r=0.016323468261771223
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
51 kB (51102 bytes)
Hash
aa32742db6f02a72cfe746aeeaa0bf27
874764f31bdb5a9af55d78ba3aa458d36fc82a2e
5fb7b764720a09d96c8d904464a3146090c880006cf02ace5cd502fcee03f4b9

HTTP Headers

GET /PIDO/pic.js?r=0.016323468261771223 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 51102
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 03 Feb 2023 13:22:27 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=xWR3fz4sTszSQo4mfIg0dmCbAAlU4lQGUjMc3JQPjY9OYMZOsBoUDd2tCpv3RdQy; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

connect.secure.wellsfargo.com/AIDO/glu.js

95.101.10.194

200 OK

37 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/AIDO/glu.js
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
37 kB (37088 bytes)
Hash
683627ea3f477f5973b8fcb5876b7bdc
65b3949b6447fbd588a9de330adab26fc4830591
3a952c9606dc722b21866ef35e1f032f02144b0ca8b5c26632ddc08e85efbd66

HTTP Headers

GET /AIDO/glu.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 37088
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, OPTIONS
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Encoding: gzip
Date: Fri, 03 Feb 2023 13:22:27 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=%2fdjnTbyKFTuCE5lzzCLXqnq4RQ8Ctct2rNfV2VU6%2fLqwB+Hcjh1uA4pY2ljuRmIC; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2bef39ac599211fe23ad884ceacf1c9b
c19b32a600412658c49a3e55d5d8353a5101c31d
0ff4181df99351d3aa3490540d2f19474531fb07e13ee457b9339efab1a47ad9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:22:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1675430578102&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=2

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1675430578102&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=2
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo
quad9	Sinkholed

HTTP Headers

GET /assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1675430578102&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=2 HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=; utag_main=v_id:01861771c0f10009385d58c40d5e00050003e00900918$_sn:1$_se:2$_ss:0$_st:1675432377773$ses_id:1675430576369%3Bexp-session$_pn:1%3Bexp-session; __ts_xfdF3__=196145771; dti_apg=%7B%22_rt%22%3A%22DQMZTop0gxDL8CmqoSK2w7daN%2FGP6y%2BR4h151ByrpZU%3D%22%2C%22_s%22%3A%22RhsKIrNG%22%2C%22c%22%3A%22OVo5MjA5Z0tlbVdUMTJwUA%3D%3DE-FCRKZn6JF1qRIkuVyEJTDZOh6qzIq4kHmSuCKKdO-Z55u9bhLds5eL1t6Q7A9co6v3yhAagGvypbwYQCpIIHP77TecqNN6VTg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C07977065565064540773850642839419703888%7CMCAAMLH-1676035377%7C6%7CMCAAMB-1676035377%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1597964350%7CMCOPTOUT-1675437777s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=960445f0-f750-4d3f-97ed-7d764052fd93; _cls_s=6436cc74-5d93-4597-a89a-188a77326dcb:0; _ga=GA1.2.1632986498.1675430578; _gid=GA1.2.352498750.1675430578; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:28 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 02 Feb 2023 13:22:27 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=5+JgyMIFq8qV+3+KOp6mYuai0Aj5pt06RI7CHXAgiXbzYjfD2YUC5oW0bJDOsqIR; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a93_VM-ARN-01cnE31_15447-42748

connect.secure.wellsfargo.com/jenny/nd

95.101.10.194

200 OK

18 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/jenny/nd
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (2293)
Size
18 kB (18062 bytes)
Hash
dd83762db360a69055ff6e598d209289
518e71660ca0da35c42df3213f0a6d2384fc927e
05f9e586c2312bcc895608f81fea1ae54b347315fd5d27897269e96a65c6a85d

HTTP Headers

GET /jenny/nd HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/javascript;charset=ISO-8859-1
Content-Length: 18062
Date: Fri, 03 Feb 2023 13:22:28 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:55|g:f4f4211c-8f83-4934-913d-26804a91d663; Expires=Fri, 03-Feb-2023 13:22:57 GMT; Path=/; Secure
ADRUM_BTa=R:55|g:f4f4211c-8f83-4934-913d-26804a91d663|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 03-Feb-2023 13:22:57 GMT; Path=/; Secure
SameSite=None; Expires=Fri, 03-Feb-2023 13:22:57 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812; Expires=Fri, 03-Feb-2023 13:22:57 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812|e:3; Expires=Fri, 03-Feb-2023 13:22:57 GMT; Path=/; Secure
ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=dDEjdRcdWDVCjjtyz6EV1gsmsoFf9%2fAqmVbuC2Ovr8a%2fRgD1xFD7UXsuQI9H%2fkh%2f; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:27 GMT;Httponly; Secure
_abck=8E7A5E6920DE5CD5936B5642DDEE2EE2~-1~YAAQvgplX9zoBxaGAQAAq1JxFwmDOrwAmh2nsj6Lss0lF3qswm+PqRN6GYRgHt8rRx9MgX2knlkaewD5iF7iw+7WOMXb7r3gVB7saq+ZZZ6j20p8IE2DKpkRqcptTR/l+nvu8Wa3rW1fVJ6JNJKhmJv1mQXhUbWEFOuH1q7Fosh78vvN6k0i+npEIU82bAldVsaDXo5bFQ+ophnFVXXa+1JhE1ko5FE8RUmRMQ1vnFDaSQ1s3jTLpKybfZkP8e5VaRbS63UlQG/Jvm0tQ4M9+d5yg1dsL//OjTuQDs8to9lWJDvl/QM0VF1d8STZxCcimzxyhlVVRwDat/YUPeFc3TJNHrTqtT3kjNXnJFMnQEr2sRU6lISd1J0xZMIosij5sQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 03 Feb 2024 13:22:28 GMT; Max-Age=31536000; Secure
bm_sz=B692395F6DC8631C29DC74A12E086659~YAAQvgplX93oBxaGAQAAq1JxFxIqR+cLld8u1WeWIU9xkymNg/so/9dmNJ5r/oxxf9CJYfBTq2avnq77ghsox67PwuEKDTKhOJGK/0gaUg24WXSGi8+dDLMxm44gqybSDAikeNcZI2yYY1oUMszQgx+lp0RUrzLOY5EL73vEFpveHTIx2TUijz1Qhoarp6VnHMACLydPRL+xBDpgoR0dcEE2fPi8bQmF/P+OJyWPBEBpXfBRV1vGDB11izou5cMDz7bocZeOPHw3waQoUPSnw6nK718BjhQ4TLc4vUZMxOg4tuiEF9Xf~3486534~4600644; Domain=.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 17:22:27 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50

44.235.235.178

200 OK

2.0 kB

URL HTTP/2
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
IP
44.235.235.178:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
2.0 kB (2032 bytes)
Hash
61f130b6a379e230c5bdf2a1a517b89a
71541e1d2f9a372711740342a30aeb0a2ef0206a
0641d55cde6e5db85867bb5e9d3ad30d64b150f1b0a7a2bc17cc42a169d8fd86

HTTP Headers

GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 03 Feb 2023 13:22:27 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2

pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51

44.235.235.178

200 OK

116 B

URL HTTP/2
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
IP
44.235.235.178:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
116 B (116 bytes)
Hash
ac895a6eaa24042c38802794a6c3d733
0745cf65c49487e5a0229405efa2d5b2053dbd78
f087c40975438d2d8001f70e79c09a83c529e0985fd2b80291a87ef9db6af19b

HTTP Headers

GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 03 Feb 2023 13:22:27 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
4cf0ccf2909be74efd7a89dbe4228ffb
b4993da334b48312584d116a3de4be4cd71962cf
e81c8aa45d0707079d9eba798fb447059042453be4834d14467839688ca66f5d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 13:22:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1632986498.1675430578&jid=1659524041&_u=4GBACUAABAAAAC~&z=919641752

142.250.74.67

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1632986498.1675430578&jid=1659524041&_u=4GBACUAABAAAAC~&z=919641752
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1632986498.1675430578&jid=1659524041&_u=4GBACUAABAAAAC~&z=919641752 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 03 Feb 2023 13:22:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1675430578533&cv=9&fst=1675430578533&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&tiba=Servicios%20bancarios%2C%20pr%C3%A9stamos%20e%20informaci%C3%B3n%20para%20peque%C3%B1as%20empresas%20%7C%20Wells%20Fargo&hn=www.google.com&async=1

172.217.21.162

302 Found

42 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1675430578533&cv=9&fst=1675430578533&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&tiba=Servicios%20bancarios%2C%20pr%C3%A9stamos%20e%20informaci%C3%B3n%20para%20peque%C3%B1as%20empresas%20%7C%20Wells%20Fargo&hn=www.google.com&async=1
IP
172.217.21.162:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/viewthroughconversion/984436569/?random=1675430578533&cv=9&fst=1675430578533&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&tiba=Servicios%20bancarios%2C%20pr%C3%A9stamos%20e%20informaci%C3%B3n%20para%20peque%C3%B1as%20empresas%20%7C%20Wells%20Fargo&hn=www.google.com&async=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 03 Feb 2023 13:22:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-user-list/984436569/?random=1675430578533&cv=9&fst=1675429200000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--8n49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&tiba=Servicios%20bancarios%2C%20pr%C3%A9stamos%20e%20informaci%C3%B3n%20para%20peque%C3%B1as%20empresas%20%7C%20Wells%20Fargo&async=1&is_vtc=1&random=1049267116&resp=GooglemKTybQhCsO
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 03-Feb-2023 13:37:28 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1632986498.1675430578&jid=1659524041&_u=4GBACUAABAAAAC~&z=919641752

142.250.74.164

200 OK

42 B

URL HTTP/2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1632986498.1675430578&jid=1659524041&_u=4GBACUAABAAAAC~&z=919641752
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1632986498.1675430578&jid=1659524041&_u=4GBACUAABAAAAC~&z=919641752 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 03 Feb 2023 13:22:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

media-wellsfargo.nod-glb.nuance.com/media/launch/sdkChatLoader.min.js?codeVersion=1674015550273

8.39.193.5

200 OK

2.3 kB

URL HTTP/1.1
media-wellsfargo.nod-glb.nuance.com/media/launch/sdkChatLoader.min.js?codeVersion=1674015550273
IP
8.39.193.5:0
ASN
#54396 NUANCE-MOBILITY

File type
ASCII text, with very long lines (7108), with no line terminators
Size
2.3 kB (2292 bytes)
Hash
69248df2e4cd19badf361961108eec5e
86054d9394816797a159f91274bf9c97033a9024
4879bdd8f9d0bd0597e5df3170a4164ca2ca3aaab294b91dd49332db9d36f290

HTTP Headers

GET /media/launch/sdkChatLoader.min.js?codeVersion=1674015550273 HTTP/1.1
Host: media-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
ETag: "6Cu8yUJ1UkL"
Last-Modified: Wed, 18 Jan 2023 03:50:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/javascript
Content-Length: 2292
Date: Fri, 03 Feb 2023 13:22:28 GMT

pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum

44.235.235.178

200 OK

32 kB

URL HTTP/2
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP
44.235.235.178:0
ASN
#16509 AMAZON-02

File type
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)\012- data
Size
32 kB (32436 bytes)
Hash
d37160d20ada9de097bfe1059ac0d098
f83084b91d72fa47ee334af8cdb6fcc2bb411426
71b1ae42106c2bf91f92ac35c1b310131c5623be24e748c4b6776b1f053dab7f

HTTP Headers

POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 12520
Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 13:22:28 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:55|g:22988ec3-2e2c-4bdb-93a8-47182a2a800e; Path=/; Expires=Fri, 03-Feb-2023 13:22:58 GMT; Max-Age=30
ADRUM_BTa=R:55|g:22988ec3-2e2c-4bdb-93a8-47182a2a800e|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e; Path=/; Expires=Fri, 03-Feb-2023 13:22:58 GMT; Max-Age=30
SameSite=None; Path=/; Expires=Fri, 03-Feb-2023 13:22:58 GMT; Max-Age=30; Secure
ADRUM_BT1=R:55|i:559461; Path=/; Expires=Fri, 03-Feb-2023 13:22:58 GMT; Max-Age=30
ADRUM_BT1=R:55|i:559461|e:12; Path=/; Expires=Fri, 03-Feb-2023 13:22:58 GMT; Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip

163.171.134.56

200 OK

134 B

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
134 B (134 bytes)
Hash
913cdc5e5fc29de09dd33e6e0d9bb3ef
e348e5afe28f5d4ff2d4402aa6d38c12f68e7bd0
788ac49d6916d0c7b6c4da33de44d0ba0cf59ddc1fe61903fcf86dd7e731fa71

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

POST /dti_apg/api/dip/v1/dip HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
ADRUM: isAjax:true
Content-Length: 2024
Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=; utag_main=v_id:01861771c0f10009385d58c40d5e00050003e00900918$_sn:1$_se:2$_ss:0$_st:1675432377773$ses_id:1675430576369%3Bexp-session$_pn:1%3Bexp-session; __ts_xfdF3__=196145771; dti_apg=%7B%22_rt%22%3A%22DQMZTop0gxDL8CmqoSK2w7daN%2FGP6y%2BR4h151ByrpZU%3D%22%2C%22_s%22%3A%22RhsKIrNG%22%2C%22c%22%3A%22OVo5MjA5Z0tlbVdUMTJwUA%3D%3DE-FCRKZn6JF1qRIkuVyEJTDZOh6qzIq4kHmSuCKKdO-Z55u9bhLds5eL1t6Q7A9co6v3yhAagGvypbwYQCpIIHP77TecqNN6VTg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C07977065565064540773850642839419703888%7CMCAAMLH-1676035377%7C6%7CMCAAMB-1676035377%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1597964350%7CMCOPTOUT-1675437777s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=960445f0-f750-4d3f-97ed-7d764052fd93; _cls_s=6436cc74-5d93-4597-a89a-188a77326dcb:0; _ga=GA1.2.1632986498.1675430578; _gid=GA1.2.352498750.1675430578; _gat_gtag_UA_107148943_1=1; _gcl_au=1.1.129369994.1675430578; LSESSIONID=eyJpIjoiSWE2cDdXMDVPaGFNN0dBY0lubFJBQT09IiwiZSI6IjV6cjVJOFlFNEg0Y05iOTBNdVlCcDZXWk45UnVFb3l1ZHFlbWJPVFV6dW40TEpiN0FCQjdOYnNuWnhwaHlcL1QwMGVkVmMxTGloWEtsMkROTDk4dDBkRUZuMVdaOGphb0crbzJEdTFuaG9Fbkx0UmlXZWVzaTJCNkJwQUgxSDI4TTZwUUhsS1BXcm80aHBrWkhXTUhyaVE9PSJ9.9a5aaed72110a85b.NzM5NjMzZDNlNWFiYTcyODcwOThhMzFhZmNmYjBiZmZlNTI2OTdhNGFmNTEyZjhhZmYyNGE0ZTZjYTk5ZjFjNw%3D%3D; ndsid=ndsatpf94qbr9goldok3wnw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:28 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 134
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
x-envoy-upstream-service-time: 10
X-Akamai-Transformed: 9 206 0 pmb=mTOE,1
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=4KsXWyarLPdMVKNpfSXU+2Dv8KUwnNgEa5Ym247wvHw%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:28 GMT;Httponly; Secure
_abck=9A3EAE81E02CB0F5BD7919BAF6565368~-1~YAAQvWpkX160QsWFAQAA5lVxFwnDbMvs7bm7aGNbTYyjAl72Kr7E/sN7wDUKVl8nqbWgNtVHVR0/d78bH5184RSzX9UoEoUBpAAhwOpNmcXAhN56tlC5bPbV/pSqyqgGYS1OnbWC8J3sAas12/SY0U1y0GWxY/dolytySLIJPPKIAM7sX9JQKFf1qATo/kIMxSkb07TF7p0rIYrolNBu2stdLB412fBL5rUgAmLkfFyYwfOBBtr0cRIRh1nU2nofc6M8Ih7Ub4koJzGByRcV2koWqHth5aK7ydx42VFWTAtIfuLiXFZ54Kv4LD+atPWXxr7zeYzJoF+XHPzM8/6urBDNskrGq7lK+zA5wM/cIQqYLfkuL3gQm83fHBdSVN3VvA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 03 Feb 2024 13:22:28 GMT; Max-Age=31536000; Secure
bm_sz=E1BF9DAB1E4DD417998BFECF2C5ABBCA~YAAQvWpkX1+0QsWFAQAA5lVxFxIZcMY3j3w/185KSsS/L78mSpEsshIbW+td/Eez8/6iz5scPjNs4g2t9GNz9BMa39tFIsaOjkwW6/veXSTPWwyOqFGX/TLoqk++p6ZMSePT0qPq9H5GZXJInh+KljDugkdWrUBRlmIPLVK3gcUQCf3z+18ARF3a7zfaAVNiIs51wLkToAYJSSsRsxpOPXXvRwAt5sHJHyivE+iUqSzl6bfw33TUkDvt/KXw5EnOPzaNPB4a5L6KHufdBogvyzCShC54O7J7lEBjKjhvD5GzXQiRxCNk~3683125~3556912; Domain=.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 17:22:28 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01XDr43:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a94_VM-ARN-01cnE31_15467-37016

connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.3851586290100275

95.101.10.194

200 OK

149 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.3851586290100275
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
149 kB (149043 bytes)
Hash
eff72d1b34468cd8069b736a60ddb381
6197855dea8ddcd585b9f477fe0c660b991c045b
5c72986cd0f5a2efc4958b9a09b4c1af64ae50bf1d628603218d2f4df954d247

HTTP Headers

GET /AIDO/mint.js?dt=login&r=0.3851586290100275 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 149043
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 03 Feb 2023 13:22:28 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=MhLkobpGmvg%2fJByrmAqktghq8S%2fbNlaFqp07x%2fnymLHqMPoN4iHkhr6ozvzCaT6m; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

media-wellsfargo.nod-glb.nuance.com/media/launch/site_10006005_default_jssdk.js?codeVersion=1674015550273

8.39.193.5

200 OK

26 kB

URL HTTP/1.1
media-wellsfargo.nod-glb.nuance.com/media/launch/site_10006005_default_jssdk.js?codeVersion=1674015550273
IP
8.39.193.5:0
ASN
#54396 NUANCE-MOBILITY

File type
ASCII text, with very long lines (5905)
Size
26 kB (25928 bytes)
Hash
e29cf9b589cdfede37fe89e48b01fa3c
07b00bf2034a4047e44acfa6c0f91e768e888026
8a9e8fb783ee16760d24a6d5232b441a855565f66437eb696e0396ef950940b5

HTTP Headers

GET /media/launch/site_10006005_default_jssdk.js?codeVersion=1674015550273 HTTP/1.1
Host: media-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
ETag: "D0yACs/3act"
Last-Modified: Wed, 18 Jan 2023 04:19:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/javascript
Transfer-Encoding: chunked
Date: Fri, 03 Feb 2023 13:22:29 GMT

www--wellsfargo--com--8n49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load

163.171.134.56

200 OK

265 B

URL HTTP/1.1
www--wellsfargo--com--8n49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
265 B (265 bytes)
Hash
4bd057ae2be188acdbbcbd3df0d33d2e
f06b475490fd6b9a59613b27d22e7466752106da
ade7570088446855ef12d41ad71624f356015de0c30dba781b715dd258cbe735

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /dti_apg/api/imp/v1.0/report/?m&fq=load HTTP/1.1
Host: www--wellsfargo--com--8n49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com/es/biz/
content-type: text/plain;charset=UTF-8
Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Content-Length: 668
Connection: keep-alive
Cookie: ISD_WCM_COOKIE=!LJAVTpox3y8lFzcGl7IZxfIs0wroUSum3/jblVF/68z8iN9ZF0T/I4ds/EuoQs/TxxFZ/2oOlJ6KmSg=; utag_main=v_id:01861771c0f10009385d58c40d5e00050003e00900918$_sn:1$_se:2$_ss:0$_st:1675432377773$ses_id:1675430576369%3Bexp-session$_pn:1%3Bexp-session; __ts_xfdF3__=293667973; dti_apg=%7B%22_rt%22%3A%22DQMZTop0gxDL8CmqoSK2w7daN%2FGP6y%2BR4h151ByrpZU%3D%22%2C%22_s%22%3A%22RhsKIrNG%22%2C%22c%22%3A%22OVo5MjA5Z0tlbVdUMTJwUA%3D%3DE-FCRKZn6JF1qRIkuVyEJTDZOh6qzIq4kHmSuCKKdO-Z55u9bhLds5eL1t6Q7A9co6v3yhAagGvypbwYQCpIIHP77TecqNN6VTg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AZQK3WMAAAAARJBk78w1CRVe1huM28qD%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A10000%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C07977065565064540773850642839419703888%7CMCAAMLH-1676035377%7C6%7CMCAAMB-1676035377%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1597964350%7CMCOPTOUT-1675437777s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=960445f0-f750-4d3f-97ed-7d764052fd93; _cls_s=6436cc74-5d93-4597-a89a-188a77326dcb:0; _ga=GA1.2.1632986498.1675430578; _gid=GA1.2.352498750.1675430578; _gat_gtag_UA_107148943_1=1; _gcl_au=1.1.129369994.1675430578; LSESSIONID=eyJpIjoiSWE2cDdXMDVPaGFNN0dBY0lubFJBQT09IiwiZSI6IjV6cjVJOFlFNEg0Y05iOTBNdVlCcDZXWk45UnVFb3l1ZHFlbWJPVFV6dW40TEpiN0FCQjdOYnNuWnhwaHlcL1QwMGVkVmMxTGloWEtsMkROTDk4dDBkRUZuMVdaOGphb0crbzJEdTFuaG9Fbkx0UmlXZWVzaTJCNkJwQUgxSDI4TTZwUUhsS1BXcm80aHBrWkhXTUhyaVE9PSJ9.9a5aaed72110a85b.NzM5NjMzZDNlNWFiYTcyODcwOThhMzFhZmNmYjBiZmZlNTI2OTdhNGFmNTEyZjhhZmYyNGE0ZTZjYTk5ZjFjNw%3D%3D; ndsid=ndsatpf94qbr9goldok3wnw; _imp_di_pc_=AZQK3WMAAAAARJBk78w1CRVe1huM28qD
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 13:22:29 GMT
Content-Type: text/plain
Content-Length: 265
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--8n49329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=bn5u9%2fkImImVsjipOAteqJXPj5jf%2f2jLOvPv+ykXLzA%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 13:37:29 GMT;Httponly; Secure
_abck=0996A5324705EB40C75029A0EBF120A8~-1~YAAQvWpkX3C0QsWFAQAAn1lxFwm5JueYmYKR9tbaMzguj1ZDquV2CFbWnGg1Azq2+NtcYPk396zNCMDZ3M/RIIO1mX+GrA9iXCj7K/gSTOssyNCm9dCLSEwYow1wKDTEVNWKFAbB7gu1nnl4hngI5zdyHBdCpXD6fjxfcrmwwrMmtzFwAgRnLKohinbMKlXoTIUH3DPq0+7D8sH3eyhOLhVBfMabhY0Cs5uBonXKBGbtmDrnuSSMPkfePx6RRraCeDuXCh3Y77SNSFD5vQIKTPOCLXt3ajH4E81zG9Y/DGvD6hGPr2VUJ5hHFE7haaad+3lqLyYv1/qJpgmGqIylO+35xJBxLeSgsm6DAYbI5COwROw55mMeBswvJENMEARRgA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 03 Feb 2024 13:22:29 GMT; Max-Age=31536000; Secure
bm_sz=C90B7B2082DC7D5CBFE4CD635B629CC9~YAAQvWpkX3G0QsWFAQAAn1lxFxKH0m9AwUKY9ewvqh8KMSShsL3LdeKUia1ZLS4KEN4lNUJBzTtG02YuAEydp5p8JIp8c1b9kq+Tssaroh/kvdfy7NhW2bVXpqcxTNVqLx2K/7V9KWtc+tOkMC84vE7Gx4jVL5mLqyQX70E61qNhXLtCtfKJqQH21EfAFDSpJgyMWqxCiL3KlV4wFN6q1dbR0JDUUZTnE9zji8hFqHfQnWk1nFnaCSZYb+4q2i1fLmrjVuyYKQwUV5FFh14KdZ/p1amxyLj1soVZsDJtYTym1GdcIEbB~4599874~4404292; Domain=.wellsfargo.com; Path=/; Expires=Fri, 03 Feb 2023 17:22:29 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01XDr43:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63dd0a95_VM-ARN-01cnE31_15467-37029

media-wellsfargo.nod-glb.nuance.com/media/launch/all_10006005.json?codeVersion=1674015550273

8.39.193.5

200 OK

139 kB

URL HTTP/1.1
media-wellsfargo.nod-glb.nuance.com/media/launch/all_10006005.json?codeVersion=1674015550273
IP
8.39.193.5:0
ASN
#54396 NUANCE-MOBILITY

File type
Unicode text, UTF-8 text, with very long lines (327)
Size
139 kB (138822 bytes)
Hash
94471e930ecccb9ab022d921c615ee85
ee117009fbdecde41694b5979e2483d29dcf9adc
004c8e06ea86947a1098505eb2eabfe6631907a7bfcdf74ab8d2e54d3dd8a158

HTTP Headers

GET /media/launch/all_10006005.json?codeVersion=1674015550273 HTTP/1.1
Host: media-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tag-wellsfargo.nod-glb.nuance.com
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
ETag: "9l+6MXWqmIf"
Last-Modified: Wed, 18 Jan 2023 04:19:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/json
Transfer-Encoding: chunked
Date: Fri, 03 Feb 2023 13:22:30 GMT

media-wellsfargo.nod-glb.nuance.com/media/launch/tcFramework_jssdk.min.js?codeVersion=1674015550273

8.39.193.5

200 OK

136 kB

URL HTTP/1.1
media-wellsfargo.nod-glb.nuance.com/media/launch/tcFramework_jssdk.min.js?codeVersion=1674015550273
IP
8.39.193.5:0
ASN
#54396 NUANCE-MOBILITY

File type
ASCII text, with very long lines (65536), with no line terminators
Size
136 kB (136175 bytes)
Hash
59e567c38c35acd8b88471a66cdc80a3
d0479127e1529468017258a6f4464d2ecdff445f
b166b99ff9c03efd887510e4aa8a8491e5bb9992da38c2af2c46b3cd3838448f

HTTP Headers

GET /media/launch/tcFramework_jssdk.min.js?codeVersion=1674015550273 HTTP/1.1
Host: media-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
ETag: "G5Y6vw0fr2n"
Last-Modified: Wed, 18 Jan 2023 03:50:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/javascript
Transfer-Encoding: chunked
Date: Fri, 03 Feb 2023 13:22:30 GMT

tag-wellsfargo.nod-glb.nuance.com/tagserver/postToServer.min.htm?siteID=10006005&codeVersion=1674015550273

8.39.193.5

200 OK

6.5 kB

URL HTTP/1.1
tag-wellsfargo.nod-glb.nuance.com/tagserver/postToServer.min.htm?siteID=10006005&codeVersion=1674015550273
IP
8.39.193.5:0
ASN
#54396 NUANCE-MOBILITY

File type
HTML document text\012- HTML document text\012- HTML document text\012- Java source text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (807)
Size
6.5 kB (6470 bytes)
Hash
92c92a14d7348502d53a96ffb124e505
541bcbda5db19216712a37552092329b09a6301e
9f86b1cce23c8debd8f30ae3d4284689d83fe289f2e006e623e62eb0f90cbf67

HTTP Headers

GET /tagserver/postToServer.min.htm?siteID=10006005&codeVersion=1674015550273 HTTP/1.1
Host: tag-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/tagserver/nuanceChat.html?UUID=WF_10006005
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: max-age=3600
P3P: policyref="http://tag-wellsfargo.nod-glb.nuance.com/w3c/p3p.xml", CP="NON DSP LAW CUR ADMi TAIi PSAi PSD TELi OUR SAMi IND
ETag: "AN7QOU24IDr"
Last-Modified: Wed, 18 Jan 2023 03:47:27 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Content-Length: 6470
Date: Fri, 03 Feb 2023 13:22:31 GMT

tag-wellsfargo.nod-glb.nuance.com/tagserver/init/isTrustedDomain

8.39.193.5

200 OK

0 B

URL HTTP/1.1
tag-wellsfargo.nod-glb.nuance.com/tagserver/init/isTrustedDomain
IP
8.39.193.5:0
ASN
#54396 NUANCE-MOBILITY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /tagserver/init/isTrustedDomain HTTP/1.1
Host: tag-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 70
Origin: https://tag-wellsfargo.nod-glb.nuance.com
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/tagserver/postToServer.min.htm?siteID=10006005&codeVersion=1674015550273
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://tag-wellsfargo.nod-glb.nuance.com
Vary: Origin
Access-Control-Allow-Credentials: true
P3P: policyref="http://tag-wellsfargo.nod-glb.nuance.com/w3c/p3p.xml", CP="NON DSP LAW CUR ADMi TAIi PSAi PSD TELi OUR SAMi IND
Content-Type: text/html; charset=utf-8
Content-Length: 0
Date: Fri, 03 Feb 2023 13:22:31 GMT

tag-wellsfargo.nod-glb.nuance.com/tagserver/init/initFramework

8.39.193.5

200 OK

236 B

URL HTTP/1.1
tag-wellsfargo.nod-glb.nuance.com/tagserver/init/initFramework
IP
8.39.193.5:0
ASN
#54396 NUANCE-MOBILITY

File type
JSON data\012- , ASCII text, with no line terminators
Size
236 B (236 bytes)
Hash
f87e8a7305ee82d7ce452aa730e00f67
b41bdaa74a1285b00ed609ba9106f6d8633ba230
8c135efcf6555517efd1dd8a72a1692e25fea34dcaf490a9c02fac3997aea842

HTTP Headers

POST /tagserver/init/initFramework HTTP/1.1
Host: tag-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 204
Origin: https://tag-wellsfargo.nod-glb.nuance.com
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/tagserver/postToServer.min.htm?siteID=10006005&codeVersion=1674015550273
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://tag-wellsfargo.nod-glb.nuance.com
Vary: Origin
Access-Control-Allow-Credentials: true
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
P3P: policyref="http://tag-wellsfargo.nod-glb.nuance.com/w3c/p3p.xml", CP="NON DSP LAW CUR ADMi TAIi PSAi PSD TELi OUR SAMi IND
Content-Language: en-US
Content-Type: application/json; charset=UTF-8
Content-Length: 236
Date: Fri, 03 Feb 2023 13:22:31 GMT

media-wellsfargo.nod-glb.nuance.com/media/launch/ci/InqFrameworkService.js?codeVersion=1674015550273

8.39.193.5

200 OK

92 kB

URL HTTP/1.1
media-wellsfargo.nod-glb.nuance.com/media/launch/ci/InqFrameworkService.js?codeVersion=1674015550273
IP
8.39.193.5:0
ASN
#54396 NUANCE-MOBILITY

File type
Unicode text, UTF-8 text, with very long lines (39886), with NEL line terminators
Size
92 kB (92513 bytes)
Hash
4aa18006012fd1607c61ee057d338075
01e01b5ae8f170f65fb4cd56c1311ea65ec1da2f
7ffdb6e298ff49bd4f8f663cc10801a074e0ac55a6ae01ced74951dd385efeae

HTTP Headers

GET /media/launch/ci/InqFrameworkService.js?codeVersion=1674015550273 HTTP/1.1
Host: media-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
ETag: "66K7NpaQ3Wx"
Last-Modified: Wed, 18 Jan 2023 03:50:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/javascript
Transfer-Encoding: chunked
Date: Fri, 03 Feb 2023 13:22:31 GMT

tag-wellsfargo.nod-glb.nuance.com/tagserver/incrementality/onEvent

8.39.193.5

200 OK

0 B

URL HTTP/1.1
tag-wellsfargo.nod-glb.nuance.com/tagserver/incrementality/onEvent
IP
8.39.193.5:0
ASN
#54396 NUANCE-MOBILITY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /tagserver/incrementality/onEvent HTTP/1.1
Host: tag-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 338
Origin: https://tag-wellsfargo.nod-glb.nuance.com
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/tagserver/postToServer.min.htm?siteID=10006005&codeVersion=1674015550273
Cookie: inqVital_10006005=%7B%22INQ%22%3A%7B%22custID%22%3A%22-4313212741894990388%22%2C%22clntLag%22%3A-31058%7D%2C%22v%22%3A3%2C%22vcnt%22%3A0%2C%22vtime%22%3A1675430582727%7D; inqSession_10006005=%7B%22tzOf%22%3A28800000%2C%22auu%22%3A0%2C%22_svMs%22%3A-1%2C%22_aTyp%22%3A3%2C%22l%22%3A%5B%5D%2C%22m%22%3A0%2C%22n%22%3A0%2C%22o%22%3A0%2C%22r%22%3A0%2C%22s%22%3A0%2C%22st%22%3A0%2C%22v%22%3A0%2C%22ab%22%3A0%2C%22G%22%3A0%2C%22ss%22%3A0%2C%22T%22%3A0%2C%22U%22%3A0%2C%22ag%22%3A0%2C%22V%22%3A0%2C%22Va%22%3A0%2C%22cA%22%3A1%2C%22cB%22%3A2%2C%22af%22%3A-1%2C%22cnA%22%3A0%2C%22at%22%3A%22WFB-MessengerApp-S%22%2C%22as%22%3A1%2C%22Ac%22%3A0%2C%22sa%22%3A0%2C%22cHn%22%3A0%2C%22hdg%22%3A%22%22%2C%22bcs%22%3A0%2C%22to%22%3A0%2C%22stv%22%3A0%2C%22pi%22%3A%22null%22%2C%22St%22%3A0%2C%22odcr%22%3A0%2C%22scI%22%3A%220%22%2C%22lpb%22%3A0%2C%22ac%22%3A1%2C%22sDLT%22%3A%22%22%2C%22ay%22%3A0%2C%22aya%22%3A0%2C%22f%22%3A0%2C%22j%22%3A0%2C%22ahh%22%3A0%2C%22CDRC%22%3A0%2C%22CHM%22%3A%7B%22pmor%22%3Afalse%7D%2C%22_ssID%22%3A%22-43132127418949903881%22%2C%22rd%22%3A%22www--wellsfargo--com--8n49329d%22%2C%22sest%22%3A%22%22%2C%22_sT%22%3A0%2C%22ltt%22%3A1675430582890%2C%22C2CM%22%3A%7B%7D%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://tag-wellsfargo.nod-glb.nuance.com
Vary: Origin
Access-Control-Allow-Credentials: true
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
P3P: policyref="http://tag-wellsfargo.nod-glb.nuance.com/w3c/p3p.xml", CP="NON DSP LAW CUR ADMi TAIi PSAi PSD TELi OUR SAMi IND
Content-Language: en-US
Content-Type: application/json; charset=UTF-8
Content-Length: 0
Date: Fri, 03 Feb 2023 13:22:32 GMT

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (45)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML