Report - www--wellsfargo--com--g449329d48d6c.wsipv6.com/

Report Overview

Submitted URL
www--wellsfargo--com--g449329d48d6c.wsipv6.com/
IP
163.171.132.220
ASN
#54994 QUANTILNETWORKS
Submitted
2023-06-02 00:56:46
Access
public
Website Title
Final URL
Tags
wellsfargo financial phishing
urlquery detections
Phishing - Wells Fargo

Detections

urlquery
20
Network Intrusion Detection
0
Threat Detection Systems
68

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
tracking-protection.cdn.mozilla.net	9282	1998-01-31	2015-09-17	2023-06-01	2.0 kB	1.9 MB	34.120.158.37
static.wellsfargo.com	12306	1993-04-28	2015-03-14	2023-06-01	1.9 kB	49 kB	95.101.10.152
www17.wellsfargomedia.com	76964	2009-06-25	2021-07-19	2023-06-01	16 kB	334 kB	104.88.16.188
c1.wfinterface.com	14481	2019-10-25	2020-08-20	2023-06-01	4.1 kB	417 kB	95.101.10.106
ort.wellsfargo.com	51778	1993-04-28	2013-12-03	2023-06-01	466 B	2.0 kB	95.101.10.185
pdx-col.eum-appdynamics.com	4816	2013-04-16	2018-10-26	2023-06-01	2.3 kB	2.8 kB	34.213.146.121
ocsp.dcocsp.cn	33518	2018-05-02	2018-11-07	2023-06-01	328 B	957 B	47.246.44.230
www--wellsfargo--com--g449329d48d6c.wsipv6.com	unknown	unknown	2022-08-20	2023-03-09	46 kB	742 kB	163.171.132.220
connect.secure.wellsfargo.com	11812	1993-04-28	2017-01-31	2023-06-01	8.4 kB	2.7 MB	95.101.10.136
rubicon.wellsfargo.com	11786	1993-04-28	2019-12-17	2023-06-01	3.4 kB	6.1 kB	95.101.10.104

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/
2023-06-01	medium	www--wellsfargo--com--g449329d48d6c.wsipv6.com/

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (31)

	URL	Size	First Seen	Last Seen
	c1.wfinterface.com/tracking/ga/ga.js	49 kB	2023-03-07	2024-04-08
Pretty URL c1.wfinterface.com/tracking/ga/ga.js IP 95.101.10.106 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-08 03:26:09 Times Seen4882 Hash 8402e9ebdf9290c018b0617018227681 2d840fcd6c3008d9aca747ba0ce056b496db8e1b 0b2af045acafbdf14516bf55f310568036ace959946d16edb1acebcd58029d22 Loading...

	www--wellsfargo--com--g449329d48d6c.wsipv6.com/	199 B	2023-03-07	2024-03-28
Pretty URL www--wellsfargo--com--g449329d48d6c.wsipv6.com/ IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:01 Last Seen2024-03-28 17:41:48 Times Seen2469 Hash e086f28166bf73bc94e3cd49222ba6b3 e672fcd875785616f34372b6dd2a8245edbd0ca6 268683f78bf540a4628d352b35364a4405e8f1693eaee6a34e081045b1f95e54 Loading...

	c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1	117 kB	2023-03-08	2023-09-21
Pretty URL c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1 IP 95.101.10.106 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:36:56 Last Seen2023-09-21 03:50:16 Times Seen11701 Hash 91c536ff4d2c8db1822702f866e60b08 3370d3721e28923f099da1985f718a88015975aa d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a Loading...

	connect.secure.wellsfargo.com/jenny/nd	54 kB	2023-06-02	2023-06-02
Pretty URL connect.secure.wellsfargo.com/jenny/nd IP 95.101.10.194 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-02 02:12:33 Last Seen2023-06-02 02:56:48 Times Seen14 Hash fd84add9ed27b6aa5d0cddb1be1d07cf 07d7f552e82c7b83c71b16358b7efb063d78cb5d 9c654e7372a81694d6ef749266dc5a5297433a6a8eb57e1aef8f7735720db0f7 Loading...

	www--wellsfargo--com--g449329d48d6c.wsipv6.com/	305 B	2023-03-12	2024-03-28
Pretty URL www--wellsfargo--com--g449329d48d6c.wsipv6.com/ IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 07:01:47 Last Seen2024-03-28 17:41:49 Times Seen2191 Hash f6b4b2136c3a8cba62483bb8a9643eff 5ae0ebddf1912d81d2362682b58703e15101c1e1 23b0a56caea664378f4d742162dbb7063e9d47ff3e053506956fc46e2482d28f Loading...

	www--wellsfargo--com--g449329d48d6c.wsipv6.com/	252 B	2023-03-07	2024-04-08
Pretty URL www--wellsfargo--com--g449329d48d6c.wsipv6.com/ IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-08 03:26:08 Times Seen2498 Hash 4f6526fc5cfbf8f77c674e5cb40c36d6 94bb860d263ab388eea733a7a0e7fc00717d0637 06249a30772721e1f681be4a0d74c05a58b36a266c273eafdbe86ebcca83aabc Loading...

	c1.wfinterface.com/tracking/ga/ec.js	2.8 kB	2023-03-07	2024-03-28
Pretty URL c1.wfinterface.com/tracking/ga/ec.js IP 95.101.10.106 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-03-28 17:41:50 Times Seen4661 Hash 0ae62a83927125e9b9dfa97f89af9d3f efb68f49f2b9b6b5567bf26a17015ede289e429d 618688d9849fef712931832c71e01be145d1791d6da917a702ab86a74ce66089 Loading...

	c1.wfinterface.com/tracking/ga/ga_conversion_async.js	36 kB	2023-03-07	2024-04-08
Pretty URL c1.wfinterface.com/tracking/ga/ga_conversion_async.js IP 95.101.10.106 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-08 03:26:09 Times Seen4900 Hash 0a40602db7616a31c9da4548ee920190 878e01cb0c90cb247aabc137327655a6fcffcbd5 6c771bd1c269646a76015f2f6410a40c031e5adea88f665bfe9ae15a972ab6ab Loading...

	connect.secure.wellsfargo.com/AIDO/glu.js	70 kB	2023-06-02	2023-06-02
Pretty URL connect.secure.wellsfargo.com/AIDO/glu.js IP 95.101.10.136 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-02 02:56:48 Last Seen2023-06-02 02:56:48 Times Seen2 Hash de837a36e16f0637c315f53879473ad5 edb434f283c5ca54f255e07ec058370325db26c8 949fce6d60f4e9040aedf847a80d9b94fbe6a5200914967743a48ba6d9e2b33a Loading...

	www--wellsfargo--com--g449329d48d6c.wsipv6.com/	386 B	2023-06-02	2023-06-02
Pretty URL www--wellsfargo--com--g449329d48d6c.wsipv6.com/ IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-02 02:56:48 Last Seen2023-06-02 02:56:48 Times Seen1 Hash 16bffcd8af894dfca3c1be9343679235 c5c96bfb4959570076e409d3d3620e17cde93cc2 eb66e17794e813020cf901d47272849b768948cca13527291f075ef9367553b5 Loading...

	connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.5562921853485782	260 kB	2023-06-02	2023-06-02
Pretty URL connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.5562921853485782 IP 95.101.10.194 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-02 02:56:48 Last Seen2023-06-02 02:56:48 Times Seen2 Hash 44fa8ecdca87de161267967c5527ae64 53bef5271074fc6e84245f9b91cee3b221d705b2 8dea7df38a8a848c969cfbe829e170b51cca58f06588ba31a7e1d9a00dd57ffe Loading...

	www--wellsfargo--com--g449329d48d6c.wsipv6.com/	126 B	2023-03-07	2024-03-28
Pretty URL www--wellsfargo--com--g449329d48d6c.wsipv6.com/ IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:01 Last Seen2024-03-28 17:41:49 Times Seen2471 Hash f1b0375ca8995f583d4f31df97c9e172 d901e5604947f5b57d3bda7a78e92cdcef0439ec a6117a82be9fcdf7e808ce5f2a8b37a4b0dc1dd7052feb6088fc72f32503343d Loading...

	c1.wfinterface.com/tracking/hp/utag.js	204 kB	2023-04-01	2023-07-13
Pretty URL c1.wfinterface.com/tracking/hp/utag.js IP 95.101.10.106 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-01 10:33:51 Last Seen2023-07-13 02:42:28 Times Seen1788 Hash e209a1a5585f8dd9a47399f17a2ddf3a f51096de01ae2a6354239d91349484df106f7146 687be24446ef93a643957fba020ef2236424599de44e9eaae07249d2ee80f367 Loading...

	c1.wfinterface.com/tracking/gb/detector-dom.min.js	460 kB	2023-03-12	2023-11-04
Pretty URL c1.wfinterface.com/tracking/gb/detector-dom.min.js IP 95.101.10.106 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 19:18:07 Last Seen2023-11-04 12:20:57 Times Seen4580 Hash c71e354b6a3fbb7e60e42b5cd392761e b0abcc1cda4144fb29550225f7c3dd0342d11fbf c5efd80b0945674f1ffbb895395fb45f44b6030a3d2c6380b03202e667c51923 Loading...

	static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js	45 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-08 03:26:09 Times Seen4864 Hash 5f310e2e2a558d76b916e137aee73462 c7ff0190c9c2c414321211f3863e9e27f32b713e 385196f0fce7cea80c2c99d971780ecb73df9dea6e5b2d95d19df3aa849c7b1f Loading...

	connect.secure.wellsfargo.com/PIDO/pic.js?r=0.9550013922430205	91 kB	2023-06-02	2023-06-02
Pretty URL connect.secure.wellsfargo.com/PIDO/pic.js?r=0.9550013922430205 IP 95.101.10.194 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-02 02:56:48 Last Seen2023-06-02 02:56:48 Times Seen2 Hash 5e5cbaa8a4e69c06dd507a1979246b33 23d12368c9e81b081d2e0356228397108d521358 382b57b066203b9b294a6900216587c7f4e7a91ca215e00c51c9bb25e8d56dec Loading...

	www--wellsfargo--com--g449329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single	11 kB	2023-06-02	2023-06-02
Pretty URL www--wellsfargo--com--g449329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-02 02:56:48 Last Seen2023-06-02 02:56:48 Times Seen2 Hash 1c6ed2e8e9161309e7b27e0cb09006e5 e565d1eb10d52651f5f43566f9b5b838dd09428d db9045e96e017931c97975c705d0700b26599fb9210c52c508f2823993a7e3ac Loading...

	www--wellsfargo--com--g449329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js	59 kB	2023-04-06	2023-07-13
Pretty URL www--wellsfargo--com--g449329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-06 07:57:44 Last Seen2023-07-13 02:42:28 Times Seen3447 Hash 1f9ca16f9fc2bfd6185aa57f8e9e1996 9a32e9cd41b9f7e4ebf0cb2364a333414f1f3e52 f1f5d2d31133a2c5bd964ef6422e45e1d1c5741d98b605d6a2cbf7257092d1ab Loading...

	www--wellsfargo--com--g449329d48d6c.wsipv6.com/	691 B	2023-03-07	2024-03-28
Pretty URL www--wellsfargo--com--g449329d48d6c.wsipv6.com/ IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:02 Last Seen2024-03-28 17:41:49 Times Seen2441 Hash 48aed8d68c7d2fffc25f5635f592d555 910339ea378c481f21efced8b39c292816bc2fbd 54900b733cd406a3d2232358c17db394d9c2b5118167fbdf4f769a105635a6e2 Loading...

	static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js	45 kB	2023-03-25	2023-09-10
Pretty URL static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-25 23:10:42 Last Seen2023-09-10 23:50:30 Times Seen4720 Hash 308e427d5e59a148900bf524ecd5829a 73baa209d84f2d15c88606b28280d2121efd878c c15cbdeb4d6f20c36afa165203fc74d9ee00c6d77954971b0e1ba2e5ec222b07 Loading...

	www--wellsfargo--com--g449329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AEDfgnmIAQAAKEyXldHjYQuNKyXu2toehM-eRINAGZQ18MLmkTGrGrU1TW2O&X-G2Q3kxs3--z=q	266 kB	2023-06-02	2023-06-02
Pretty URL www--wellsfargo--com--g449329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AEDfgnmIAQAAKEyXldHjYQuNKyXu2toehM-eRINAGZQ18MLmkTGrGrU1TW2O&X-G2Q3kxs3--z=q IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-02 02:45:55 Last Seen2023-06-02 02:56:48 Times Seen8 Hash 2c17eb47d1c407de9a611d0db7103e3c 443716089971a241b4c62de809a2735cce6b2d68 7e83146d959f122ca370293d6a125187a665f90cccabca0735c4a65fec5b0b9b Loading...

	connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js	270 kB	2023-06-02	2023-06-02
Pretty URL connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js IP 95.101.10.136 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-02 02:56:48 Last Seen2023-06-02 02:56:48 Times Seen2 Hash 8c49aada7444fa1b353784d77f50d08f 8ae52b38806a7b35e5651f2550e91870741a974d 9b31ab6c67ded96e11c4f221af96600630a763a420075719485008730662df3a Loading...

	static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js	48 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-08 03:26:09 Times Seen4875 Hash aeccb854b0a76aa9f478e466c8011b29 625d31cbeb8978cf2419f58d14bba92a42dbb45c 7f0d10bc282c3d7b0eb4d7527303490f8d3b86a1c65e293c2d9f0793006441e6 Loading...

	www--wellsfargo--com--g449329d48d6c.wsipv6.com/	109 B	2023-03-07	2024-03-28
Pretty URL www--wellsfargo--com--g449329d48d6c.wsipv6.com/ IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:01 Last Seen2024-03-28 17:41:49 Times Seen2179 Hash 5e484877c8a3178a846a7d21b7fe5209 d7b7ac3ca178c038b5cf3b9157b99d818d540efb 3121a4640f3196f3df84a9d4f5f68703d478c024ec18f4a22c70825ad8cfab33 Loading...

	www--wellsfargo--com--g449329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34	200 kB	2023-05-29	2023-06-06
Pretty URL www--wellsfargo--com--g449329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34 IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-29 23:35:45 Last Seen2023-06-06 02:03:42 Times Seen882 Hash 3b2227177307401f0ad66f16a01dfd5e 098aee523bc90b9abd2658dc3cad2b8d984c148c f9fce767b48efa5ba940f180d7210d6f9d5c1569743951fb756e574c8e8ce86e Loading...

	www--wellsfargo--com--g449329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js	555 kB	2023-05-24	2023-08-19
Pretty URL www--wellsfargo--com--g449329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-24 05:12:02 Last Seen2023-08-19 12:22:18 Times Seen2430 Hash 86b0428bd52fbfeaf6fc736f21b79f1e 357a952f524df35ccf680ecc30ed8764444266bb fe4623c9de643567800b8518f0a5163d4d6d634f87d93ab792b221834592d5ab Loading...

	connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js	1.2 kB	2023-05-16	2023-06-13
Pretty URL connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js IP 95.101.10.136 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-16 13:20:50 Last Seen2023-06-13 02:11:44 Times Seen1105 Hash 6497c4493a39dde646c25ba77769bdff a274bf8eeb1162704dffb48a94fa7984257d5bb0 87539e9903c436b134e3eedeb2fba22286fbca83cfd766afd62e6de9d10167aa Loading...

	connect.secure.wellsfargo.com/auth/static/prefs/atadun.js	1.2 kB	2023-03-07	2024-03-23
Pretty URL connect.secure.wellsfargo.com/auth/static/prefs/atadun.js IP 95.101.10.136 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-03-23 06:17:56 Times Seen4751 Hash 566dda94252f1860a7a28665c715b530 6aa0455dc8ea41441b1f3a733985758dc40af736 43dd833f33570535401d009e6b6f9cde54bdac4e210fc6c89cfdcfcbaa9fc903 Loading...

	connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBITjhVL3ZKME05dXgvQmJnMkR6T1VCNG9Jb1dHTkNQa2tFeEd6cUIxMFZySmUxRVRxNUMyZWxISUxrdTk2UW1GZUZPbGt6UExWb09lOW1zTzFpaHRrdm81OFBqSHdlVEh3M29wbk15bldaRkk5NHBVai9xVWdwZ3R5alJDL1VxL1NTME5oQUxrNGpKUStVOHB4c2o3dDhQbE9oNWF3OFNIR0p0enhxYzJBRC9VdmNCendCVGF5emw2dTQ5L2VQaEQraFU4emVzUzZyUHA1aitRY1RDbzJTeWRrVFZjTzdVTHNVZTVaWXlhWlpMM1M4L1d3eXp1Z21ZTXRSZDJ4ZXNnOW5GSis0L3VaSEV5VHRHL2VBUDl2Z0pVVEJYQnkxaFg4ajZhaUlVPXw2OGQxOWE0ZmRmZTEzNDczNzlmZGMzNWU0NDY4MWM1NTRiZGY1MDgxNWNiMzEyZWI2YjIyZmIwZTg4MWQwNTViNzZjZmE4MDU4ODBlNGQ4NmY2N2VmNzNkMGEyNGJiZjhjYzFlYmZmYThjYWU0MTRiZjdjYTI5MDA1NDg1MWYyZDExNjljZDYzYzVmODM2Y2ZiNWVjMWY3Mzk5MzZhOWU4ZjkzNzU2ZjYzYTg3ZmViNmUzYzBjZDVlNGFmYTZjMTZhNjUwZmEzMjY5YWIzY2I2NzIxYThlNjdiODQ3ZWMzMDU0ZTFmZDVlOTFjN2M1YmY4YTg3ZDYyZGUyOTk4MGU1ZmMyZjM5Y2VlNTM4N2YwNDY2NmExZTA5NWJiNzRiMzA2MTllYWY3ZjFmN2EwYmU0YjM2ZTdhOWY4MjliMmQwZmE3N2FlMzZkMjM1ZTcwZDgwNjYyNzg4Nzk1ZDA3ODU1YTQwNjcyOGE1ODM3NmQ3ZTZhNWZiMzZjOWYwNGRkZjBlOTJmZmUyMGQzNjI1YmI2ZjQ1OWYxNWQ1N2U3NGYyNDdkNzZkZGE4YzdhMTJmNTZlYThiZmFhOTMyMzBjMDNiMTcyYTE1MjFkMGNjMWI2NWQ2MjViZjhhZmU0OTEwY2VkYmY0MWYxODBjZTVkZTQ4OTY4ZmQ0MzE4N2M0M2IwOHwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com&t=jsonp&c=mbamghnntnlbhrlg&eu=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F	90 B	2023-06-02	2023-06-02
Pretty URL connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBITjhVL3ZKME05dXgvQmJnMkR6T1VCNG9Jb1dHTkNQa2tFeEd6cUIxMFZySmUxRVRxNUMyZWxISUxrdTk2UW1GZUZPbGt6UExWb09lOW1zTzFpaHRrdm81OFBqSHdlVEh3M29wbk15bldaRkk5NHBVai9xVWdwZ3R5alJDL1VxL1NTME5oQUxrNGpKUStVOHB4c2o3dDhQbE9oNWF3OFNIR0p0enhxYzJBRC9VdmNCendCVGF5emw2dTQ5L2VQaEQraFU4emVzUzZyUHA1aitRY1RDbzJTeWRrVFZjTzdVTHNVZTVaWXlhWlpMM1M4L1d3eXp1Z21ZTXRSZDJ4ZXNnOW5GSis0L3VaSEV5VHRHL2VBUDl2Z0pVVEJYQnkxaFg4ajZhaUlVPXw2OGQxOWE0ZmRmZTEzNDczNzlmZGMzNWU0NDY4MWM1NTRiZGY1MDgxNWNiMzEyZWI2YjIyZmIwZTg4MWQwNTViNzZjZmE4MDU4ODBlNGQ4NmY2N2VmNzNkMGEyNGJiZjhjYzFlYmZmYThjYWU0MTRiZjdjYTI5MDA1NDg1MWYyZDExNjljZDYzYzVmODM2Y2ZiNWVjMWY3Mzk5MzZhOWU4ZjkzNzU2ZjYzYTg3ZmViNmUzYzBjZDVlNGFmYTZjMTZhNjUwZmEzMjY5YWIzY2I2NzIxYThlNjdiODQ3ZWMzMDU0ZTFmZDVlOTFjN2M1YmY4YTg3ZDYyZGUyOTk4MGU1ZmMyZjM5Y2VlNTM4N2YwNDY2NmExZTA5NWJiNzRiMzA2MTllYWY3ZjFmN2EwYmU0YjM2ZTdhOWY4MjliMmQwZmE3N2FlMzZkMjM1ZTcwZDgwNjYyNzg4Nzk1ZDA3ODU1YTQwNjcyOGE1ODM3NmQ3ZTZhNWZiMzZjOWYwNGRkZjBlOTJmZmUyMGQzNjI1YmI2ZjQ1OWYxNWQ1N2U3NGYyNDdkNzZkZGE4YzdhMTJmNTZlYThiZmFhOTMyMzBjMDNiMTcyYTE1MjFkMGNjMWI2NWQ2MjViZjhhZmU0OTEwY2VkYmY0MWYxODBjZTVkZTQ4OTY4ZmQ0MzE4N2M0M2IwOHwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com&t=jsonp&c=mbamghnntnlbhrlg&eu=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F IP 95.101.10.136 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-02 02:56:48 Last Seen2023-06-02 02:56:48 Times Seen2 Hash 378186479856e9d83db48019d8e82391 25a029ce0010a5ac946e52aef62d2515ab13e84f 6a510c9bd56f9e3b83c168d9096c5c629f46c2a096d8547159fafa31cb32cd24 Loading...

	www--wellsfargo--com--g449329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js	182 kB	2023-05-14	2023-06-06
Pretty URL www--wellsfargo--com--g449329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-14 17:41:49 Last Seen2023-06-06 02:39:07 Times Seen1086 Hash 817137481b98432168705ff99aa7ca57 9049c9adaa1e735f5e8c1b17f72a88f8fad3994c 884b8a0cdadbb630b742a414622856e833532ecf5eb3ba87b6066bceb521f086 Loading...

	static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js	2.0 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-08 03:26:08 Times Seen4778 Hash e7cf4c458b327ab7ed31e0936ccd404f 970bf05073f91ad6b8f21521f7c9886f71f2af1d 52b687a685d2239142be0db5335c5710951ba8c2b39a44431a40f156b4d9312d Loading...

HTTP Transactions (105)

URL IP Response Size

tracking-protection.cdn.mozilla.net/ads-track-digest256/1684337778

34.120.158.37

56 kB

URL
tracking-protection.cdn.mozilla.net/ads-track-digest256/1684337778
IP
34.120.158.37:0
ASN
#15169 GOOGLE

File type
data
Size
56 kB (56534 bytes)
Hash
e82f812913b6a06c608d7bb688e184b4
ea5db373525ee7dfa0abaf0befb2dae54e62b699
46fb1d72ca8047216ad4c5349f791a385049e1025042a3fbca56a7bf94ff2e89

HTTP Headers

GET /ads-track-digest256/1684337778 HTTP/1.1
Host: tracking-protection.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: mAV6JYql0Hj/v4dZcxitCheENADj9j6yfk3PYkQQDeSJPxnsyPrC2sZFnAHMlt3B9m/KnrJ38G0=
x-amz-request-id: 0RB8JNVW5A1G166G
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
content-length: 56534
via: 1.1 google
date: Thu, 01 Jun 2023 15:37:08 GMT
age: 33557
last-modified: Wed, 17 May 2023 15:36:30 GMT
etag: "e82f812913b6a06c608d7bb688e184b4"
content-type: application/octet-stream
cache-control: public,max-age=86400
alt-svc: clear
X-Firefox-Spdy: h2

tracking-protection.cdn.mozilla.net/analytics-track-digest256/1683905755

34.120.158.37

10 kB

URL
tracking-protection.cdn.mozilla.net/analytics-track-digest256/1683905755
IP
34.120.158.37:0
ASN
#15169 GOOGLE

File type
data
Size
10 kB (10486 bytes)
Hash
feffee93ee53bd6b02687bb9d9a11425
f9fab28225d6eb2ed2e72ce675d5d5b624383658
3b09c3bc75d40a2dc370d7a9e88433d74de203f31056900b995b497950f2d672

HTTP Headers

GET /analytics-track-digest256/1683905755 HTTP/1.1
Host: tracking-protection.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: qTXmqRGGh7kr1FVOwBOqMOraFSI1ymXRD8APvj5f0PRrV1DHG0XNX5YIl8nxIlKQc0A9NCssPSIuHKEeZIs/fw==
x-amz-request-id: NECEESR4B36MFTGP
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
content-length: 10486
via: 1.1 google
date: Thu, 01 Jun 2023 15:36:45 GMT
age: 33580
last-modified: Fri, 12 May 2023 15:36:10 GMT
etag: "feffee93ee53bd6b02687bb9d9a11425"
content-type: application/octet-stream
cache-control: public,max-age=86400
alt-svc: clear
X-Firefox-Spdy: h2

tracking-protection.cdn.mozilla.net/content-track-digest256/1683905755

34.120.158.37

15 kB

URL
tracking-protection.cdn.mozilla.net/content-track-digest256/1683905755
IP
34.120.158.37:0
ASN
#15169 GOOGLE

File type
data
Size
15 kB (15350 bytes)
Hash
adff9f8518019ddb5b72e09fa471bd56
2a5cf28dcda107605da2bb4f6e56a07e514a927f
900f414ea63bb7f4e5a33041d77112c309aa8dfebd93681895c596d948ed12bf

HTTP Headers

GET /content-track-digest256/1683905755 HTTP/1.1
Host: tracking-protection.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: BN0QpV2f4XJMCyRDt6Ltxv15+iqc4go7+Ci5riFPddAcFd0t0LtLk2RRweDoTjWvIFbXOBZ5UTw=
x-amz-request-id: HK17DRNEANCHNYH8
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
content-length: 15350
via: 1.1 google
date: Thu, 01 Jun 2023 15:37:06 GMT
age: 33559
last-modified: Fri, 12 May 2023 15:36:06 GMT
etag: "adff9f8518019ddb5b72e09fa471bd56"
content-type: application/octet-stream
cache-control: public,max-age=86400
alt-svc: clear
X-Firefox-Spdy: h2

tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1683905755

34.120.158.37

1.5 MB

URL
tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1683905755
IP
34.120.158.37:0
ASN
#15169 GOOGLE

File type
data
Size
1.5 MB (1476920 bytes)
Hash
501d3f65be5457b0986a2f0b880e88f2
0df631bbe10a12e255c8d323fed084f51ffb842d
e3acbced9ab46ff7a41311445b2bd1f6f70f8716d35131670528417d2c9a6627

HTTP Headers

GET /google-trackwhite-digest256/1683905755 HTTP/1.1
Host: tracking-protection.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: VSzrHGMkCVNgkzJqQ38pWJdSy0EtAzjkXXunZzlmNpHhxIbfET1AJxRfMKU+mxnUFUlsm6dBUW56Et2k3Sukmw5V5ntMuF+w/aVcjmWSZ4c=
x-amz-request-id: 5CYYYK0BWVG65THV
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
via: 1.1 google
date: Thu, 01 Jun 2023 15:36:59 GMT
age: 33566
last-modified: Fri, 12 May 2023 15:36:17 GMT
etag: "501d3f65be5457b0986a2f0b880e88f2"
content-type: application/octet-stream
content-length: 1476920
cache-control: public,max-age=86400
alt-svc: clear
X-Firefox-Spdy: h2

tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1684337778

34.120.158.37

346 kB

URL
tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1684337778
IP
34.120.158.37:0
ASN
#15169 GOOGLE

File type
data
Size
346 kB (345943 bytes)
Hash
dc048d310df250632824a0ef784c0503
349ed5134df1bb49ba48bab8498c932655795279
a217142987da561fafd04a5f77dcab5860687e0089002eec43cd8bd619b9870a

HTTP Headers

GET /mozstd-trackwhite-digest256/1684337778 HTTP/1.1
Host: tracking-protection.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: GMieJilB4Qa4fmD4jZeEeE+nOy+PfYVOBZ0F6ABU8ziK++kvvAalRLqTw31bHlOD01VEqHAavxA=
x-amz-request-id: 5SM911YNTJ59NG24
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
content-length: 345943
via: 1.1 google
date: Thu, 01 Jun 2023 15:37:09 GMT
age: 33557
last-modified: Wed, 17 May 2023 15:36:35 GMT
etag: "dc048d310df250632824a0ef784c0503"
content-type: application/octet-stream
cache-control: public,max-age=86400
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.dcocsp.cn/

47.246.44.230

471 B

URL
ocsp.dcocsp.cn/
IP
47.246.44.230:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
471 B (471 bytes)
Hash
3d25d4accc054841904c210030f2765b
5586a01c7f26c3f1b55ffe41fe5ae219492a5334
733dd1e500076a819ae487f05161dd050d436d49a72c1d11e5c58760ef008bcf

HTTP Headers

POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Fri, 02 Jun 2023 00:56:26 GMT
Ali-Swift-Global-Savetime: 1685667386
Via: cache21.l2de2[277,277,200-0,M], cache3.l2de2[279,0], cache8.se1[301,301,200-0,M], cache8.se1[303,0]
X-Cache: MISS TCP_REFRESH_MISS dirn:4:407567267
X-Swift-SaveTime: Fri, 02 Jun 2023 00:56:26 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: 2ff62c9c16856673860251298e

www--wellsfargo--com--g449329d48d6c.wsipv6.com/

163.171.132.220

200 OK

19 kB

URL User Request GET HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (731), with CRLF line terminators
Size
19 kB (18839 bytes)
Hash
598764030c9845e800372b66c932723f
2a74fdfc1b2efa5699e7d2b186eb603e8165c42f
f447ddfb36b316c1a3094b275df279cc0d22afd39a1db3a671b21dfe98adaad6

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company

HTTP Headers

GET / HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:26 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 18839
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; prefetch-src 'self' *.wellsfargo.com *.wellsfargomedia.com; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://resources.digital-cloud-prem.medallia.com https://www.knotch-cdn.com https://www.units.knotch.it https://*.knotch.it/; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.ads.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://www.linkedin.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://*.mworld.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://www.units.knotch.it; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-a0a0deaf-7834-406a-925d-d3611dceade8' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.ads.linkedin.com https://www.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Language: en-US
X-Akamai-Transformed: 9 18771 0 pmb=mTOE,1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:abb5ac43-042a-44f9-aa7c-80229780d2ae; Expires=Fri, 02 Jun 2023 00:56:56 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:0|g:abb5ac43-042a-44f9-aa7c-80229780d2ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 00:56:56 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 00:56:56 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894; Expires=Fri, 02 Jun 2023 00:56:56 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:70; Expires=Fri, 02 Jun 2023 00:56:56 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=1120230601175626932056529; domain=.wellsfargo.com; path=/; expires=30 May 2033 00:56:26 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=; path=/; Httponly; Secure
DCID=K0gwFEOZRD%2f1z1ys%2f7zz9pm+2feoEoaYXpRy5ll0pY0%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:26 GMT;Httponly; Secure
_abck=C5E5F59ED340236E39116141174C02B8~-1~YAAQlNAXAkxPbHaIAQAAGRSbeQkSLtk9zYLcDH/aT12B5Sj6M77TYApOhxsahZF+fuj4qgAlG6pKxBIo+vvw9Ko4YrhUEikl4L3rEyuQPvT39a/Np3qr8q7P/GNO9t3PfoYLq/kALQyXbVu5SQ7Nb0pTdGT6ukLkoqfpUl/AuTGj6HVsWILcDDzW5CmW+BeA9sza8bA11xORLZJ7+OAJvxk2MyktR8VIaPgacnp3vzpsedPxF54/r3IHrSfuAV6NS/nqc8S6GfUeKtjbNggsoOddthOvIor+YNIG3vEydSHAHGS8EsOD2lE2fq1nlRbQooqkhN664N2FkEFPanceUuag1Jv7aK4wYdZ9WEPeuWwPpTnb+/jbkXacdxBciC29~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:56:26 GMT; Max-Age=31536000; Secure
bm_sz=6BD82AEC6EBE329AD33BB036795777E4~YAAQlNAXAk1PbHaIAQAAGRSbeRNC9x53hzupWchoc8jsyCCDeX4/pVo0394y53sanJV7eCuF6kg6unHHFojj1ewvB3HpUflOvd0o3ylcfTR6r9bDqrHfFjbmFdlim/fRyA3pZdJdde/94kmSDe9kbz9yilO4tYCJU9ERBTpQ3e/XRM2Jzz9thUv/REYbD8liQOfjMCpJs1JN0P05Ji2WNNlUBzj/PrFM+2kjc+v2MzHFfOAKwG3Lv6vUUt6Dk4l1SY5FrVUf8sUIoW9MrqKz0KjTaDGSt+SUlPP4EMJ0asrp1R3SJELy~4272449~4339766; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:56:26 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3a_kf175_12005-1348

static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js

95.101.10.152

200 OK

16 kB

URL GET HTTP/1.1
static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
IP
95.101.10.152:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (45298)
Size
16 kB (15731 bytes)
Hash
308e427d5e59a148900bf524ecd5829a
73baa209d84f2d15c88606b28280d2121efd878c
c15cbdeb4d6f20c36afa165203fc74d9ee00c6d77954971b0e1ba2e5ec222b07

HTTP Headers

GET /assets/js/wfui/container/wfui-container-bottom.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 07 Mar 2023 21:05:06 GMT
Vary: Accept-Encoding
ETag: W/"6407a702-b125"
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15731
Date: Fri, 02 Jun 2023 00:56:26 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=fIn1cdnfY0mopXsNOg+ulQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js

95.101.10.152

200 OK

901 B

URL GET HTTP/1.1
static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
IP
95.101.10.152:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (1952), with no line terminators
Size
901 B (901 bytes)
Hash
e7cf4c458b327ab7ed31e0936ccd404f
970bf05073f91ad6b8f21521f7c9886f71f2af1d
52b687a685d2239142be0db5335c5710951ba8c2b39a44431a40f156b4d9312d

HTTP Headers

GET /assets/js/wfui/appdynamics/appdEUMConfig.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 20 Jan 2022 02:38:25 GMT
Vary: Accept-Encoding
ETag: W/"61e8cb21-7a0"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 901
Date: Fri, 02 Jun 2023 00:56:26 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=lwUc%2f7Fj20WuXocjpd9jew%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--g449329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css

163.171.132.220

200 OK

24 kB

URL GET HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
24 kB (23837 bytes)
Hash
faeacce8b6ad342cd86a6a8d5e4b52c7
818f0301128768ed137adc0a80759721b57027c8
befa04abc1ca69b01f6d8b97af7399611e49e69b541bf33554ab37f5b6b776c7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /ui/css/homepage-ui/ps-homepage.css HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:abb5ac43-042a-44f9-aa7c-80229780d2ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:26 GMT
Content-Type: text/css
Content-Length: 23837
Connection: keep-alive
Expires: Fri, 02 Jun 2023 00:39:34 GMT
Last-Modified: Tue, 18 Apr 2023 15:19:30 GMT
ETag: "643eb502-2a973"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01hzl162:2 (Cdn Cache Server V2.0), 1.1 kf182:9 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3a_kf175_11685-8055

www--wellsfargo--com--g449329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js

163.171.132.220

200 OK

19 kB

URL GET HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (33363), with NEL line terminators
Size
19 kB (19159 bytes)
Hash
1f9ca16f9fc2bfd6185aa57f8e9e1996
9a32e9cd41b9f7e4ebf0cb2364a333414f1f3e52
f1f5d2d31133a2c5bd964ef6422e45e1d1c5741d98b605d6a2cbf7257092d1ab

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /ui/javascript/homepage-ui/homepage_iaoffer.js HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:abb5ac43-042a-44f9-aa7c-80229780d2ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:26 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 19159
Connection: keep-alive
Expires: Fri, 02 Jun 2023 00:39:34 GMT
Last-Modified: Tue, 18 Apr 2023 15:19:30 GMT
ETag: "643eb502-e805"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01hzl162:0 (Cdn Cache Server V2.0), 1.1 kf175:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3a_kf175_11680-55841

www--wellsfargo--com--g449329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34

163.171.132.220

201 Created

77 kB

URL POST HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
data
Size
77 kB (76583 bytes)
Hash
3b2227177307401f0ad66f16a01dfd5e
098aee523bc90b9abd2658dc3cad2b8d984c148c
f9fce767b48efa5ba940f180d7210d6f9d5c1569743951fb756e574c8e8ce86e

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company

HTTP Headers

GET /DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34 HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:abb5ac43-042a-44f9-aa7c-80229780d2ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:26 GMT
Content-Type: application/javascript
Content-Length: 76583
Connection: keep-alive
Stored-Attribute-Sha-Checksum: f9fce767b48efa5ba940f180d7210d6f9d5c1569743951fb756e574c8e8ce86e
Last-Modified: Wed, 26 Apr 2023 15:12:23 GMT
ETag: "5b8f9de7319f5214c46d203ee7c78f9bf749d0b7eaa059e3b1056741a3d903ac"
Content-Encoding: gzip
Cache-Control: max-age=21600
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=21Z9m2qxEMvh%2fGMOS6KgKw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=EE61640094A93B6FEABBF80AD4A6BEAA~-1~YAAQlNAXAk5PbHaIAQAAsRWbeQmZ2ZOF4m52L8uaYbefFQY7t0+mOjwYMCd2jXWQ9v/Sv5kH0MwEa/qXHwuH6PgeEgRbNKguXxBYvelxknMw2RdSONaDGEfkgpSqW+NZDNZXlU5g882lR5kO+lPU2YlgKRBpS0M5cMya2oPEiXT7wIWspsp0Dc1qi6BfxbjQvPC7U0Ox9fNya8dGHbIrjMLUvt67gdqkxMQNMInFkVT6a+J0aMefM+UQuUYdfNCqrZyqJVJxpUdjSMeZ3/yYFsHa4zGUYhKT9ruUGISAwig0jlX5x/3ZO57bnBXdmixJkZU9dzHcAS8fsvTU3aL3VQRHZkBt+ZPNMLnLPDSpZIXsc5vpFfoWrmP19GqTGk4P~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:56:26 GMT; Max-Age=31536000; Secure
bm_sz=13FEAD9F9FA45B1585005EC90DBF04C8~YAAQlNAXAk9PbHaIAQAAsRWbeRPx9fgtke2UWUWEqJB6XXSEbJtWyOGj+v1qUFELVfcU8qp/PP6teaiOi+AfRq91mgFy3vmxFzUhV6DYI/mLf9G2idoFgW5W/F+wMmfvzYLTdCiLcWbSSmqXpJ0jXiU7DOM0vkVN/RAPdEnOY9chdJ7sGJbUrZ53SpH71l7wYivJ5My8Nn+5wTOL3xCPERjXB5PwQL4IvNlB/g8V+qijdzARm4b/Bfo7PbepQ53EZudM9kgepZkt5syxlG1ITkzWJW7JTLV36hflXgfrrOrnd4CMQwnV~4272449~4339766; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:56:26 GMT; Max-Age=14400
X-Via: 1.1 kf182:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3a_kf175_11820-24461

www--wellsfargo--com--g449329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single

163.171.132.220

200 OK

4.3 kB

URL GET HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
ASCII text, with very long lines (9269)
Size
4.3 kB (4283 bytes)
Hash
1c6ed2e8e9161309e7b27e0cb09006e5
e565d1eb10d52651f5f43566f9b5b838dd09428d
db9045e96e017931c97975c705d0700b26599fb9210c52c508f2823993a7e3ac

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company

HTTP Headers

GET /auth/login/static/js/general_alt.js?single HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:abb5ac43-042a-44f9-aa7c-80229780d2ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:26 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 4283
Connection: keep-alive
Content-Encoding: gzip
Expires: Fri, 02 Jun 2023 00:56:26 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A44Vm3mIAQAA0e0WKRbmJJWcrN-hMR8HdPUbxWy82XEusPFq0YTI8dJuNttTAaOrhK-cuNk0wH8AADQwAAAAAA|1|0|00a616573ac25c413a5b6306b0ea2eb00cc359e7; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=etO58jg2Er6EjbOcgfQYfjXfo5mg1PdvgKLzE8fp708U9onnQqOj8tQNTSoQ7tMh; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:26 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3a_kf175_12005-1372

www--wellsfargo--com--g449329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js

163.171.132.220

200 OK

58 kB

URL GET HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65500), with no line terminators
Size
58 kB (58231 bytes)
Hash
817137481b98432168705ff99aa7ca57
9049c9adaa1e735f5e8c1b17f72a88f8fad3994c
884b8a0cdadbb630b742a414622856e833532ecf5eb3ba87b6066bceb521f086

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /ui/javascript/homepage-ui/ps-homepage.js HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:abb5ac43-042a-44f9-aa7c-80229780d2ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:26 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 58231
Connection: keep-alive
Expires: Fri, 02 Jun 2023 00:39:35 GMT
Last-Modified: Tue, 18 Apr 2023 15:19:30 GMT
ETag: "643eb502-2c686"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01cV0174:4 (Cdn Cache Server V2.0), 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3a_kf175_11820-24460

www17.wellsfargomedia.com/assets/images/rwd/choice-privileges-card-79x50.png

104.88.16.188

200 OK

1.4 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/choice-privileges-card-79x50.png
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ISO Media, AVIF Image\012- data
Size
1.4 kB (1441 bytes)
Hash
723ea3757b670b62e78a271262f7a226
0eaa5d0a1bde4446a39f3d9c60a2719581c38837
ce9903039a68a570fa3787c621e9ea79efd40f4b24afd194c4025d085d48abed

HTTP Headers

GET /assets/images/rwd/choice-privileges-card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "64396a1c-1f52"
last-modified: Thu, 20 Apr 2023 01:30:29 GMT
server: Akamai Image Manager
content-length: 1441
content-type: image/avif
cache-control: private, no-transform, max-age=1211566
expires: Fri, 16 Jun 2023 01:29:12 GMT
date: Fri, 02 Jun 2023 00:56:26 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg

104.88.16.188

200 OK

26 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ISO Media, AVIF Image\012- data
Size
26 kB (25648 bytes)
Hash
1f8dadb2c78b667abbb3e1869fb823fd
7ac507de2102b9198b6590d339ed4ebbe5a4db27
c19b0b9b383a1efa5a50fe1c6e48fa46e03512e47666e17cfab1c7bb77c182ef

HTTP Headers

GET /assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "62057fd1-14ef3"
last-modified: Thu, 20 Apr 2023 01:31:58 GMT
server: Akamai Image Manager
x-serial: 1294
x-check-cacheable: YES
content-length: 25648
content-type: image/avif
cache-control: private, no-transform, max-age=1211723
expires: Fri, 16 Jun 2023 01:31:49 GMT
date: Fri, 02 Jun 2023 00:56:26 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png

104.88.16.188

200 OK

1.7 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.7 kB (1712 bytes)
Hash
c939da49d435a33b6da79639dd7b449e
b5c908f157d240c4b78f1e7a6c0808aa898c9c23
60088561eb43fca42fc2f9c996af43347355642872eabfa97a943d2f28ee474d

HTTP Headers

GET /assets/images/rwd/wf_logo_220x23.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61bcfcce-10c2"
last-modified: Thu, 20 Apr 2023 01:30:26 GMT
server: Akamai Image Manager
x-serial: 853
x-check-cacheable: YES
content-length: 1712
content-type: image/webp
cache-control: private, no-transform, max-age=1211586
expires: Fri, 16 Jun 2023 01:29:32 GMT
date: Fri, 02 Jun 2023 00:56:26 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png

104.88.16.188

200 OK

49 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
PNG image data, 1187 x 406, 8-bit colormap, non-interlaced\012- data
Size
49 kB (48569 bytes)
Hash
4576998e5446061faba47c4c609823e0
3beff60a8beab6ef65403e7bc02f996509c737a2
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39

HTTP Headers

GET /assets/images/sprite/responsive-sprite-v7.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 48569
last-modified: Thu, 21 Jul 2022 20:05:23 GMT
etag: "62d9b183-bdb9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=12851584
expires: Sat, 28 Oct 2023 18:49:30 GMT
date: Fri, 02 Jun 2023 00:56:26 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2

104.88.16.188

200 OK

22 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Size
22 kB (22424 bytes)
Hash
0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc

HTTP Headers

GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=12994406
expires: Mon, 30 Oct 2023 10:29:53 GMT
date: Fri, 02 Jun 2023 00:56:27 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2

104.88.16.188

200 OK

23 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Size
23 kB (22600 bytes)
Hash
83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba

HTTP Headers

GET /assets/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5848"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=12851598
expires: Sat, 28 Oct 2023 18:49:45 GMT
date: Fri, 02 Jun 2023 00:56:27 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2

104.88.16.188

200 OK

22 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Size
22 kB (22172 bytes)
Hash
f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704

HTTP Headers

GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=12994406
expires: Mon, 30 Oct 2023 10:29:53 GMT
date: Fri, 02 Jun 2023 00:56:27 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2

104.88.16.188

200 OK

22 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107\012- data
Size
22 kB (21636 bytes)
Hash
1a2740c8df445989e4ee5f5396b6474c
a3f8545619fdd5b2a481952cd9e2c7b169bb43a6
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc

HTTP Headers

GET /assets/fonts/wellsfargosans-lt.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 21636
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5484"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=12918835
expires: Sun, 29 Oct 2023 13:30:22 GMT
date: Fri, 02 Jun 2023 00:56:27 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www--wellsfargo--com--g449329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34

163.171.132.220

201 Created

18 B

URL POST HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

POST /DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34 HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2359
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:abb5ac43-042a-44f9-aa7c-80229780d2ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 201 Created
Date: Fri, 02 Jun 2023 00:56:27 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=SVb9blzuPVK28wb6wp7uBQ%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=SVb9blzuPVK28wb6wp7uBQ%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=1FF90C363A842F05CE9007122F3339B9~-1~YAAQlNAXAlVPbHaIAQAATBebeQkaBR21R9h8Klc+eHg6oQz460xP7Ij36N0v7j6pKO+yW8m6YYQvy/6/NR91wx0slw29z1qCrHWmI5ieyaxOAS923cuo7pRnbKfSW1yCPVrXz+HD8KGs/f8KHA5j4+OcJCbbTQy0JbJxQRZ6H2PqNxh+Q34koAsvjD5Dr5gJBMEe2tMRrtMXV1Z/ba5uERGngBYB60xSlz2SbZA4grdS2rPWXg6NBv8t0i1r63am9HXQNc/HeNCtB05a14uSTi1sKLeWwbMlWJRTpzW6qKW/tTvA72Xuvx28OJ/IAY6wiVHKTw8kqE20GqfozFDlL6M3jTyDnY3Olh1tBqy+jRDTX8vDJ6LYvWpjRPS5/f6d~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:56:27 GMT; Max-Age=31536000; Secure
bm_sz=7BCD1FDA8FC1790A3C7C30DC99F61233~YAAQlNAXAlZPbHaIAQAATBebeRNKIT52NJhBbW61NC6g3oZ3GzAuxvSQ+LjNTXcztr8P9nU9byETF2+Qe8FOcR20grnf7ceajhLShC2K4QSeJbHR9BNZJugFh2c/kWEqbaYWoC8jb2bt1y4VWRxckvKTn/pc2CAF65P9VBxXex9movdbTSQb3giNycxlYdcGz7phCEwmXJyJvxZgQZKcehL8rQRdY801wWZddCy85IEYmKpVbYPcU8tEFEE60/d0vpu+0njehQF7B4fEuFyh1PpreBm/84QA+y/h/882y1z+4dvJMPnU~3360056~3551543; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:56:27 GMT; Max-Age=14400
X-Via: 1.1 kf182:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3b_kf175_11680-55846

www--wellsfargo--com--g449329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js

163.171.132.220

200 OK

313 kB

URL GET HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65357)
Size
313 kB (313270 bytes)
Hash
86b0428bd52fbfeaf6fc736f21b79f1e
357a952f524df35ccf680ecc30ed8764444266bb
fe4623c9de643567800b8518f0a5163d4d6d634f87d93ab792b221834592d5ab

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company

HTTP Headers

GET /auth/login/static/js/general_alt.js?1js HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:abb5ac43-042a-44f9-aa7c-80229780d2ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:27 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Fri, 02 Jun 2023 00:56:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: DCID=ymaG3a7UKdrwyZelUeUnOSkWTEOb%2fAqEccDP6uugd+o%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3a_kf175_11820-24465

c1.wfinterface.com/tracking/hp/utag.js

95.101.10.106

200 OK

55 kB

URL GET HTTP/1.1
c1.wfinterface.com/tracking/hp/utag.js
IP
95.101.10.106:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (14989)
Size
55 kB (54703 bytes)
Hash
9c21270445d8d24ac6f6cd64ba2d2b87
9b6efc3ccfdefe0993369d64c73d1adb15420700
d0a902bf3de91f273513b56ce62fff64de0a89e4c8e05446546c99ab4a1910b9

HTTP Headers

GET /tracking/hp/utag.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 28 Mar 2023 20:08:18 GMT
Vary: Accept-Encoding
ETag: W/"64234932-31f01"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 54703
Date: Fri, 02 Jun 2023 00:56:27 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=sU4VuW8Oj7boVzpHTPl+pw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--g449329d48d6c.wsipv6.com/target/offers/conversations

163.171.132.220

200 OK

2.0 kB

URL POST HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/target/offers/conversations
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (10601), with no line terminators
Size
2.0 kB (2008 bytes)
Hash
1ac4d8588d96d66e31c005b9059ac172
d3b5bc358872fc2ad2f1a35e1848a4123afcf4df
2d7eebb1054cf4ff8ca2492355b1ac8055df9268f611a97b05d7f4ccb46afd46

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company

HTTP Headers

POST /target/offers/conversations HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 105
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:abb5ac43-042a-44f9-aa7c-80229780d2ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:27 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 2008
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; prefetch-src 'self' *.wellsfargo.com *.wellsfargomedia.com; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://resources.digital-cloud-prem.medallia.com https://www.knotch-cdn.com https://www.units.knotch.it https://*.knotch.it/; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.ads.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://www.linkedin.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://*.mworld.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://www.units.knotch.it; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-634c90b5-a6ac-4858-970a-7e8fca664c57' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.ads.linkedin.com https://www.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:abb5ac43-042a-44f9-aa7c-80229780d2ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:70; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742; Expires=Fri, 02 Jun 2023 00:56:57 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 00:56:57 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 00:56:57 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893; Expires=Fri, 02 Jun 2023 00:56:57 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:125; Expires=Fri, 02 Jun 2023 00:56:57 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=11202306011756271970097840; domain=.wellsfargo.com; path=/; expires=30 May 2033 00:56:27 GMT; secure=true; SameSite=Lax; HttpOnly
wcmcookiehp=E73D346294EA37D07B9CB0CA512EE5C4; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
DCID=7K%2f23bdycuPspuhYIqTm4xdxqaZm2s3e7cqYPskUKXM%2fQhdAEq2C4EQDuYM7QhW0; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:27 GMT;Httponly; Secure
_abck=1A2C0931A5366B0F1AE38A42D3B6E562~-1~YAAQlNAXAldPbHaIAQAAKBibeQlxo0ykLRP5BOsliee7xtyapmGB43FL5aMnh2SWYZ0ft8grHW2ivtCRcR5qgrp0Ne3oQy7sYG8HkJw8WqR79W6srb2BRjzmUbZ5oivRr0wDTMP3R4J0Pd46CdSU+c/4PSZS0mC3l8Zu0xlRtkxGglsEShajUGDuDZHUWf8tOgmwe6VmW3yrwl3Q8BpfPXXJVpdW/PhOvJL1ev5/ws7B5qHshISZiX07NpRXAoZVx+1XGCfhrZhxSnvL7/yr2hj7eQX/lAxHs6+kyhfAyk+tUEVa+4N4gztwAenxCG9DWZgMegOFJ5EPmTBWW6vSMSBsdnYHSdr2N+dvwF4UMybmhvtf5legxaXVGwVQn4s8~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:56:27 GMT; Max-Age=31536000; Secure
bm_sz=1B1C9D2C086D1D9EB7DAF89B741AD6AF~YAAQlNAXAlhPbHaIAQAAKBibeRNOzICUbvtc/f6jfibJJ3uc1PFIXxMZdO9CJppxEgCZK58JSRXDKho3Gce5AHVtGJ9iXV0FUhiCkmmYWjLFe9eiVh5PujVHPGSUhvPqf/IdMFrht+Eq0EEShDM6G5b1Cp3ztROidL6gQu/sKQQgZusDDgRyh7duA/qzd3oOX77MB76DUa5Uy297H9YbzxHbhw/iQh4X9FisZEOrD3Mo+GDrJRvcWxbuO/FHGKC7BhcP2cZa8/odGv0uUw9ekYyxClOxu3Of6JarORiBVLIRvm5aKEfd~4272449~4339766; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:56:26 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf173:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3a_kf175_11685-8056

www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png

104.88.16.188

200 OK

964 B

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ISO Media, AVIF Image\012- data
Size
964 B (964 bytes)
Hash
7f9f34586bf809f8eb21ceb6b46045d7
90691768aff809a00ce2b33df7e37e34dcdbcbe0
dca86ff9007564cbcb0515ec84dfc727fd8648005a8f12eb0bf5a3278431d6e0

HTTP Headers

GET /assets/images/icons/icon-hires_192x192.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6116f9a6-dcf"
last-modified: Thu, 20 Apr 2023 01:32:50 GMT
server: Akamai Image Manager
content-length: 964
content-type: image/avif
cache-control: private, no-transform, max-age=1211672
expires: Fri, 16 Jun 2023 01:30:59 GMT
date: Fri, 02 Jun 2023 00:56:27 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico

104.88.16.188

200 OK

9.2 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
9.2 kB (9198 bytes)
Hash
cd112f1acb59ef6e59e09c0effd8ce2a
bc104cd92adc32a8f695300d2b0cc69c2776f6af
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c

HTTP Headers

GET /assets/images/icons/ico/favicon.ico HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/x-icon
content-length: 9198
last-modified: Fri, 17 Dec 2021 21:10:38 GMT
etag: "61bcfcce-23ee"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=45416
expires: Fri, 02 Jun 2023 13:33:23 GMT
date: Fri, 02 Jun 2023 00:56:27 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_o_enjoy300_1700x700.jpg

104.88.16.188

200 OK

1.6 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_o_enjoy300_1700x700.jpg
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ISO Media, AVIF Image\012- data
Size
1.6 kB (1646 bytes)
Hash
f4ea54d2de3587734104a7fe6ac34593
abb69048123b667ad90dcba04da4f08a4a4aeeb7
e802f40411f32bc8331100de87c647c70071bbd2e29a44befcd52e48c6020205

HTTP Headers

GET /assets/images/contextual/responsive/hpprimary/wfi_ph_o_enjoy300_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63f63d12-aabe"
last-modified: Thu, 20 Apr 2023 01:43:32 GMT
server: Akamai Image Manager
x-serial: 1743
x-check-cacheable: YES
content-length: 1646
content-type: image/avif
cache-control: private, no-transform, max-age=1212500
expires: Fri, 16 Jun 2023 01:44:47 GMT
date: Fri, 02 Jun 2023 00:56:27 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg

104.88.16.188

200 OK

25 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ISO Media, AVIF Image\012- data
Size
25 kB (24880 bytes)
Hash
bf978a151ba3f10a7412e8cd5fbdb863
2af8e9c16c4f1e96ba1e86beee63521c802c2cce
ac555d446e447b4c8cf2bf2dd377d53c3b21faf83da3259dc8839c782eba1d9e

HTTP Headers

GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6350580a-d82f"
last-modified: Thu, 20 Apr 2023 01:30:23 GMT
server: Akamai Image Manager
content-length: 24880
content-type: image/avif
cache-control: private, no-transform, max-age=1059227
expires: Wed, 14 Jun 2023 07:10:14 GMT
date: Fri, 02 Jun 2023 00:56:27 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_482407060_616x353.jpg

104.88.16.188

200 OK

27 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_482407060_616x353.jpg
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ISO Media, AVIF Image\012- data
Size
27 kB (26587 bytes)
Hash
45a212ca9acc61f0bb2570fad9b1ef6d
0766da6abe3d736412ceba81a699a55110feb6b5
99dade4264e8d662c215bf128f8911bf7e53123d661d9783c0a4260970fd51fb

HTTP Headers

GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_482407060_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63505838-e489"
last-modified: Thu, 20 Apr 2023 01:30:25 GMT
server: Akamai Image Manager
content-length: 26587
content-type: image/avif
cache-control: private, no-transform, max-age=1211599
expires: Fri, 16 Jun 2023 01:29:46 GMT
date: Fri, 02 Jun 2023 00:56:27 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png

104.88.16.188

200 OK

562 B

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
562 B (562 bytes)
Hash
2bcde1c3190b4af34b91259d18dcc641
3e6b6735a8876b4a326648142fab032a8bc57999
de658330c0f53de61d10240f572508c31ee9db580f34b856430724f2e499104c

HTTP Headers

GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63cb7c4d-769"
last-modified: Thu, 20 Apr 2023 01:30:29 GMT
server: Akamai Image Manager
content-length: 562
content-type: image/webp
cache-control: private, no-transform, max-age=1211612
expires: Fri, 16 Jun 2023 01:29:59 GMT
date: Fri, 02 Jun 2023 00:56:27 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_900217040_616x353.jpg

104.88.16.188

200 OK

24 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_900217040_616x353.jpg
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ISO Media, AVIF Image\012- data
Size
24 kB (23508 bytes)
Hash
87b3f9d652a18e74ea8ef53a99b251d6
8773c9b3a11fb9247039d731888724ccfb74bb5d
86e522c61649a3fd7b76ea8d8304d88fa1b86d029a349c64a2e4ee3683d019c4

HTTP Headers

GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_900217040_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63cb7c49-e902"
last-modified: Thu, 20 Apr 2023 01:30:31 GMT
server: Akamai Image Manager
content-length: 23508
content-type: image/avif
cache-control: private, no-transform, max-age=1211550
expires: Fri, 16 Jun 2023 01:28:57 GMT
date: Fri, 02 Jun 2023 00:56:27 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png

104.88.16.188

200 OK

1.1 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ISO Media, AVIF Image\012- data
Size
1.1 kB (1131 bytes)
Hash
89a0759ff4f79071f11a1f90bffd9337
2d734cb1eda293788a673c1fae36b2c1d7e92bae
2223c16db671322ea90112c50128563ee80413e33769d718bd92b99da094712c

HTTP Headers

GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "633eedd3-e69"
last-modified: Thu, 20 Apr 2023 01:30:30 GMT
server: Akamai Image Manager
content-length: 1131
content-type: image/avif
cache-control: private, no-transform, max-age=1211495
expires: Fri, 16 Jun 2023 01:28:02 GMT
date: Fri, 02 Jun 2023 00:56:27 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_piggy-bank_color-gradient_64x64.png

104.88.16.188

200 OK

1.4 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_piggy-bank_color-gradient_64x64.png
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ISO Media, AVIF Image\012- data
Size
1.4 kB (1420 bytes)
Hash
965f76605b195f4ccfe05353f99ec406
7cc5b65bebc32a1835e778bf984d202fe472bd30
7bb20bbccd8f33fc25b907e8fcbefb0d73b1a9ae7076f8e688fc633f09690de6

HTTP Headers

GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_piggy-bank_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "64501bd4-10f8"
last-modified: Tue, 16 May 2023 13:54:43 GMT
server: Akamai Image Manager
content-length: 1420
content-type: image/avif
cache-control: private, no-transform, max-age=1169991
expires: Thu, 15 Jun 2023 13:56:18 GMT
date: Fri, 02 Jun 2023 00:56:27 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_hplp_savings_1600x700.jpg

104.88.16.188

200 OK

2.0 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_hplp_savings_1600x700.jpg
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ISO Media, AVIF Image\012- data
Size
2.0 kB (1950 bytes)
Hash
54e10b9c13d7d34c19657767d4bab80c
e34a8ab8569f015fcc331eb9eea548cffb7466fd
3059d71b7591fed5674007cbfe04627a88397d42cc58f9a107becb0c269d825b

HTTP Headers

GET /assets/images/contextual/responsive/lpromo/wfi_ph_hplp_savings_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6453c985-8adb"
last-modified: Wed, 17 May 2023 14:04:04 GMT
server: Akamai Image Manager
content-length: 1950
content-type: image/avif
cache-control: private, no-transform, max-age=1256956
expires: Fri, 16 Jun 2023 14:05:43 GMT
date: Fri, 02 Jun 2023 00:56:27 GMT
X-Firefox-Spdy: h2

www--wellsfargo--com--g449329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34

163.171.132.220

201 Created

18 B

URL POST HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

POST /DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34 HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2835
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=; ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:125
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 201 Created
Date: Fri, 02 Jun 2023 00:56:27 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=t4Q6JNjD1ids7OjVjHV74w%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=t4Q6JNjD1ids7OjVjHV74w%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=B442BF7D5FBBD9CD40D91881BC3449AF~-1~YAAQlNAXAltPbHaIAQAA0BmbeQn5IKxc89zjl0Pi3DqVAqzHpgJ+YjdelY5ewv0HcCHQRq53N1O1/SlQ/i8R+lcoyOJ55XXMTbeKktumjxoI8j2QaJjzaJy8u7cqan9/dhg3ipaZWFK2xGD2ZJfbILu0zx5ETlMzhkw5DcCHF8MjeKW9deLjlCOJQm32uKfRn7JJk2yedSJRHNoCkSbqAJRCObHmf/gZbDqm/staWizHs8FNJH/y7PkFtFdCsk+tIgdg0DzTE4cTHDX0/8HNXOPfF9y0kEu+a+9FruG+BrPatUpTrJwV+6xyVokiQIACG46h56bl4k3GZNR2vfVqpY1qGgndPyHlsz5c+a2GzSlTwdw1TpD/LUJEEnZTZWbF~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:56:27 GMT; Max-Age=31536000; Secure
bm_sz=4C87DC886170C279576E029FE1161E55~YAAQlNAXAlxPbHaIAQAA0BmbeROzWdigs9gtSz4ZDbiDcp3QfarR/Ah5rtt+Rgkm9rbSM70t5fHMIEwKE41yyTlgpXt06qkFduNFQ4X9Kx0LV2LHpOJ1OCxLWOXwtQzeL0Cmc+joN1Q74b0TJcuyzqRbqKTQ37U9+FSowGOTvXWQ3oa4epUl6Hp/6Pj1B/S4LG5wXFWP9Z6i2NBK/b1TyfwtPNIy2JXpJOu7/AGwvwzxMvO2mubUzYKMjFeYGvvjaNWkDrZAhCvbhXrIaFJ02CqjWMkCjNEKmXe4R+xcBHm28G7BC6dW~3360056~3551543; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:56:27 GMT; Max-Age=14400
X-Via: 1.1 kf182:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3b_kf175_11820-24481

www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png

104.88.16.188

200 OK

463 B

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ISO Media, AVIF Image\012- data
Size
463 B (463 bytes)
Hash
4ba6a57b8c9f52ede1b958bd4b63700b
22a693eb43a2a76ab994782bc50cc262f986a240
c13a85df86fed8e3d77b952a59a1736743127f1422873b47b4d0a59092c62de2

HTTP Headers

GET /assets/images/homepage/position-1-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-9f2c"
last-modified: Thu, 20 Apr 2023 01:30:38 GMT
server: Akamai Image Manager
content-length: 463
content-type: image/avif
cache-control: private, no-transform, max-age=1211719
expires: Fri, 16 Jun 2023 01:31:46 GMT
date: Fri, 02 Jun 2023 00:56:27 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png

104.88.16.188

200 OK

831 B

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ISO Media, AVIF Image\012- data
Size
831 B (831 bytes)
Hash
026f5e731899c436dbbec268e870905a
160ed7b7fe9a30e81aae6f1136db6ce939113a7e
2a242450947c5c9d9496cd2d4acb67d50b269f5ce36070c3b98c4f88db3307db

HTTP Headers

GET /assets/images/homepage/position-2-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-cf3e"
last-modified: Thu, 20 Apr 2023 01:33:02 GMT
server: Akamai Image Manager
x-serial: 1447
x-check-cacheable: YES
content-length: 831
content-type: image/avif
cache-control: private, no-transform, max-age=1211742
expires: Fri, 16 Jun 2023 01:32:09 GMT
date: Fri, 02 Jun 2023 00:56:27 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png

104.88.16.188

200 OK

405 B

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ISO Media, AVIF Image\012- data
Size
405 B (405 bytes)
Hash
08e3eec615bb3f7d07a95e1e79f96189
c05ef7184eedcb31aee442ad8c474ff306b1d473
89026cd6ac7b7314c1a5b075471d09a9b672ac011254541c9d2b521b90c6cb3e

HTTP Headers

GET /assets/images/homepage/position-3-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-7b35"
last-modified: Thu, 20 Apr 2023 01:33:39 GMT
server: Akamai Image Manager
content-length: 405
content-type: image/avif
cache-control: private, no-transform, max-age=1211864
expires: Fri, 16 Jun 2023 01:34:11 GMT
date: Fri, 02 Jun 2023 00:56:27 GMT
X-Firefox-Spdy: h2

www--wellsfargo--com--g449329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AEDfgnmIAQAAKEyXldHjYQuNKyXu2toehM-eRINAGZQ18MLmkTGrGrU1TW2O&X-G2Q3kxs3--z=q

163.171.132.220

200 OK

151 kB

URL GET HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AEDfgnmIAQAAKEyXldHjYQuNKyXu2toehM-eRINAGZQ18MLmkTGrGrU1TW2O&X-G2Q3kxs3--z=q
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
151 kB (150606 bytes)
Hash
2c17eb47d1c407de9a611d0db7103e3c
443716089971a241b4c62de809a2735cce6b2d68
7e83146d959f122ca370293d6a125187a665f90cccabca0735c4a65fec5b0b9b

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company

HTTP Headers

GET /auth/login/static/js/general_alt.js?async&seed=AEDfgnmIAQAAKEyXldHjYQuNKyXu2toehM-eRINAGZQ18MLmkTGrGrU1TW2O&X-G2Q3kxs3--z=q HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:abb5ac43-042a-44f9-aa7c-80229780d2ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:28 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Fri, 02 Jun 2023 00:56:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A7IWm3mIAQAAkXJidPi8vksFv7AH--QiHP6GrS4dahWQGbeAYU1UhwYx6I1kAaOrhK-cuNk0wH8AADQwAAAAAA|1|0|f38018e2981cb9072790436c903bac2a5fb7e0e5; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=jwqNRAb7qpBWRVrOcR33HsCfC0IKUO8DK1qBl0xAbII%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3a_kf175_11820-24466

www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png

104.88.16.188

200 OK

840 B

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
840 B (840 bytes)
Hash
6ec98f68003e2c6714282b232614e8d1
2e159a3a6e6796d1cc201770ac015f96f905ef56
f9c237c7739705ea404e9682f13e557a1d984f2493f6f619bdfce44c9a71445d

HTTP Headers

GET /assets/images/rwd/Active-Cash-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-1d25"
last-modified: Thu, 20 Apr 2023 01:31:18 GMT
server: Akamai Image Manager
x-serial: 1153
x-check-cacheable: YES
content-length: 840
content-type: image/webp
cache-control: private, no-transform, max-age=1211596
expires: Fri, 16 Jun 2023 01:29:44 GMT
date: Fri, 02 Jun 2023 00:56:28 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg

104.88.16.188

200 OK

962 B

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ISO Media, AVIF Image\012- data
Size
962 B (962 bytes)
Hash
699a91c4d536a60f1a4bd48622194f70
91b303fbf65778043ddd2fe6f39f4798f207f320
8c456a47b3f97fa54853761f544146ab5b5277a11603a18f080947d76e31d54a

HTTP Headers

GET /assets/images/rwd/wf_autograph_card_79x50.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-81c"
last-modified: Thu, 20 Apr 2023 01:32:43 GMT
server: Akamai Image Manager
content-length: 962
content-type: image/avif
cache-control: private, no-transform, max-age=1106537
expires: Wed, 14 Jun 2023 20:18:45 GMT
date: Fri, 02 Jun 2023 00:56:28 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png

104.88.16.188

200 OK

712 B

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
712 B (712 bytes)
Hash
89489c444f1ee92b133eb97304e31020
62ea0737595301aabcda8a6dbe95184ba9a75558
e06b14ec84ac8651fc009b444e0560a78c1919f45df8106a9c14cd708d5b804e

HTTP Headers

GET /assets/images/rwd/Reflect-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-1c20"
last-modified: Thu, 20 Apr 2023 01:30:55 GMT
server: Akamai Image Manager
x-serial: 1166
x-check-cacheable: YES
content-length: 712
content-type: image/webp
cache-control: private, no-transform, max-age=1211504
expires: Fri, 16 Jun 2023 01:28:12 GMT
date: Fri, 02 Jun 2023 00:56:28 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png

104.88.16.188

200 OK

1.1 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ISO Media, AVIF Image\012- data
Size
1.1 kB (1083 bytes)
Hash
21385ee55bb1e5a680bb48257446fb86
9639eb9d1c5805fa350013eaa2f11c08835459e0
cfcc50571ad947e067c5a0853534d3016eaaef2fd98ffdb9b0d4d3c1bdda0273

HTTP Headers

GET /assets/images/rwd/bilt_card_79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fc445-1be6"
last-modified: Thu, 20 Apr 2023 01:31:08 GMT
server: Akamai Image Manager
content-length: 1083
content-type: image/avif
cache-control: private, no-transform, max-age=1211590
expires: Fri, 16 Jun 2023 01:29:38 GMT
date: Fri, 02 Jun 2023 00:56:28 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png

104.88.16.188

200 OK

1.7 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ISO Media, AVIF Image\012- data
Size
1.7 kB (1662 bytes)
Hash
e218a28576f6620622d48155284b5551
d189e371b0ce3dac93f0b9e660c426d932da9274
f990b81e77666bac79e3f1f9399b7763ca7eb64b1d70acea21cbe954413cc0c3

HTTP Headers

GET /assets/images/rwd/first_time_experience-account_summary.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "618287e9-14da"
last-modified: Thu, 20 Apr 2023 01:30:31 GMT
server: Akamai Image Manager
content-length: 1662
content-type: image/avif
cache-control: private, no-transform, max-age=1211652
expires: Fri, 16 Jun 2023 01:30:40 GMT
date: Fri, 02 Jun 2023 00:56:28 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png

104.88.16.188

200 OK

7.4 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ISO Media, AVIF Image\012- data
Size
7.4 kB (7363 bytes)
Hash
c885a0955f4f35b25bceca71830f266d
4bbdc15de0149dee5e6feae4fb32a520a983a1ca
5c18c7230c1e013e39d16af91a84fdedd4a6cb5874e26729f0883978c4ba229e

HTTP Headers

GET /assets/images/rwd/Native_App_Phone_Personal_v8.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6328cc17-9829"
last-modified: Thu, 20 Apr 2023 01:39:11 GMT
server: Akamai Image Manager
x-serial: 7
x-check-cacheable: YES
content-length: 7363
content-type: image/avif
cache-control: private, no-transform, max-age=1211915
expires: Fri, 16 Jun 2023 01:35:03 GMT
date: Fri, 02 Jun 2023 00:56:28 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg

104.88.16.188

200 OK

20 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ISO Media, AVIF Image\012- data
Size
20 kB (19628 bytes)
Hash
87490ccdfd428eee95e906fbce88432a
e1c384061e5aaf77bcf202341510db8cdc2ae350
936c825f599809216670e9444d31e555e587b6f9943a89681cfef3621c5b0843

HTTP Headers

GET /assets/images/rwd/volunteers_cars_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "618017dd-cd21"
last-modified: Thu, 20 Apr 2023 01:30:41 GMT
server: Akamai Image Manager
content-length: 19628
content-type: image/avif
cache-control: private, no-transform, max-age=1211480
expires: Fri, 16 Jun 2023 01:27:48 GMT
date: Fri, 02 Jun 2023 00:56:28 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/women-in-greenhouse_616x353.png

104.88.16.188

200 OK

31 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/women-in-greenhouse_616x353.png
IP
104.88.16.188:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ISO Media, AVIF Image\012- data
Size
31 kB (30860 bytes)
Hash
6e75964fb01ae452f65c9fa41cd3326e
1a0909cc3f5290bb291f4d35abdc4df63767ef9e
417df9b440b214aa81b429a205291afb424c1ae8a3c9143dd22e17befaada5e2

HTTP Headers

GET /assets/images/rwd/women-in-greenhouse_616x353.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6410d4f7-b51b"
last-modified: Thu, 20 Apr 2023 01:30:32 GMT
server: Akamai Image Manager
x-serial: 1698
x-check-cacheable: YES
content-length: 30860
content-type: image/avif
cache-control: private, no-transform, max-age=1211498
expires: Fri, 16 Jun 2023 01:28:06 GMT
date: Fri, 02 Jun 2023 00:56:28 GMT
X-Firefox-Spdy: h2

www--wellsfargo--com--g449329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34

163.171.132.220

201 Created

18 B

URL POST HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

POST /DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34 HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2295
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=; ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:125; utag_main=v_id:0188799b18020014e8502e9d3c4d05046003700900918$_sn:1$_se:1$_ss:1$_st:1685669187395$ses_id:1685667387395%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 201 Created
Date: Fri, 02 Jun 2023 00:56:28 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=o23oI6mHufWDNErIP7UARg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=o23oI6mHufWDNErIP7UARg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=84C9FD65B4F9F811571F05E3C2A44615~-1~YAAQlNAXAmNPbHaIAQAAUhybeQn3dyXR5tPt/WCNr5dZ6eK58OLluPvY/FO/1tiuaMRnqQVMh+r3385Ry7mKWqJW4MVcQYU2A1cQAZYsL0/D4Wifp+trpShA2uuudsmb4ULPGYzk4SzFNIecHQvNUbTI1oM1pYvFIyb0JH7EKXJLNjQrxah/sCk4UYXdHkng18fS/50baaDGEVxr+tZp38KqWp+YykQQk2dvKxRnNGyMtoH4W9nZHL1fSajRVVNtX+dj5zyP76NwXcGu6b/apOsIZ3wz/lOo0329x4mPtUBNiEy++Cp9St5mhBfzDaQokkexlnp65+cdRcX/SWoYnnj53hfjL/qysNz8QRrzS52mi1VUo6uyKU45sv0rleUa~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:56:28 GMT; Max-Age=31536000; Secure
bm_sz=483516B385E52E47C09E5662E0702072~YAAQlNAXAmRPbHaIAQAAUhybeROlm41UP8ts0xz+yZGbQ1D1WBMksEiIU3BcPWSuJtsJUo6UlW38T3MJFHDeX/4Ecf2YdqQaQu4N28/yLipdlbVlyXX7xq1itPDqSo3H8badLfJ6SqF+FLFouvl/583+paHwaB8E6uUJxImCj7kEjxSGBywvyp2UgBSGXxJH5LMv101KYu60ADf08LM3eVac1vddpmw7Mp2mSJKaG94dsjgiCKh0r4j2VNTpLhnJ1NWQksp0szpKBsm2oPmR2JIwJqf8kNcTZxa72bsnZkdSct+3TRKT~3622214~4473666; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:56:28 GMT; Max-Age=14400
X-Via: 1.1 kf182:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3c_kf175_11820-24489

connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js

95.101.10.136

200 OK

571 B

URL GET HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
IP
95.101.10.136:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT

File type
C source, ASCII text
Size
571 B (571 bytes)
Hash
6497c4493a39dde646c25ba77769bdff
a274bf8eeb1162704dffb48a94fa7984257d5bb0
87539e9903c436b134e3eedeb2fba22286fbca83cfd766afd62e6de9d10167aa

HTTP Headers

GET /accounts/static/7M/accounts/short/accounts-cache.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: W/"645c0402-497"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 571
Date: Fri, 02 Jun 2023 00:56:28 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=TslciBEknpLTH1PirFfDKf0Uuqf8Pv+0fqyuzSljPeLY9v3kXO3Spv1PLAIkWrzt; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:28 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

c1.wfinterface.com/tracking/gb/detector-dom.min.js

95.101.10.106

200 OK

138 kB

URL GET HTTP/1.1
c1.wfinterface.com/tracking/gb/detector-dom.min.js
IP
95.101.10.106:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65434)
Size
138 kB (138549 bytes)
Hash
c71e354b6a3fbb7e60e42b5cd392761e
b0abcc1cda4144fb29550225f7c3dd0342d11fbf
c5efd80b0945674f1ffbb895395fb45f44b6030a3d2c6380b03202e667c51923

HTTP Headers

GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 28 Mar 2023 20:08:12 GMT
Vary: Accept-Encoding
ETag: W/"6423492c-7049c"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 138549
Date: Fri, 02 Jun 2023 00:56:28 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=invMiChxFwCeuLAJqISChA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1

95.101.10.106

200 OK

45 kB

URL GET HTTP/1.1
c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
IP
95.101.10.106:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65507), with CRLF line terminators
Size
45 kB (45055 bytes)
Hash
91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a

HTTP Headers

GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 02 Jun 2023 00:56:28 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=XAimtOsOjK7x5EsUYKF2Ww%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js

95.101.10.152

200 OK

14 kB

URL GET HTTP/1.1
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP
95.101.10.152:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (32088), with CRLF line terminators
Size
14 kB (14304 bytes)
Hash
5f310e2e2a558d76b916e137aee73462
c7ff0190c9c2c414321211f3863e9e27f32b713e
385196f0fce7cea80c2c99d971780ecb73df9dea6e5b2d95d19df3aa849c7b1f

HTTP Headers

GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 14304
Date: Fri, 02 Jun 2023 00:56:28 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=XzxZAqubLb3Z5EE91mxKOg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--g449329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA

163.171.132.220

200 OK

175 B

URL POST HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
175 B (175 bytes)
Hash
a38399c2d7381415aaefab072ba759d2
a7cbebecc1c94f556ec000999d0356bf2af91e10
be64fbaa1bbcf79077564e3f2bf4911232d3ae445ee03f1055c8fcd5582425c7

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company

HTTP Headers

POST /dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Content-Type: multipart/form-data; boundary=---------------------------172435247620998535383380623292
Content-Length: 171
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=; ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:125; utag_main=v_id:0188799b18020014e8502e9d3c4d05046003700900918$_sn:1$_se:1$_ss:1$_st:1685669187395$ses_id:1685667387395%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTY5fKMb6hbF8CmqoxevqNh5DdaK3RyB8AlMoE2ko%2FE%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:28 GMT
Content-Type: application/json
Content-Length: 175
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
x-envoy-decorator-operation: ingress DeviceCategoryPost4
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Sn3coh3yOycx5bz5CoX%2fi6zuU6dbGqjC%2f2k+KnDOx9eQp5hVTy6KJVhg4zdRaFnq; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:28 GMT;Httponly; Secure
_abck=057B6D2800464A9C376A37F0EC97CD30~-1~YAAQjtAXAm0kd22IAQAAlh2beQmvFTS57rperjspADrJzOjrzxhT7RwE38Is/5tBImRvmow7LMnwZKDYDOSwGJwPZSibboXhVvybxU4/QlPqwM1YFqm/oa5moxCNEXtehxIHUVTDunrFcspYkn1XGQXtePQA3fwqyqrIu/iQvxcUuM0leQuHisT/wMgH2H+e5kGeZX3zckXsowOIRvV94kkykEKcsAKMtCYp+u8MzoSdfzHh4i0sOy9aBAmVtAIE+Vu+UiWeO2qFbrcPMuRkX9ON01xQIIMqtAjTpKy1XilIlsjA8ofDNeh7KQ+ZyWOmYHrTDYfat7jejNIB7UMunvCYLpWFKmHHXBbi4PQ+FH+sOxEb/qGVNVEix/G0njL1~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:56:28 GMT; Max-Age=31536000; Secure
bm_sz=8EDA0669A8F152684C701874BDCC2649~YAAQjtAXAm4kd22IAQAAlh2beRP4v9CDZXwRzrI5E/nALM9xbNeWI5UD41bSFCIMov7pFN1k8lNbnismxtxCcTb3yU4HGEQqwd2hAuyOFhdOIjhGZdWNX069C4K2WGPL29PxkSomR5HK1fIEWxnoPYQ/+MghXsSq+w8Ggnk1ydrmYx2uxfL3QWaxd0OAuAT8SlEuJdWOyZlFONUKbmQYfdLAX9plSgM3QGVEHf+uWfCeJcPhORm47JFI+vzIy8eT7mKlqB+FsBym8euoxKL0sE03cTCB7GoVXGl8BUsok7I2SsYTmfZm~3622214~4473666; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:56:28 GMT; Max-Age=14400
X-Via: 1.1 kf175:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3c_kf175_11820-24490

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.6f78b5133f378c92c1b9.chunk.css

95.101.10.194

200 OK

24 kB

URL GET HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.6f78b5133f378c92c1b9.chunk.css
IP
95.101.10.194:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
24 kB (23979 bytes)
Hash
7761c210936c5ffbc16bf3a859c5c649
30b0294e872a612bbb44fef185397b20839a6a7f
5b306356aae0365e64f0f2aeb36e88aaebcfad3cede0791f87a2cd3d8fbbe9af

HTTP Headers

GET /accounts/static/7M/accounts/public/stylesheets/main.6f78b5133f378c92c1b9.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 23979
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-5dab"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Fri, 02 Jun 2023 00:56:28 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=7S0oReNgq%2f2C6pM%2fvVKfyg%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.df910294345cedd2922e.chunk.css

95.101.10.194

200 OK

39 kB

URL GET HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.df910294345cedd2922e.chunk.css
IP
95.101.10.194:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
39 kB (39080 bytes)
Hash
1415f9572acbb3f9c9b735caa721379c
b028e1c6270ffbbeaaad4df08669a519dabef72c
38526f61faf9a7f3f0612e909fb6f786a7ffba9b899c4d37ee66a7f08dd8f69d

HTTP Headers

GET /accounts/static/7M/accounts/public/stylesheets/wfui.df910294345cedd2922e.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 39080
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-98a8"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Fri, 02 Jun 2023 00:56:28 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=DCH4uqo%2foQVFmdGMaYVYHw%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.0b407b6e491f76ce3813.js

95.101.10.136

200 OK

3.8 kB

URL GET HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.0b407b6e491f76ce3813.js
IP
95.101.10.136:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (7626), with no line terminators
Size
3.8 kB (3788 bytes)
Hash
376eecf5abc22210cbcec8dc18f21cf6
be2406fc2ef24c86c85eb04a9c36559ef1fa3d7b
a56f4f80c32f2fd3a8d47679dfd0456765d23a853a0f12c5bdf7e8bae4c65a20

HTTP Headers

GET /accounts/static/7M/accounts/public/js/runtime.0b407b6e491f76ce3813.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: W/"645c0402-1dca"
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Content-Encoding: gzip
Content-Length: 3788
Date: Fri, 02 Jun 2023 00:56:28 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=AHmQ1uAyrDtnnl6kczagSJEA++fLEJv+74bqFvrcbYr%2fAs7fnKS%2fCi04Leha6juo; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:28 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js

95.101.10.136

200 OK

150 kB

URL GET HTTP/1.1
connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
IP
95.101.10.136:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
150 kB (150453 bytes)
Hash
8c49aada7444fa1b353784d77f50d08f
8ae52b38806a7b35e5651f2550e91870741a974d
9b31ab6c67ded96e11c4f221af96600630a763a420075719485008730662df3a

HTTP Headers

GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Allow: GET, POST, OPTIONS
Access-Control-Allow-Methods: POST
X-Frame-Options: SAMEORIGIN
ETag: W/"645d3f60-1854"
Last-Modified: Thu, 11 May 2023 19:17:52 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Length: 150453
Date: Fri, 02 Jun 2023 00:56:29 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
WesdAksn=A6wcm3mIAQAAdHHH4Weu48uAPOlzxJGvsCO1P-e9tL2dC4Gyid3u_ikxCcRAAVtaKpqcuNk0wH8AADQwAAAAAA|1|0|5c634aa25d6e85665d9f89a3261f3d9b25d59589; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=0jUtVQrMKZoildnJDq1BB1uf5XPWCYDCgGm0AVbV2TBf3QCN2h9JzubflUaY5vaj; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:28 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1

95.101.10.106

200 OK

45 kB

URL GET HTTP/1.1
c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
IP
95.101.10.106:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65507), with CRLF line terminators
Size
45 kB (45055 bytes)
Hash
91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a

HTTP Headers

GET /tracking/ga/gtag.js?t=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 02 Jun 2023 00:56:29 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=sFk+tOuenBhKjdWGwQb1Qw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a%3A0&_cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa&pv=2&f_cls_s=true

95.101.10.104

200 OK

1.1 kB

URL GET HTTP/1.1
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a%3A0&_cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa&pv=2&f_cls_s=true
IP
95.101.10.104:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (4589), with no line terminators
Size
1.1 kB (1142 bytes)
Hash
e949aad1df6da885ff5f025848250b3b
20ed8981680c234574e4d6c6ffb561c34e5d355e
c0292545cdda71e0afc494475e657886cc610ca3db552d8cd6f5d32f7f1990b6

HTTP Headers

GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a%3A0&_cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1142
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Fri, 02 Jun 2023 00:56:29 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=32a3f9ce; Secure; SameSite=None;HttpOnly;Secure
_cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa; Secure; SameSite=None;HttpOnly;Secure
_cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!9nK9UitjFV1Qd+wq/D2JHXmrrcNtC2XOWOzuj7WpEDCDMWB3U98KxBazuIYs4+7/Bifh7/w9pl493A==; path=/; Httponly; Secure
DCID=ben90RuGHs%2fuZNe20xGI+jm1t+JD2fWJ1H9NZKMSE9VhyzP7hyfqv5+W3sTOdFyU; Domain=rubicon.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--g449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388548&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP

163.171.132.220

200 OK

43 B

URL GET HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388548&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388548&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=; ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:125; utag_main=v_id:0188799b18020014e8502e9d3c4d05046003700900918$_sn:1$_se:2$_ss:0$_st:1685669188338$ses_id:1685667387395%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTY5fKMb6hbF8CmqoxevqNh5DdaK3RyB8AlMoE2ko%2FE%3D%22%2C%22_s%22%3A%22RhtGcYt6%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C79042662669807241127214594726795526491%7CMCOPTOUT-1685674588s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa; _cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 00:56:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=s+Doec70Nz%2fH9hLMpjlooQtO+Ud5AcCw3%2fXkPJl%2fulznjM2VU%2f3aXpwdTMMngxvZ; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3c_kf175_11820-24498

www--wellsfargo--com--g449329d48d6c.wsipv6.com/as/jsLog

163.171.132.220

200 OK

0 B

URL POST HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/as/jsLog
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company

HTTP Headers

POST /as/jsLog HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 166
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=; ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:125; utag_main=v_id:0188799b18020014e8502e9d3c4d05046003700900918$_sn:1$_se:2$_ss:0$_st:1685669188338$ses_id:1685667387395%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTY5fKMb6hbF8CmqoxevqNh5DdaK3RyB8AlMoE2ko%2FE%3D%22%2C%22_s%22%3A%22RhtGcYt6%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C79042662669807241127214594726795526491%7CMCOPTOUT-1685674588s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa; _cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:29 GMT
Content-Length: 0
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-29319048-05e5-4c24-af84-38cf444faeab' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Set-Cookie: ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:125; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:efb98f3a-6f3a-4f0a-82a6-74b60e56b098; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:efb98f3a-6f3a-4f0a-82a6-74b60e56b098|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=9980C4FBC915B7149C347E73C5069842; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 01 Jun 2024 00:56:29 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202306011756291978260402; domain=.wellsfargo.com; path=/; expires=30 May 2033 00:56:29 GMT; secure=true; SameSite=Lax; HttpOnly
ADRUM_BT1=R:27|i:206915; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206915|e:4; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206915|e:4|d:1; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ISD_WCM_COOKIE=!RbO7wZISGnd2iU8Gl7IZxfIs0wroUQEnYTCorSwUgQjDJu41K+BWGpwSzXEhydK3DcbFRVSnhPoTzRI=; path=/; Httponly; Secure
DCID=ZJL6x7LHFsOBKnoOJONfyMd04YnNGnClPwpRyfZsTFg%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:29 GMT;Httponly; Secure
_abck=124B69EF545881D5D10FCDE9912F48BD~-1~YAAQjtAXAn8kd22IAQAABx+beQk9wOCvcJ+tD1x4Oh+Kqr7U3ltS/9OXs+lwnCORFZ/0GPCHhaG4um5hVUvjwCVtzjqerZe7VqgO5TfkMCGjHHnYoaZzKrC/pnb8Vv4iYYS6huBaHi92Tmv8/m7VHzgKPNM8OQaYnseTITbK0QZf4FazObIBNJ1OCA0emUpaJFVy7IwAY0yIRzxjE2ZrIFchgyIK52EIF/JAytNM6j69KOFjeVhoLvw6D447/r/4B2pTouF1SUtFZr1RxwidO+uSW+i0d/8+1TiD34Pjiuf5L/TfftKDPc4s2RixDmKfqYtvyebCWNCUiBvqYtiXym/0Cea2VmN2vOzmLLHvBmUTl38uf5tFw9P3ilivRWM9~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:56:29 GMT; Max-Age=31536000; Secure
bm_sz=3B54F5D0D04C2AA24285DB9646D78C46~YAAQjtAXAoAkd22IAQAABx+beRPbVFIG1uhDdBH+4xy7RJSe0sNxNHFbv027mBxBDIQKQ8zXiDAs9jGENOy6rnsaJudV2rzi6XXi+bHMWIAScPSJ12nnKP89RpgXX9BO4eIa1JbgowJgzFDSWJlZLxzDWD8CwmGSSR6pKCr7oNydOx5IkHNpFT6msA3ZmwSMoA7cpMRrNbBdq5P2YV+CLbwozKMqLxuzK3QH+kLSBZa/OdPuxiibeC63uF2p8zOcBHsCz2RyhH7T8nGptaFah/KLwa/S2HOr6YSz1vilEQaMoE45sWdn~3555896~3621432; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:56:29 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:7 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3c_kf175_11820-24499

c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569

95.101.10.106

200 OK

45 kB

URL GET HTTP/1.1
c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
IP
95.101.10.106:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65507), with CRLF line terminators
Size
45 kB (45055 bytes)
Hash
91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a

HTTP Headers

GET /tracking/ga/gtag.js?t=AW-984436569 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 02 Jun 2023 00:56:29 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=gP5%2fc0albWWQQTyPiZifzA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--g449329d48d6c.wsipv6.com/as/target/offers/dispositions

163.171.132.220

200 OK

967 B

URL POST HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (2439), with no line terminators
Size
967 B (967 bytes)
Hash
fd4188c6a9a586b7a456749b76fc8ca1
ce2783e2f7e6ad1d4ba963dbedaaa3f2a8d94623
f81d2c1e54d8fcc7745f683cc6f91453e71734fb69de07d6ecb16848757b3f78

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company

HTTP Headers

POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 265
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=; ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:125; utag_main=v_id:0188799b18020014e8502e9d3c4d05046003700900918$_sn:1$_se:2$_ss:0$_st:1685669188338$ses_id:1685667387395%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTY5fKMb6hbF8CmqoxevqNh5DdaK3RyB8AlMoE2ko%2FE%3D%22%2C%22_s%22%3A%22RhtGcYt6%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C79042662669807241127214594726795526491%7CMCOPTOUT-1685674588s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa; _cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:29 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 967
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-759b00ba-8600-4f1d-bf48-e00a1ed9b604' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:125; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:0229ffc4-ed7e-40a8-9f71-92a515899a6f; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:0229ffc4-ed7e-40a8-9f71-92a515899a6f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:17; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=1F3EDD81D726AF6401CCF61FBECBC9B0; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 01 Jun 2024 00:56:29 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202306011756291286622237; domain=.wellsfargo.com; path=/; expires=30 May 2033 00:56:29 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!m5VJj6G4tDyRnCUGl7IZxfIs0wroUfq5Nz4lzDbN+IZAZaHglFPDMQrd9JLa327k0DyTaDaYehyOGIA=; path=/; Httponly; Secure
DCID=%2fcYRWisVE1H5zS9er1bIW%2fI1aE0N8YK4JMjQRHHGGWQ%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:29 GMT;Httponly; Secure
_abck=F817B7AF1B7D4E7AD74E50DA6249470A~-1~YAAQlNAXAmhPbHaIAQAAHR+beQlF2P67Wbi1P0I0d1C7kpgT77a3MKT27vk5J1w0IwstGYkmuGtkq2NC42fDx1EvUq7/U5aoq91Vh3XKabJhXruB92UesSbEV4/qrFxg3/NGdEpZ4ovtvs/jj5pz92fdROuepR85SuI8El5xDNyPdujJ4J3+PYXRs1ZDlxkDg93psulxlwwunAHAio5peJ1kqR4lpOgG9rRAfh5Yb2ezqsloifxKWkLimKJqCSB2FjvlorgYVFMYmLlW8kVOr8ADxg8YTjcN6zihpPvr/8rIOsN4JgArFw00aGGnCFHVo6n+wpPILGLLT0DbOn78oX7BnCrfzYGFk4CwdYK3pUqVbOgV09pta/RLHN+t3pJp~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:56:29 GMT; Max-Age=31536000; Secure
bm_sz=3D5EB074EDE82165E882D5BA3988A16F~YAAQlNAXAmlPbHaIAQAAHR+beRPyUx+FJIUG50G1BX4R+Sh3N/Wrs7dWkL57euE9FzOqVXhrcpvlk7d6ZhYXOUx3N5Y+cDoP0Rl4fPCSq9BDDU2uOA8mamnv3A8Evsbg+wyAUeFXmZggUjn5pYNhYJ3/dKUrXxll3v4+/b50HaqOBEqplKlYRj9KVFXjuTI7E7njJ4JM/GcabI04rfWjx5rFgQ2aGQ+Jd8qx6zlv556MAlf5QTaKKtgP4Zp82O44zcUIxeHGZ/9IdUcr9AlVEtNP0v7NzV3pZV3NvDkqT2HJAkglAgUZ~3555896~3621432; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:56:29 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3d_kf175_12005-1409

www--wellsfargo--com--g449329d48d6c.wsipv6.com/as/target/offers/dispositions

163.171.132.220

200 OK

970 B

URL POST HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (2439), with no line terminators
Size
970 B (970 bytes)
Hash
d98f0c86ba33446e123b1718db70f51b
3723b11a176a58f78c9fd9cc466053c342ad4840
e9d594fd65c01c6e192931577b2b4ab0ee00c5c05045f1d3a0d454695e360307

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company

HTTP Headers

POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 264
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=; ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:125; utag_main=v_id:0188799b18020014e8502e9d3c4d05046003700900918$_sn:1$_se:2$_ss:0$_st:1685669188338$ses_id:1685667387395%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTY5fKMb6hbF8CmqoxevqNh5DdaK3RyB8AlMoE2ko%2FE%3D%22%2C%22_s%22%3A%22RhtGcYt6%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C79042662669807241127214594726795526491%7CMCOPTOUT-1685674588s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa; _cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:29 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 970
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-a39e3f94-c1d9-4362-95bc-3ac656b5f6c7' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:125; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:cfaa494b-3327-42fe-a280-86bc158c7643; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:cfaa494b-3327-42fe-a280-86bc158c7643|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:61; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=EA443376BE5EE3FEF51C62FF2C312684; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 01 Jun 2024 00:56:29 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202306011756292139140775; domain=.wellsfargo.com; path=/; expires=30 May 2033 00:56:29 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!NMrnHeebEKvCw/oMntjHYqEj2JIOPHHQsOhIiHo5J/pLOlw2TxfkTDJUzKHW5PIaGLGK4h7ZvwAThzo=; path=/; Httponly; Secure
DCID=qsHwxEYR8RngCGqJkPywBU2g3nnx1AU3Z9rjKj5LNHAEmm%2fmEIIO3pAMqJIVhY4P; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:29 GMT;Httponly; Secure
_abck=627DDDD4593DE81AC54C359A88A6C0A0~-1~YAAQjtAXAoMkd22IAQAAIR+beQnVoC/lRgNFCFsnwavPZlUHzXoCguoQ5IMQANbMhT0XkJXQBHltBCiBbC2JOznFEeCqbl+2cGd7ewtdj1JarjuaSzbYarfi2orZW3hVWXXa65+hKfHRdYv+e1+qZGgoD9OBtpd27Mfdvz1cMDEqVFfnOjgHkV6OQM9k9UFvVnmAwCGWyBWFlRZitM0GiBFHoOlcFer/jlTrzFRIB2zTednJAI8TYKrHqTXM9z2e9AyCiA3umAO8GAUBaQLZON/1SuebuGzUK/+uj9nAlhZGWLPrTAQK+ejF4Lm5mm/4qejOeuSE3Wca0vWUdMur+Nkn+gT9Nv4Q/4h+f/vzZsgzR3kBRCIUAzzQPQ3O6Z2S~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:56:29 GMT; Max-Age=31536000; Secure
bm_sz=FCC5999619BA1C5A88971A264F144024~YAAQjtAXAoQkd22IAQAAIR+beRNbCb7osWjdGtqcMJUtuFD1M/q2AU+7MJR+FrAH38MkrcRqMxCdBdMJFkT2zWpz69UqLVGkHjf+fkuo2oeuUoa6lO+iOr+gHkxblD23WSt0IakLx78TE4jTsn9dpXAl0fn7qL70hDeT8V1mwfk6u0Tr5XSTvzdO2/BUFLxzdGg2oDTwZjrVCXUm2rGntIRw+OXEujFI+myj6MjjQuDR6K4cxjJ/OHaB0S07fK6xTct5bzjRlNnFhE5E9Knu1cHdGxTK5hgNnyt6ztM4x8xY3gjEUfX7~3555896~3621432; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:56:29 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3d_kf175_11680-55867

www--wellsfargo--com--g449329d48d6c.wsipv6.com/as/target/offers/dispositions

163.171.132.220

200 OK

973 B

URL POST HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (2440), with no line terminators
Size
973 B (973 bytes)
Hash
013aa894ddb700ad807798365412515a
f8695d4e0fab0f6eea49e93453d92ad194f853d7
9f6f652076d31b20c30447ee4f56d4241a11a6eee2638daa70ac59fa49c44a01

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company

HTTP Headers

POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 265
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=; ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:125; utag_main=v_id:0188799b18020014e8502e9d3c4d05046003700900918$_sn:1$_se:2$_ss:0$_st:1685669188338$ses_id:1685667387395%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTY5fKMb6hbF8CmqoxevqNh5DdaK3RyB8AlMoE2ko%2FE%3D%22%2C%22_s%22%3A%22RhtGcYt6%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C79042662669807241127214594726795526491%7CMCOPTOUT-1685674588s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa; _cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:29 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 973
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-1f5c6746-2902-4aea-8624-8a48bafc039e' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:125; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:29f7dfc8-ce01-4844-9c29-e15a408c294a; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:29f7dfc8-ce01-4844-9c29-e15a408c294a|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:51; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=5241FA180C117D795BF104401C118D85; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 01 Jun 2024 00:56:29 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202306011756291273000665; domain=.wellsfargo.com; path=/; expires=30 May 2033 00:56:29 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!ivQ9xhKNtEtT1uoMntjHYqEj2JIOPFKm1wCKyJ9qrsDbdZl0vnkR2ZVx9sny2VZ/LcbuycM6K7L+vw0=; path=/; Httponly; Secure
DCID=PKiWudgzjd2IgaoJvcriG1AXVzaogRqrTMWRnjOfWMhvVdCFu0fHGTglwTdExRAq; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:29 GMT;Httponly; Secure
_abck=A86D8E997A14716A7D216BFF5343EBC4~-1~YAAQlNAXAmpPbHaIAQAAIh+beQnAPutbezJ491M8mes4bYWf/2MtDvY5tbF74ONBYubN64WmcTt36BIPslvzfVyJjMSytsdZpnRvHy78VXaY7LDQzTCH9v6wCxPdSM96CyCzjTj/qU8PEOcWbO+TuBiDTN9iyaHDA3UhQ8BFZY2bV2LgZLVZnqyYM5cfntkGNYkN7qU3ri/5sLynI7ZcOlZtRkuoOVfQqhcBDV4t+DbHGGf2/7wlmTqyBLeBFWV4XmTUwv6bSzl7dZbkKZUdKNZ1TZV6VxGYo110SM01KSH/DCboRndMhdtw1d2jguoFnRe2qCjcfgf3h/fSQqUxi+SPfIn9UdFCf0NscvvQjLxdJsL5ZJtqUuWtBaKc9xvN~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:56:29 GMT; Max-Age=31536000; Secure
bm_sz=4B869EC9F8A550F2930D57DE89875D7D~YAAQlNAXAmtPbHaIAQAAIh+beRMKMVlCBOdgWTjt6nL0AMUEnp7Jp7qZZiEJJjkRuIXCR8sbliw83B7z0eClt0+Y0FP3hO3jzEt202UPjNl/zrrT+5UldlJJ9DPGs5FEjziNwkCXwwrhXacwNr+8iur44JQt2erB46eRtmtgxAMDFWPQCAfj1iE/nxCEaK3DfjXMZOMxQiudX6spaDdaCt8RvzwEH0snun8M0W7fY8HzSZVtmZ/sak03FPqQCFNOJ2IJ9kjE7H3X4lMk8XBpEuYk0z+6mPGYZmJXVH5TgK7ygQo3d+G2~3555896~3621432; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:56:29 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3d_kf175_11685-8079

c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153

95.101.10.106

200 OK

45 kB

URL GET HTTP/1.1
c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
IP
95.101.10.106:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65507), with CRLF line terminators
Size
45 kB (45055 bytes)
Hash
91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a

HTTP Headers

GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 02 Jun 2023 00:56:29 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=moqpqOlCGW20X8MIQUzU8Q%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js

95.101.10.152

200 OK

16 kB

URL GET HTTP/1.1
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
IP
95.101.10.152:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (599)
Size
16 kB (15970 bytes)
Hash
aeccb854b0a76aa9f478e466c8011b29
625d31cbeb8978cf2419f58d14bba92a42dbb45c
7f0d10bc282c3d7b0eb4d7527303490f8d3b86a1c65e293c2d9f0793006441e6

HTTP Headers

GET /assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 Mar 2021 23:46:24 GMT
Vary: Accept-Encoding
ETag: W/"60401fd0-bbed"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15970
Date: Fri, 02 Jun 2023 00:56:29 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=B1yAMvINWOIEhnG8fjc8Mg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--g449329d48d6c.wsipv6.com/as/target/offers/dispositions

163.171.132.220

200 OK

967 B

URL POST HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (2436), with no line terminators
Size
967 B (967 bytes)
Hash
06fbc709598005391800d0a057524264
35fb86b964cfa86d82c3422b7ab6f949fc706a17
c0ace09225d79a95106817d975d5286a11e9a9cfb80a87ea7dc1ff61d81bdc92

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company

HTTP Headers

POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 262
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=; ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:125; utag_main=v_id:0188799b18020014e8502e9d3c4d05046003700900918$_sn:1$_se:2$_ss:0$_st:1685669188338$ses_id:1685667387395%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTY5fKMb6hbF8CmqoxevqNh5DdaK3RyB8AlMoE2ko%2FE%3D%22%2C%22_s%22%3A%22RhtGcYt6%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C79042662669807241127214594726795526491%7CMCOPTOUT-1685674588s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa; _cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:29 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 967
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-d17f4f74-735e-40b9-a573-7c67f99b82b8' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:125; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:1d3538d4-4a7b-4257-a9bb-d7ee7a3794c6; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:1d3538d4-4a7b-4257-a9bb-d7ee7a3794c6|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:19; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=9CBB55644A32C02D38EA12C0CF19ED8B; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 01 Jun 2024 00:56:29 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202306011756291952259711; domain=.wellsfargo.com; path=/; expires=30 May 2033 00:56:29 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!Wz30DVfMlUlAnvUGl7IZxfIs0wroUXoaFnashh3IojSZndayYgeX/LaqnHsUU50i7SiEbumGdHtX8U0=; path=/; Httponly; Secure
DCID=uXUS+0LmNEpE%2fixq2hXbHi6oKYFW%2fFenUNA9cBoJTFE%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:29 GMT;Httponly; Secure
_abck=0CA3FE6831FCCA2019BD1515BB4503E4~-1~YAAQjtAXAowkd22IAQAAhx+beQkl0hvKMnGp0KzLHUBXuxTwQHintUpJrcKyvmtWL94Q/1TGYb1zDY2/1YIfcwePDKDz7ZuFNdX0qNClwDrVtrmNZc/e/sQrph9nr1aALozCqYINTMVotKtc/szrSH13OGxP+ezO/JOuG40Rr/ch9ioJIUjFxzTpyTLiYGZUvSK79rcdOAQNECAqe5WS7vs8y4G6ThbMLo9kZ8Bs4h1snEhRV4sxjXreZWk71qRLkOU5xLAyOCitFyJ4jM1AXssS1plwNOstkW1TTDpFuN3iupclB20s3JgvoUcSNZG2TyWFwE3WQLaYMhgvDHQaUtXzw3b2lMjTR/Z3nDw9pPLRxbeAVBfJODV0Fod+/62g~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:56:29 GMT; Max-Age=31536000; Secure
bm_sz=6DA686CC6935AE15B69934626ECBF326~YAAQjtAXAo0kd22IAQAAhx+beRO9TopI/4VWVVc7yy08HUD0Wfj4vF0FrIREUi9BQ20CvUnBcGO49VpNOht8eDRd7m1Q9TQ11MOWj5koD74ExyQydh66uX1rwXojmiuOvbGrfSpReOStt0QXn46/oENFLVLuGyFOEDqcpsH3tquS9z2H76e0JGxU8rISe8wU/L50yRTfydxY5nbfmDYfGFS0Gh7vqalDddstFzWiyP4mM/7yN5CJ6Fby4LOT88kvrSL8zg0J6zwdLSWrMb5qdsG5sGv1OsQYw8IMa6+zsRexqH7vHgTy~3555896~3621432; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:56:29 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3d_kf175_11727-37668

www--wellsfargo--com--g449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388599&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32

163.171.132.220

200 OK

43 B

URL GET HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388599&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388599&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32 HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=; ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:125; utag_main=v_id:0188799b18020014e8502e9d3c4d05046003700900918$_sn:1$_se:2$_ss:0$_st:1685669188338$ses_id:1685667387395%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTY5fKMb6hbF8CmqoxevqNh5DdaK3RyB8AlMoE2ko%2FE%3D%22%2C%22_s%22%3A%22RhtGcYt6%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C79042662669807241127214594726795526491%7CMCOPTOUT-1685674588s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa; _cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 00:56:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=7UosPZLU8YbNHVfgwjRT9Gwev+GNEzoqQQEtxivp+10%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3d_kf175_11820-24503

www--wellsfargo--com--g449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388605&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8

163.171.132.220

200 OK

43 B

URL GET HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388605&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388605&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8 HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=; ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:125; utag_main=v_id:0188799b18020014e8502e9d3c4d05046003700900918$_sn:1$_se:2$_ss:0$_st:1685669188338$ses_id:1685667387395%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTY5fKMb6hbF8CmqoxevqNh5DdaK3RyB8AlMoE2ko%2FE%3D%22%2C%22_s%22%3A%22RhtGcYt6%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C79042662669807241127214594726795526491%7CMCOPTOUT-1685674588s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa; _cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 00:56:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=BkfGKxLbLDpP6EUTM%2fKceoiN1fx5jrRUDRUGNUSSv0VpbQe3GNC6JwxAV94D%2fb6s; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3d_kf175_12005-1413

www--wellsfargo--com--g449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388611&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32

163.171.132.220

200 OK

43 B

URL GET HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388611&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388611&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=; ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:125; utag_main=v_id:0188799b18020014e8502e9d3c4d05046003700900918$_sn:1$_se:2$_ss:0$_st:1685669188338$ses_id:1685667387395%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTY5fKMb6hbF8CmqoxevqNh5DdaK3RyB8AlMoE2ko%2FE%3D%22%2C%22_s%22%3A%22RhtGcYt6%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C79042662669807241127214594726795526491%7CMCOPTOUT-1685674588s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa; _cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 00:56:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=0+x2+6HEdZDZgEKSzzIioJCd9WANa1oqD3BnRHYYMbGlJKWnwf7QbKsG%2f9ZGKwth; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3d_kf175_11680-55869

www--wellsfargo--com--g449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388616&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_chk_digitalcashbonusrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32

163.171.132.220

200 OK

43 B

URL GET HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388616&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_chk_digitalcashbonusrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388616&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_chk_digitalcashbonusrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=; ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:125; utag_main=v_id:0188799b18020014e8502e9d3c4d05046003700900918$_sn:1$_se:2$_ss:0$_st:1685669188338$ses_id:1685667387395%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTY5fKMb6hbF8CmqoxevqNh5DdaK3RyB8AlMoE2ko%2FE%3D%22%2C%22_s%22%3A%22RhtGcYt6%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C79042662669807241127214594726795526491%7CMCOPTOUT-1685674588s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa; _cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 00:56:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=Mpl9uz9Rojt4ZEjE6cxQ1CR+5Yn4iTYX8n88c7d0UTT5nZ%2f%2figahPaQazJrXnF7U; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3d_kf175_11685-8087

www--wellsfargo--com--g449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388619&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32

163.171.132.220

200 OK

43 B

URL GET HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388619&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388619&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=; ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:125; utag_main=v_id:0188799b18020014e8502e9d3c4d05046003700900918$_sn:1$_se:2$_ss:0$_st:1685669188338$ses_id:1685667387395%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTY5fKMb6hbF8CmqoxevqNh5DdaK3RyB8AlMoE2ko%2FE%3D%22%2C%22_s%22%3A%22RhtGcYt6%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C79042662669807241127214594726795526491%7CMCOPTOUT-1685674588s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa; _cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 00:56:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=YH6nUHahGvfORG%2fzX9gkkjM%2f35VuhwCwxmlJ8GqHHiw%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3d_kf175_11727-37673

c1.wfinterface.com/tracking/ga/ga.js

95.101.10.106

200 OK

20 kB

URL GET HTTP/1.1
c1.wfinterface.com/tracking/ga/ga.js
IP
95.101.10.106:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (49163)
Size
20 kB (19477 bytes)
Hash
8402e9ebdf9290c018b0617018227681
2d840fcd6c3008d9aca747ba0ce056b496db8e1b
0b2af045acafbdf14516bf55f310568036ace959946d16edb1acebcd58029d22

HTTP Headers

GET /tracking/ga/ga.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-c025"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 19477
Date: Fri, 02 Jun 2023 00:56:29 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=ms3i%2fT7v5JTloxCf4jgx1w%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

connect.secure.wellsfargo.com/PIDO/pic.js?r=0.9550013922430205

95.101.10.194

200 OK

52 kB

URL GET HTTP/1.1
connect.secure.wellsfargo.com/PIDO/pic.js?r=0.9550013922430205
IP
95.101.10.194:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
52 kB (52538 bytes)
Hash
5e5cbaa8a4e69c06dd507a1979246b33
23d12368c9e81b081d2e0356228397108d521358
382b57b066203b9b294a6900216587c7f4e7a91ca215e00c51c9bb25e8d56dec

HTTP Headers

GET /PIDO/pic.js?r=0.9550013922430205 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 52538
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 02 Jun 2023 00:56:29 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=aa%2fEl2z4a4yBZZgkiBLu3QLrrC5RUVBElIZCvQilN08Pu6mWEvmz1CLDFaGq0dL0; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--g449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388589&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32

163.171.132.220

200 OK

43 B

URL GET HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388589&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388589&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32 HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=; ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:125; utag_main=v_id:0188799b18020014e8502e9d3c4d05046003700900918$_sn:1$_se:2$_ss:0$_st:1685669188338$ses_id:1685667387395%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTY5fKMb6hbF8CmqoxevqNh5DdaK3RyB8AlMoE2ko%2FE%3D%22%2C%22_s%22%3A%22RhtGcYt6%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C79042662669807241127214594726795526491%7CMCOPTOUT-1685674588s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa; _cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 00:56:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=133dhmllKGoipcKyK+a7n2zW8dktUw4W7V54BVnG0eKrvZSoBuGgW4rCYimti3QY; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3d_kf175_11820-24502

c1.wfinterface.com/tracking/ga/ga_conversion_async.js

95.101.10.106

200 OK

14 kB

URL GET HTTP/1.1
c1.wfinterface.com/tracking/ga/ga_conversion_async.js
IP
95.101.10.106:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (35846)
Size
14 kB (13593 bytes)
Hash
0a40602db7616a31c9da4548ee920190
878e01cb0c90cb247aabc137327655a6fcffcbd5
6c771bd1c269646a76015f2f6410a40c031e5adea88f665bfe9ae15a972ab6ab

HTTP Headers

GET /tracking/ga/ga_conversion_async.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-8c31"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 13593
Date: Fri, 02 Jun 2023 00:56:29 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=5tV4NLn5GE1Np72dAKSEgw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--g449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388623&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=1

163.171.132.220

200 OK

43 B

URL GET HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388623&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=1
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388623&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=1 HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=; ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:125; utag_main=v_id:0188799b18020014e8502e9d3c4d05046003700900918$_sn:1$_se:2$_ss:0$_st:1685669188338$ses_id:1685667387395%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTY5fKMb6hbF8CmqoxevqNh5DdaK3RyB8AlMoE2ko%2FE%3D%22%2C%22_s%22%3A%22RhtGcYt6%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C79042662669807241127214594726795526491%7CMCOPTOUT-1685674588s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa; _cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 00:56:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=ROOgEM%2fOfQU1J3Sdh9K9QWz83CQr00GGtNkL7Q%2fZTp4%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3d_kf175_11820-24507

www--wellsfargo--com--g449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388626&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32

163.171.132.220

200 OK

43 B

URL GET HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388626&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388626&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=; ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:125; utag_main=v_id:0188799b18020014e8502e9d3c4d05046003700900918$_sn:1$_se:2$_ss:0$_st:1685669188338$ses_id:1685667387395%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTY5fKMb6hbF8CmqoxevqNh5DdaK3RyB8AlMoE2ko%2FE%3D%22%2C%22_s%22%3A%22RhtGcYt6%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C79042662669807241127214594726795526491%7CMCOPTOUT-1685674588s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa; _cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 00:56:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=UfKudiVSmFFUQ5Gpq7yN2Cm8IHEki%2fsQN1LPq7rLiHFZYkA7eTWgeDdAmogmnVV+; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3d_kf175_12005-1417

www--wellsfargo--com--g449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388630&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_sav_savingsprospectrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32&promoSlot=2

163.171.132.220

200 OK

43 B

URL GET HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388630&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_sav_savingsprospectrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32&promoSlot=2
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388630&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_sav_savingsprospectrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32&promoSlot=2 HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=; ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:125; utag_main=v_id:0188799b18020014e8502e9d3c4d05046003700900918$_sn:1$_se:2$_ss:0$_st:1685669188338$ses_id:1685667387395%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTY5fKMb6hbF8CmqoxevqNh5DdaK3RyB8AlMoE2ko%2FE%3D%22%2C%22_s%22%3A%22RhtGcYt6%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C79042662669807241127214594726795526491%7CMCOPTOUT-1685674588s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa; _cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 00:56:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=Yb50OFxy7qrz+B1HKwzJdFUpXylKVDmdQN6DF2UdzHNT3wWImeUlXqDKmNAWBcxf; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3d_kf175_11680-55877

c1.wfinterface.com/tracking/ga/ec.js

95.101.10.106

200 OK

1.3 kB

URL GET HTTP/1.1
c1.wfinterface.com/tracking/ga/ec.js
IP
95.101.10.106:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (2771)
Size
1.3 kB (1313 bytes)
Hash
0ae62a83927125e9b9dfa97f89af9d3f
efb68f49f2b9b6b5567bf26a17015ede289e429d
618688d9849fef712931832c71e01be145d1791d6da917a702ab86a74ce66089

HTTP Headers

GET /tracking/ga/ec.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-aed"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1313
Date: Fri, 02 Jun 2023 00:56:29 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=PnvEn6e0MebNWyeiLCw8Uw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

connect.secure.wellsfargo.com/AIDO/glu.js

95.101.10.136

200 OK

37 kB

URL GET HTTP/1.1
connect.secure.wellsfargo.com/AIDO/glu.js
IP
95.101.10.136:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
37 kB (37163 bytes)
Hash
de837a36e16f0637c315f53879473ad5
edb434f283c5ca54f255e07ec058370325db26c8
949fce6d60f4e9040aedf847a80d9b94fbe6a5200914967743a48ba6d9e2b33a

HTTP Headers

GET /AIDO/glu.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 37163
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, OPTIONS
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Encoding: gzip
Date: Fri, 02 Jun 2023 00:56:29 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=ybqQrzvaFl6DeB1L5XUfUkRUY3nHZI2RKdxjHE9KMG4iUWL2%2fY55O9zWGPBpuHxC; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--g449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388636&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3

163.171.132.220

200 OK

43 B

URL GET HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388636&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388636&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3 HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=; ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:125; utag_main=v_id:0188799b18020014e8502e9d3c4d05046003700900918$_sn:1$_se:2$_ss:0$_st:1685669188338$ses_id:1685667387395%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTY5fKMb6hbF8CmqoxevqNh5DdaK3RyB8AlMoE2ko%2FE%3D%22%2C%22_s%22%3A%22RhtGcYt6%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C79042662669807241127214594726795526491%7CMCOPTOUT-1685674588s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa; _cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 00:56:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=bUMpqcvZ6Tj7RygR8VDf7JbJjdABUmwguzg6NxJAmgoqoU%2f1EaL%2faWqR2z3jQXzt; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3d_kf175_11727-37675

www--wellsfargo--com--g449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388634&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32

163.171.132.220

200 OK

43 B

URL GET HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388634&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388634&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=; ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:125; utag_main=v_id:0188799b18020014e8502e9d3c4d05046003700900918$_sn:1$_se:2$_ss:0$_st:1685669188338$ses_id:1685667387395%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTY5fKMb6hbF8CmqoxevqNh5DdaK3RyB8AlMoE2ko%2FE%3D%22%2C%22_s%22%3A%22RhtGcYt6%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C79042662669807241127214594726795526491%7CMCOPTOUT-1685674588s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa; _cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 00:56:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=UPx95lF+%2f%2fbHZ50LCpmL7+%2fjfMxg9LpiQKjOKSSGrkE%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3d_kf175_11685-8090

rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0&_cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa&pid=b9e444aa-5016-4288-bd67-1ef240e61f55&sn=1&cfg&pv=2&aid=

95.101.10.104

200 OK

1.1 kB

URL POST HTTP/1.1
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0&_cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa&pid=b9e444aa-5016-4288-bd67-1ef240e61f55&sn=1&cfg&pv=2&aid=
IP
95.101.10.104:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (4589), with no line terminators
Size
1.1 kB (1142 bytes)
Hash
e949aad1df6da885ff5f025848250b3b
20ed8981680c234574e4d6c6ffb561c34e5d355e
c0292545cdda71e0afc494475e657886cc610ca3db552d8cd6f5d32f7f1990b6

HTTP Headers

POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0&_cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa&pid=b9e444aa-5016-4288-bd67-1ef240e61f55&sn=1&cfg&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 4203
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=32a3f9ce; _cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa; _cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1142
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Fri, 02 Jun 2023 00:56:29 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=32a3f9ce; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!wBfinNlZjPa7h8R54TfMmyz5FQ342aUjmjjQgV3IPR3weaqViCSXW5w9F9N5mkrJ1XP2VszWfRygXKI=; path=/; Httponly; Secure
DCID=vkf5EBPizFyhDEdYZ5Q%2fTxtfxbX6Bi%2f9lWs5hGm18WA%3d; Domain=rubicon.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

connect.secure.wellsfargo.com/auth/static/prefs/atadun.js

95.101.10.136

200 OK

607 B

URL GET HTTP/1.1
connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
IP
95.101.10.136:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT

File type
ASCII text, with CRLF line terminators
Size
607 B (607 bytes)
Hash
566dda94252f1860a7a28665c715b530
6aa0455dc8ea41441b1f3a733985758dc40af736
43dd833f33570535401d009e6b6f9cde54bdac4e210fc6c89cfdcfcbaa9fc903

HTTP Headers

GET /auth/static/prefs/atadun.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 11 May 2023 19:12:37 GMT
Vary: Accept-Encoding
ETag: W/"645d3e25-4a0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Content-Encoding: gzip
Content-Length: 607
Date: Fri, 02 Jun 2023 00:56:29 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=OCrA9mKHQozkRMVE3endtW5eKNt6ziW890wecbF4KYDKRAaahTaXkOecVWxMvCH7; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--g449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388638&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32

163.171.132.220

200 OK

43 B

URL GET HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388638&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F&cb=1685667388638&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32 HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=; ADRUM_BTa=R:27|g:f47c4d3d-1bed-470e-91ab-a079573b6742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:125; utag_main=v_id:0188799b18020014e8502e9d3c4d05046003700900918$_sn:1$_se:2$_ss:0$_st:1685669188338$ses_id:1685667387395%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTY5fKMb6hbF8CmqoxevqNh5DdaK3RyB8AlMoE2ko%2FE%3D%22%2C%22_s%22%3A%22RhtGcYt6%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C79042662669807241127214594726795526491%7CMCOPTOUT-1685674588s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa; _cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 00:56:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=0A+3BayplebrmXJd0slaUeOOhGs66fiOYn2wOxvfbts%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3d_kf175_11820-24512

ort.wellsfargo.com/securereporting/reporting/v1/csp

95.101.10.185

0 B

URL
ort.wellsfargo.com/securereporting/reporting/v1/csp
IP
95.101.10.185:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /securereporting/reporting/v1/csp HTTP/1.1
Host: ort.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 3398
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Length: 0
X-Vcap-Request-Id: f870e9ea-fc09-4eae-46cf-c6aaf0a27503
X-Xss-Protection: 1; mode=block
Date: Fri, 02 Jun 2023 00:56:29 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:0|g:bab15ce2-d482-497c-a600-093a7a9116ad; Max-Age=30; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure
ADRUM_BTa=R:0|g:bab15ce2-d482-497c-a600-093a7a9116ad|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Max-Age=30; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure
SameSite=None; Max-Age=30; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766; Max-Age=30; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:6; Max-Age=30; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:6|d:6; Max-Age=30; Expires=Fri, 02 Jun 2023 00:56:59 GMT; Path=/; Secure
DCID=llO8bZpLF9qfnyv2uzSvD8CJINJsXfsOanNAvgcd7fM%3d; Domain=ort.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:29 GMT;Httponly; Secure
_abck=0CA9468EB2A45EFE0A0BD6AE190A2DF2~-1~YAAQtQplX7rWsHiIAQAA+SGbeQnVZjYui8W2fSrKxZEjs563cTGEMck2cG7SNR24DfxjzAKlNmu690N+F0Yzr1V0x3ITVLjbYaxXhc9SYKZapU+1aqjqw9AWWLK9Dup1zQNEbHVniw9g+hyw5PPP+1kQbU3zjPrQcZT6WnljWmBy5t05IyAlZeuSYBOpdPNTpAFTkOG+Zm+/ESuf6PUCXvzoI6Ohfu0tR3KXXtiKZ41BwGjWgYHEmTYs1Ez84b5wwVl2VgoDg6u2MYf81vyIzTyrI+QTUelf6DBeBU4e4SQ93KpQolnPPKOaV2bhWRJMtkQWC/jv8+eOQYWr+RtS5ePN6Yo+UlCCLo014BPlYw8mktrnnFjywhODryp/f9ju~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:56:29 GMT; Max-Age=31536000; Secure
bm_sz=74D11EE30E9E4A5FE452825EACD3739A~YAAQtQplX7vWsHiIAQAA+SGbeROmnGy0l0kkOTB0y9QgDQLaf82qBxveCQUKjTAodcsoeSKWD94hYf6QqteEEThQHEVpvr9jP1fwHw3oIoiCfMkl04XS5O3dws9vwzkgcs8HokCzjjyhSlPl92+/GKHSuzeY3OlGlYRq0zJQLrhup8wPcKnVWwnoYwj00VzMONrv6AcT0MUMm9+6m5eyopKyMFKp6NAPU+/f6BBHoUYeRvTuhdTa9ydrh84L58jc7XwHYR4j9d1DqxDBipWa/1moafaRyytGhj200PeW1a28g6ypLyFg~3621953~3748912; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:56:29 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBITjhVL3ZKME05dXgvQmJnMkR6T1VCNG9Jb1dHTkNQa2tFeEd6cUIxMFZySmUxRVRxNUMyZWxISUxrdTk2UW1GZUZPbGt6UExWb09lOW1zTzFpaHRrdm81OFBqSHdlVEh3M29wbk15bldaRkk5NHBVai9xVWdwZ3R5alJDL1VxL1NTME5oQUxrNGpKUStVOHB4c2o3dDhQbE9oNWF3OFNIR0p0enhxYzJBRC9VdmNCendCVGF5emw2dTQ5L2VQaEQraFU4emVzUzZyUHA1aitRY1RDbzJTeWRrVFZjTzdVTHNVZTVaWXlhWlpMM1M4L1d3eXp1Z21ZTXRSZDJ4ZXNnOW5GSis0L3VaSEV5VHRHL2VBUDl2Z0pVVEJYQnkxaFg4ajZhaUlVPXw2OGQxOWE0ZmRmZTEzNDczNzlmZGMzNWU0NDY4MWM1NTRiZGY1MDgxNWNiMzEyZWI2YjIyZmIwZTg4MWQwNTViNzZjZmE4MDU4ODBlNGQ4NmY2N2VmNzNkMGEyNGJiZjhjYzFlYmZmYThjYWU0MTRiZjdjYTI5MDA1NDg1MWYyZDExNjljZDYzYzVmODM2Y2ZiNWVjMWY3Mzk5MzZhOWU4ZjkzNzU2ZjYzYTg3ZmViNmUzYzBjZDVlNGFmYTZjMTZhNjUwZmEzMjY5YWIzY2I2NzIxYThlNjdiODQ3ZWMzMDU0ZTFmZDVlOTFjN2M1YmY4YTg3ZDYyZGUyOTk4MGU1ZmMyZjM5Y2VlNTM4N2YwNDY2NmExZTA5NWJiNzRiMzA2MTllYWY3ZjFmN2EwYmU0YjM2ZTdhOWY4MjliMmQwZmE3N2FlMzZkMjM1ZTcwZDgwNjYyNzg4Nzk1ZDA3ODU1YTQwNjcyOGE1ODM3NmQ3ZTZhNWZiMzZjOWYwNGRkZjBlOTJmZmUyMGQzNjI1YmI2ZjQ1OWYxNWQ1N2U3NGYyNDdkNzZkZGE4YzdhMTJmNTZlYThiZmFhOTMyMzBjMDNiMTcyYTE1MjFkMGNjMWI2NWQ2MjViZjhhZmU0OTEwY2VkYmY0MWYxODBjZTVkZTQ4OTY4ZmQ0MzE4N2M0M2IwOHwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com&t=jsonp&c=mbamghnntnlbhrlg&eu=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F

95.101.10.136

200 OK

90 B

URL GET HTTP/1.1
connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBITjhVL3ZKME05dXgvQmJnMkR6T1VCNG9Jb1dHTkNQa2tFeEd6cUIxMFZySmUxRVRxNUMyZWxISUxrdTk2UW1GZUZPbGt6UExWb09lOW1zTzFpaHRrdm81OFBqSHdlVEh3M29wbk15bldaRkk5NHBVai9xVWdwZ3R5alJDL1VxL1NTME5oQUxrNGpKUStVOHB4c2o3dDhQbE9oNWF3OFNIR0p0enhxYzJBRC9VdmNCendCVGF5emw2dTQ5L2VQaEQraFU4emVzUzZyUHA1aitRY1RDbzJTeWRrVFZjTzdVTHNVZTVaWXlhWlpMM1M4L1d3eXp1Z21ZTXRSZDJ4ZXNnOW5GSis0L3VaSEV5VHRHL2VBUDl2Z0pVVEJYQnkxaFg4ajZhaUlVPXw2OGQxOWE0ZmRmZTEzNDczNzlmZGMzNWU0NDY4MWM1NTRiZGY1MDgxNWNiMzEyZWI2YjIyZmIwZTg4MWQwNTViNzZjZmE4MDU4ODBlNGQ4NmY2N2VmNzNkMGEyNGJiZjhjYzFlYmZmYThjYWU0MTRiZjdjYTI5MDA1NDg1MWYyZDExNjljZDYzYzVmODM2Y2ZiNWVjMWY3Mzk5MzZhOWU4ZjkzNzU2ZjYzYTg3ZmViNmUzYzBjZDVlNGFmYTZjMTZhNjUwZmEzMjY5YWIzY2I2NzIxYThlNjdiODQ3ZWMzMDU0ZTFmZDVlOTFjN2M1YmY4YTg3ZDYyZGUyOTk4MGU1ZmMyZjM5Y2VlNTM4N2YwNDY2NmExZTA5NWJiNzRiMzA2MTllYWY3ZjFmN2EwYmU0YjM2ZTdhOWY4MjliMmQwZmE3N2FlMzZkMjM1ZTcwZDgwNjYyNzg4Nzk1ZDA3ODU1YTQwNjcyOGE1ODM3NmQ3ZTZhNWZiMzZjOWYwNGRkZjBlOTJmZmUyMGQzNjI1YmI2ZjQ1OWYxNWQ1N2U3NGYyNDdkNzZkZGE4YzdhMTJmNTZlYThiZmFhOTMyMzBjMDNiMTcyYTE1MjFkMGNjMWI2NWQ2MjViZjhhZmU0OTEwY2VkYmY0MWYxODBjZTVkZTQ4OTY4ZmQ0MzE4N2M0M2IwOHwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com&t=jsonp&c=mbamghnntnlbhrlg&eu=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F
IP
95.101.10.136:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
90 B (90 bytes)
Hash
378186479856e9d83db48019d8e82391
25a029ce0010a5ac946e52aef62d2515ab13e84f
6a510c9bd56f9e3b83c168d9096c5c629f46c2a096d8547159fafa31cb32cd24

HTTP Headers

GET /AIDO/vyHb?d=ZW5jZEBITjhVL3ZKME05dXgvQmJnMkR6T1VCNG9Jb1dHTkNQa2tFeEd6cUIxMFZySmUxRVRxNUMyZWxISUxrdTk2UW1GZUZPbGt6UExWb09lOW1zTzFpaHRrdm81OFBqSHdlVEh3M29wbk15bldaRkk5NHBVai9xVWdwZ3R5alJDL1VxL1NTME5oQUxrNGpKUStVOHB4c2o3dDhQbE9oNWF3OFNIR0p0enhxYzJBRC9VdmNCendCVGF5emw2dTQ5L2VQaEQraFU4emVzUzZyUHA1aitRY1RDbzJTeWRrVFZjTzdVTHNVZTVaWXlhWlpMM1M4L1d3eXp1Z21ZTXRSZDJ4ZXNnOW5GSis0L3VaSEV5VHRHL2VBUDl2Z0pVVEJYQnkxaFg4ajZhaUlVPXw2OGQxOWE0ZmRmZTEzNDczNzlmZGMzNWU0NDY4MWM1NTRiZGY1MDgxNWNiMzEyZWI2YjIyZmIwZTg4MWQwNTViNzZjZmE4MDU4ODBlNGQ4NmY2N2VmNzNkMGEyNGJiZjhjYzFlYmZmYThjYWU0MTRiZjdjYTI5MDA1NDg1MWYyZDExNjljZDYzYzVmODM2Y2ZiNWVjMWY3Mzk5MzZhOWU4ZjkzNzU2ZjYzYTg3ZmViNmUzYzBjZDVlNGFmYTZjMTZhNjUwZmEzMjY5YWIzY2I2NzIxYThlNjdiODQ3ZWMzMDU0ZTFmZDVlOTFjN2M1YmY4YTg3ZDYyZGUyOTk4MGU1ZmMyZjM5Y2VlNTM4N2YwNDY2NmExZTA5NWJiNzRiMzA2MTllYWY3ZjFmN2EwYmU0YjM2ZTdhOWY4MjliMmQwZmE3N2FlMzZkMjM1ZTcwZDgwNjYyNzg4Nzk1ZDA3ODU1YTQwNjcyOGE1ODM3NmQ3ZTZhNWZiMzZjOWYwNGRkZjBlOTJmZmUyMGQzNjI1YmI2ZjQ1OWYxNWQ1N2U3NGYyNDdkNzZkZGE4YzdhMTJmNTZlYThiZmFhOTMyMzBjMDNiMTcyYTE1MjFkMGNjMWI2NWQ2MjViZjhhZmU0OTEwY2VkYmY0MWYxODBjZTVkZTQ4OTY4ZmQ0MzE4N2M0M2IwOHwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com&t=jsonp&c=mbamghnntnlbhrlg&eu=https%3A%2F%2Fwww--wellsfargo--com--g449329d48d6c.wsipv6.com%2F HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 90
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Fri, 02 Jun 2023 00:56:30 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=iGzb8mHfOc9DxBK0FkfRcEVZcnYKyZwmj6DMKqICmn4at%2fOMfT5D%2fK4+eAwB6cey; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:30 GMT;Httponly; Secure
_abck=CB42CF4582D4076EE31729FD011137E6~-1~YAAQhAplXxoADm2IAQAAKCObeQk/gy64VNHVKtOsPuzcLBMyX3NAh6LfkTu7/pYUM+wNpOs+DeXqvIjB9CPBUY1Hy0UBv6vO97SjIOePWWzhqW/lXaLHcZvVBI7esg/g5gd3p4LSs01wYa/TuszfhNUGKkSYKX1BklLy06yX64kSamY1MmZUnesDfTF4gJma6XRblFC3Cjs5YCSR32zRHdtmjR1amWS45pDlxUA0WtalhgcI8DxHc6gmxDzjgeFRTzfrcSOmljlSa0TOhjEBOyWT4JCoeKuGpbFxb4E+hBjmdqosL+YTD5sAOVn+usAp/aehD6NTO0YGyQ7NtUt7izVtIupD+f8tN8Wv0HagBpEecStOJBbOzenUSIHG5PEa~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:56:30 GMT; Max-Age=31536000; Secure
bm_sz=6B11F26D58D5FF84A988665089D0C126~YAAQhAplXxsADm2IAQAAKCObeRNpMb0vVUw7x7oyrwA4KFEM6r5Xo1gj82CQxzNOIBdyTPP7Q2sX9JoeB9droogvdKlnQ6GXjyFqHl2IaU45qFG5p3FSPMsRX/U3T0nblTn6E9zB4TKg4dCleCyUheMU1rM/dHq6FRquDsmVgUO1/IihQtnudn/cIECEpnpSMU4DiaLsdzEG9u6w860NKCUM+Olvrg8hl2dZZdahRfjjMWWsj5Lr2Hd7sakpZJTNdeVtnvZbiY4NiqiV25dPEzxqpdre3bWoY0a0jad6vyOBMQpLotW8~3356215~3163191; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:56:29 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.5562921853485782

95.101.10.194

200 OK

136 kB

URL GET HTTP/1.1
connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.5562921853485782
IP
95.101.10.194:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
136 kB (136477 bytes)
Hash
44fa8ecdca87de161267967c5527ae64
53bef5271074fc6e84245f9b91cee3b221d705b2
8dea7df38a8a848c969cfbe829e170b51cca58f06588ba31a7e1d9a00dd57ffe

HTTP Headers

GET /AIDO/mint.js?dt=login&r=0.5562921853485782 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 136477
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 02 Jun 2023 00:56:30 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=QG7HSaIo4TBZyG0KEzdGDpeMF7xO+qJlt6qG28Lw0bnyCnBLvQ0BXfVAdCSdHiPQ; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

connect.secure.wellsfargo.com/jenny/nd

95.101.10.194

200 OK

18 kB

URL GET HTTP/1.1
connect.secure.wellsfargo.com/jenny/nd
IP
95.101.10.194:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (2293)
Size
18 kB (17970 bytes)
Hash
fd84add9ed27b6aa5d0cddb1be1d07cf
07d7f552e82c7b83c71b16358b7efb063d78cb5d
9c654e7372a81694d6ef749266dc5a5297433a6a8eb57e1aef8f7735720db0f7

HTTP Headers

GET /jenny/nd HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/javascript;charset=ISO-8859-1
Content-Length: 17970
Date: Fri, 02 Jun 2023 00:56:30 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:55|g:d710d55b-5eb9-44e6-8112-3649c8aa10e7; Expires=Fri, 02 Jun 2023 00:57:00 GMT; Path=/; Secure
ADRUM_BTa=R:55|g:d710d55b-5eb9-44e6-8112-3649c8aa10e7|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 00:57:00 GMT; Path=/; Secure
SameSite=None; Expires=Fri, 02 Jun 2023 00:57:00 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812; Expires=Fri, 02 Jun 2023 00:57:00 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812|e:3; Expires=Fri, 02 Jun 2023 00:57:00 GMT; Path=/; Secure
ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=KhetXAY2V7I0FxNG3VrXL0gWVNQG5cwq1JCGZ1dvQjE%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:30 GMT;Httponly; Secure
_abck=1F1F90CAEFD655C57A6346AFF90BDD7B~-1~YAAQvgplX4+UCGuIAQAA2SWbeQktFQRkFE1EUnBwN8hiOiwuOeQqZu+Iw2jtLRpkgiF3ob0v2UYTbFQgjYjsUIkwLJuqQKdiiIByvh+vICEXOrN2PfC9aE71KVY+glkXg8f4dENRPQ8QNYykW1dTl0WjyoqtwwOk1lU1Y5puYP7yCHgTnNW8wav2WYyiEX1omuvvMvctQ3J4Sge+JYUEU7lPk8gCu19fm2sT8Zmf9lHgt1Mmc75oLL4QFagnTSfHdJtO2OxLkDGL8KJi+Q/UVIXTSMAePdlWe8JanIF5Md4BT1PsRaGP92rCjKaVYQ0UbwdPMnsyvRmPa6CRW3sn6IDgplKJzLJHV0TDKXZ0BTpWD2Lzxj8MdyHf27a3rMg+~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:56:30 GMT; Max-Age=31536000; Secure
bm_sz=603360B1BB7B89AE58C63AF97F9C03D0~YAAQvgplX5CUCGuIAQAA2iWbeRMMEpeb46h4CRQesth1GkCxRBSpob6lHPV1o8M5HNLXNxYny5sIjji7zrR1jNFAVKb34PjiYwRZIRMDBsYaYVqgtY+cZg0Ltl3xycuR6CByfCRx0AMBBWKv2YAonvB0zwr4o1+F5y5OxNgaH1hHZUCcWI+XdFgniw5xLDxGgVA+Bsu68lgTGm4VMHOf6O7Kyd5sQuHxdUZT/qKTv+9IBcRw/6XpW/DFPeXTtoSGjIyKV2Hsgar5+0j4nFv98esamBD6hFRKYcQo+8SeO33VeBmpD5ry~4407602~4404536; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:56:30 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--g449329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip

163.171.132.220

200 OK

134 B

URL POST HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
134 B (134 bytes)
Hash
85aa218a18915fe13f69ee8e84b9099e
f15b832aa001f4e4a56aac5fb5e151389a7f060b
5ed424d78d65049ceb92e0f39132dfa2da339ffd9e746bb3baabb8b021908775

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company

HTTP Headers

POST /dti_apg/api/dip/v1/dip HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
ADRUM: isAjax:true
Content-Length: 2044
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=; utag_main=v_id:0188799b18020014e8502e9d3c4d05046003700900918$_sn:1$_se:2$_ss:0$_st:1685669188338$ses_id:1685667387395%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTY5fKMb6hbF8CmqoxevqNh5DdaK3RyB8AlMoE2ko%2FE%3D%22%2C%22_s%22%3A%22RhtGcYt6%22%2C%22c%22%3A%22aWJvTTV3MmpPS0hZTU5CSg%3D%3DUA_Vxx7a7iCAOUIMgjyNq5l6Gxbuva1o7alXJhUXyVjlkH-DQcDl7ILw9xEtJDwMte2XavctoSW6D9-7kd-b5VURDTSR2xi4iiQ%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C79042662669807241127214594726795526491%7CMCOPTOUT-1685674588s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa; _cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0; ISD_WCM_COOKIE=!Wz30DVfMlUlAnvUGl7IZxfIs0wroUXoaFnashh3IojSZndayYgeX/LaqnHsUU50i7SiEbumGdHtX8U0=; ADRUM_BTa=R:27|g:1d3538d4-4a7b-4257-a9bb-d7ee7a3794c6|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:19; _gcl_au=1.1.1242268935.1685667389; _ga=GA1.2.2057671245.1685667389; _gid=GA1.2.840926131.1685667389; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoiXC9sa2RPWk1kUENNN211bGJoRit3Q2c9PSIsImUiOiJaYWdkU1ZqZlVQRlpidTlqNnR5aGszU2ZUSmxzM1JCbWhtZVNvRFdaWFZ0ZUxqbzFoOFpPdE5sOWZ5eXkyR0lkOFY3R3prdG56WWdkZmhYdlJjOWFIc0Z1aXhyWmZOXC9EZ0xSeDgzWHhnYVlZeVwvSWlmTXVaZGRmNkxTTXdzVkpuOXlUdEpTUGJRWTBTYjlIWHhUNjhcL0E9PSJ9.a21e264e28f0904a.YzY5ZDFiYTMwYTM4OGQzZjBlNDc5YjQzOTk0NDk0ZjA2N2IxY2FjYTI5NTY2MGJjZDE0ZjdmOTM5OTJmZDY4Yg%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:31 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 134
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
X-Akamai-Transformed: 9 206 0 pmb=mTOE,1
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=RyH4pXCcjkYdeiyTRqOBbILzauh9v5pEmIRL%2f9u749+5eYzSJsOzAQyc1NeQa%2fta; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:31 GMT;Httponly; Secure
_abck=900E5615295D1AE9C91B81EF2D84F316~-1~YAAQlNAXAnRPbHaIAQAARiebeQkswmnlegNqyg35yJV2IUbxgpmBub7rjBlAi3OKV1P8soy/G/wpLsrUdMriIeRg6CoQVmCKJ0WxWKgzQSBLf1sK2URln1ZwT9kHsRDCe4HZU6w4VhUFPfATcoNg/496KKcrrVkkwmtPwUMDVJYn0M91uIhaGow/hNTVXWKYkztvzQWz0sMmpzUnNh4SiZec0OseoCVg7NVhluJRGwLrJyWIMr54/ppgM6n5BJaUiLdpbukY31bbFhri7m230tR0ypE2fuXrgK+1x/iYAp+qGTrhIPIVDgfjQRscskJ+cFWEyNrDUpo7O1Ecpw5JJRJ0hdFtZWGtWlrxnORCpZeJoiuGH7hdwNcwjGXHXYnH~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:56:31 GMT; Max-Age=31536000; Secure
bm_sz=03E4ACBDDF0E9710438897EB38B2CD32~YAAQlNAXAnVPbHaIAQAARiebeRPvhTu5y6oxEmBwvm00WXW5dRjPN2cyVmQlNes3QsmYwmqcRyiXVqki9X9jOyrnrdSV9tJAQiuufEvuj5psm638Gx4ey+QzWDbM5G+Y/hcHsx/MuBucx36VIwMbJU2clqtXk43l7PtZFh/+zP1+hF4lwCc1TTPq/wh1EHdEqL2Q9j3nxy425dpCho6ix3Bd6jtsLdsmV/Z0UBr2//3IBq119Pwib2cZqA7WJj9ZhcdHEQw0oXwLxl6VDSAWIWt3xNViVed7m/T2m2I4xPO8LtbkyecW~3163443~4273732; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:56:31 GMT; Max-Age=14400
X-Via: 1.1 kf175:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3f_kf175_11820-24543

www--wellsfargo--com--g449329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load

163.171.132.220

200 OK

265 B

URL POST HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
265 B (265 bytes)
Hash
55a035b7af1c6426854e4734ea4eb0ab
0a693e15e07bf858683d1261ec6efd16a4e53113
6b474848a39da04381aadb2f696fdb6062373d6ba315c405020084882ae15599

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company

HTTP Headers

POST /dti_apg/api/imp/v1.0/report/?m&fq=load HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
content-type: text/plain;charset=UTF-8
Content-Length: 648
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=; utag_main=v_id:0188799b18020014e8502e9d3c4d05046003700900918$_sn:1$_se:2$_ss:0$_st:1685669188338$ses_id:1685667387395%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTY5fKMb6hbF8CmqoxevqNh5DdaK3RyB8AlMoE2ko%2FE%3D%22%2C%22_s%22%3A%22RhtGcYt6%22%2C%22c%22%3A%22aWJvTTV3MmpPS0hZTU5CSg%3D%3DUA_Vxx7a7iCAOUIMgjyNq5l6Gxbuva1o7alXJhUXyVjlkH-DQcDl7ILw9xEtJDwMte2XavctoSW6D9-7kd-b5VURDTSR2xi4iiQ%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_fr%22%3A10000%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C79042662669807241127214594726795526491%7CMCOPTOUT-1685674588s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa; _cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0; ISD_WCM_COOKIE=!Wz30DVfMlUlAnvUGl7IZxfIs0wroUXoaFnashh3IojSZndayYgeX/LaqnHsUU50i7SiEbumGdHtX8U0=; ADRUM_BTa=R:27|g:1d3538d4-4a7b-4257-a9bb-d7ee7a3794c6|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:19; _gcl_au=1.1.1242268935.1685667389; _ga=GA1.2.2057671245.1685667389; _gid=GA1.2.840926131.1685667389; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoiXC9sa2RPWk1kUENNN211bGJoRit3Q2c9PSIsImUiOiJaYWdkU1ZqZlVQRlpidTlqNnR5aGszU2ZUSmxzM1JCbWhtZVNvRFdaWFZ0ZUxqbzFoOFpPdE5sOWZ5eXkyR0lkOFY3R3prdG56WWdkZmhYdlJjOWFIc0Z1aXhyWmZOXC9EZ0xSeDgzWHhnYVlZeVwvSWlmTXVaZGRmNkxTTXdzVkpuOXlUdEpTUGJRWTBTYjlIWHhUNjhcL0E9PSJ9.a21e264e28f0904a.YzY5ZDFiYTMwYTM4OGQzZjBlNDc5YjQzOTk0NDk0ZjA2N2IxY2FjYTI5NTY2MGJjZDE0ZjdmOTM5OTJmZDY4Yg%3D%3D; ndsid=ndsauhi2vfjumkiliduuazd
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:31 GMT
Content-Type: text/plain
Content-Length: 265
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=EXIOegJsOERlEwMVf1FnX995eVGdgV9c+JbNm7fTX8KrtnSsQt2COaS0MbKucXGj; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:31 GMT;Httponly; Secure
_abck=5116E899AFD18DD0FFF9DAB86E5AEF22~-1~YAAQjtAXAvokd22IAQAAmSibeQnZPS5jR5tI19Fa1kqqDkiuVk3LY/CsEhmUp7rp8Dp/dq55PBF1kHnDVM8LJ+Mr0YyXBkHj9KHx9Yk3KY/lBOnV/LgZHm0wFv1CSP0+m1xqm9k3Wst+gkMGKzNfXGG65EIvL8k7i5PRgA5Im29jVN4hP1XszKRA+C3kFnC6bvhJEtx4m457EySqC/INDa9uBqZBIboRJ2rA1ki81OXd8R7INUlsMc3FMwcsC6pxGVGOyx4fDFwrBiBzsPpCNQS7dHZCzseOpMvhkKg9e91f3EYPNLRo2QmXInjExhfr9zeztVvAbYae9e9MH9NUvFECFgFhJVDaixYL+CHMmRwIJ9V56bB2CJIq8alv8jBk~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:56:31 GMT; Max-Age=31536000; Secure
bm_sz=610922FE73882FA80EE736E2A4327754~YAAQjtAXAvskd22IAQAAmSibeRPpT9DjYg2JwHmOKgYCHie3y7EbicYlLV/H31gkXpT7EWwL5HNoBwcXm/+X4+75qRlsAt0AFbLeh1gZzPn/ltEH7qgT6lorF6T+hNI/XwLqmR0LhStS/xid1Mrjkp39xe8vWcwV5r65VI0RsGGdnQJcNKUO4lN5s/SuQT+QSdzBRwGC2xp51UwLwnXiPaLKIOTxFuQUjd5LBsHLCwepZMxgE+WjYuhP6DJ2nCSDJeWD+GYnPEVwzQVA43RgVBAr38SvRRW6wfLQVBbB+STrHbmWgNWq~3163443~4273732; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:56:31 GMT; Max-Age=14400
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e3f_kf175_11820-24545

www--wellsfargo--com--g449329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?x

163.171.132.220

200 OK

0 B

URL POST HTTP/1.1
www--wellsfargo--com--g449329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?x
IP
163.171.132.220:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company

HTTP Headers

POST /dti_apg/api/imp/v1.0/report/?x HTTP/1.1
Host: www--wellsfargo--com--g449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
content-type: text/plain;charset=UTF-8
Content-Length: 296
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!mBrHDe/AJyVnZx1nfhFjdbQk89Ydzg6KcZMmzmgA2irTJclOePEBVYlAaAyM/dY3BCPWt2Z0N1qMb4g=; utag_main=v_id:0188799b18020014e8502e9d3c4d05046003700900918$_sn:1$_se:2$_ss:0$_st:1685669188338$ses_id:1685667387395%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTY5fKMb6hbF8CmqoxevqNh5DdaK3RyB8AlMoE2ko%2FE%3D%22%2C%22_s%22%3A%22RhtGcYt6yCrPXVyWkXoKmX7%2B%22%2C%22c%22%3A%22aWJvTTV3MmpPS0hZTU5CSg%3D%3DUA_Vxx7a7iCAOUIMgjyNq5l6Gxbuva1o7alXJhUXyVjlkH-DQcDl7ILw9xEtJDwMte2XavctoSW6D9-7kd-b5VURDTSR2xi4iiQ%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_fr%22%3A20000%2C%22diA%22%3A%22AT8%2BeWQAAAAAUf9Hjq5slgQGf%2BxzhRDI%22%2C%22diB%22%3A%22AcqJRvpzfD724TiLeTUSJCk5Kh9nDZLN%22%2C%22fr%22%3A%22hW8bR38RmKMP6lu7TVuNbg%3D%3DSVRoGLOOYJNc3-kGPDjl5MmLX3WFeGyL6QvRurDjaurIy7sfU8VpDIksG0AmSlvdSFrQPydwIGJWm-L1XTr3WreNoMOiytfuorRH9JLHtCc2St6FEZIt1HyU07E3SCXkX_A2S1XSlBpuvJUe08SzuksEDw_IaJxuw12SFCmdOPAWHZSyZNlBsNF0%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VeAveY7Riu3HkH90g%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C79042662669807241127214594726795526491%7CMCOPTOUT-1685674588s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa; _cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0; ISD_WCM_COOKIE=!Wz30DVfMlUlAnvUGl7IZxfIs0wroUXoaFnashh3IojSZndayYgeX/LaqnHsUU50i7SiEbumGdHtX8U0=; ADRUM_BTa=R:27|g:1d3538d4-4a7b-4257-a9bb-d7ee7a3794c6|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:19; _gcl_au=1.1.1242268935.1685667389; _ga=GA1.2.2057671245.1685667389; _gid=GA1.2.840926131.1685667389; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoiXC9sa2RPWk1kUENNN211bGJoRit3Q2c9PSIsImUiOiJaYWdkU1ZqZlVQRlpidTlqNnR5aGszU2ZUSmxzM1JCbWhtZVNvRFdaWFZ0ZUxqbzFoOFpPdE5sOWZ5eXkyR0lkOFY3R3prdG56WWdkZmhYdlJjOWFIc0Z1aXhyWmZOXC9EZ0xSeDgzWHhnYVlZeVwvSWlmTXVaZGRmNkxTTXdzVkpuOXlUdEpTUGJRWTBTYjlIWHhUNjhcL0E9PSJ9.a21e264e28f0904a.YzY5ZDFiYTMwYTM4OGQzZjBlNDc5YjQzOTk0NDk0ZjA2N2IxY2FjYTI5NTY2MGJjZDE0ZjdmOTM5OTJmZDY4Yg%3D%3D; ndsid=ndsauhi2vfjumkiliduuazd; _imp_di_pc_=AT8%2BeWQAAAAAUf9Hjq5slgQGf%2BxzhRDI
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:56:38 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Vh4Ebh6sY2wkCMLGCqxhU7KTZbDe+NbN9S%2fMBp5J42M%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:38 GMT;Httponly; Secure
_abck=60D3AABDB946573F4DD8A6DE6A72D84F~-1~YAAQjtAXAucld22IAQAABEObeQmGGB56AQek1b6CzHkJx0wv8KrH8UXh52A/mZGeJfLkgM6oDIeT65JiOrttq7muh9qjDW5L05mU8CsUTxcbe1AM9HHjSULGaq/UknsS/6V8OtZUfH64Sz3SZurZRjVUDdhYCyxtwQO3dFJDYlLZp79RUyGXzdWr5oB/EKo+FUIkzzN3dQUxO6J9BK/w8HDz87mYdBSbsEY6tkHO718N4w6oJsXQjbZ3o+wKF6c9NNySXR1SpM6Zx9PMsL9VY7p9HjABPsGeVi4Mpej/hEi38Yq+OqUCf2+s8pmPEd4DacHjHM9z9TRMP7PBJnBpQiz0jG8uqYwSdNhvAYZJrAUK7xzJXh59CaypLVP2s7zo~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:56:38 GMT; Max-Age=31536000; Secure
bm_sz=ADB8889E3999D79762A7C9D4DF175BD0~YAAQjtAXAugld22IAQAABEObeRP/3K3eV0bBvVoxRTVhVhOzwcVgoM7+RivE4im1pePHLkUfpu0ESoWJQWd395749JK586Giks+z2o2qM83u40KOK7Q2DDCwgsrpWGsKyUouMiz1+/g+uAUd4ZmDntMlWqXHnFitTikk12aGFRnKVTvI77p+0p12JPkh10kjzLezXnLu3G7a4Mbw/uVgK0YyQjegedvFc9PEKM5cM0TvTcpL3jDmdMdDJgH0Fw+AwHZ5ggLU3b57Br0xNLvljo2ZkewAM6Zvvidp0GFEBQg4kRq9TROe~4274228~3486000; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:56:38 GMT; Max-Age=14400
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793e46_kf175_11820-24662

95.101.10.104

164 B

URL POST
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0&_cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa&pid=b9e444aa-5016-4288-bd67-1ef240e61f55&sn=2&cfg=32a3f9ce&pv=2&aid=
IP
95.101.10.104:0
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
164 B (164 bytes)
Hash
c58e4ed58a01f35b3f7177189c58c7df
7790557e6a12a24209e477caa50d24f9adb10e34
7f88e31cce961c67bf7bb389dd01d6af352aa6e4d26f3f08bafae41f55356021

HTTP Headers

POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0&_cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa&pid=b9e444aa-5016-4288-bd67-1ef240e61f55&sn=2&cfg=32a3f9ce&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 34195
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=32a3f9ce; _cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa; _cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 164
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Fri, 02 Jun 2023 00:56:39 GMT
Connection: keep-alive
Set-Cookie: ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!02abQQ81Rd3H8V554TfMmyz5FQ342fi+SJYd8eigFSa4V540AYDhvY+2Alvl6J7/H2r03ugThjaR8Nc=; path=/; Httponly; Secure
DCID=zETNaAiEUBStrIxT7onCHIw7c%2fUx7sDq1XRmwTFTTQI%3d; Domain=rubicon.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:39 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

95.101.10.104

164 B

URL POST
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0&_cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa&pid=b9e444aa-5016-4288-bd67-1ef240e61f55&sn=3&cfg=32a3f9ce&pv=2&aid=
IP
95.101.10.104:0
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
164 B (164 bytes)
Hash
c58e4ed58a01f35b3f7177189c58c7df
7790557e6a12a24209e477caa50d24f9adb10e34
7f88e31cce961c67bf7bb389dd01d6af352aa6e4d26f3f08bafae41f55356021

HTTP Headers

POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0&_cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa&pid=b9e444aa-5016-4288-bd67-1ef240e61f55&sn=3&cfg=32a3f9ce&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 49245
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=32a3f9ce; _cls_v=1e9ce14b-cd35-4255-a0fa-e963fdc3dffa; _cls_s=0cd26bd3-bab3-47ae-9bb0-0ba9347d432a:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 164
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Fri, 02 Jun 2023 00:56:40 GMT
Connection: keep-alive
Set-Cookie: ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!n1SuUvLT/p3nAul54TfMmyz5FQ342XmfMthPFEnFjzICqbkbUGb7s0ln3G8r/XXi9QkSXNP0W0F35nY=; path=/; Httponly; Secure
DCID=2AIVIn6HRR8STQVrP0wURUJUpNWYyn09WH1JYVN2Guw%3d; Domain=rubicon.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:39 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50

34.213.146.121

200 OK

26 B

URL GET HTTP/2
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
IP
34.213.146.121:443
ASN
#16509 AMAZON-02

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.eum-appdynamics.com
FingerprintFC:48:9F:81:33:3D:2B:6F:D9:CA:C8:3B:5F:11:C2:DC:DE:71:48:F5
ValidityTue, 14 Jun 2022 00:00:00 GMT - Sat, 15 Jul 2023 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
26 B (26 bytes)
Hash
6a43099d5c8fe991a7aa7ebaca53069d
5bce2f0d57305c58c7b05bfce29ebb39a18f5570
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

HTTP Headers

GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 02 Jun 2023 00:56:30 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2

pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51

34.213.146.121

200 OK

26 B

URL GET HTTP/2
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
IP
34.213.146.121:443
ASN
#16509 AMAZON-02

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.eum-appdynamics.com
FingerprintFC:48:9F:81:33:3D:2B:6F:D9:CA:C8:3B:5F:11:C2:DC:DE:71:48:F5
ValidityTue, 14 Jun 2022 00:00:00 GMT - Sat, 15 Jul 2023 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
26 B (26 bytes)
Hash
6a43099d5c8fe991a7aa7ebaca53069d
5bce2f0d57305c58c7b05bfce29ebb39a18f5570
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

HTTP Headers

GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 02 Jun 2023 00:56:30 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2

pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum

34.213.146.121

200 OK

0 B

URL POST HTTP/2
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP
34.213.146.121:443
ASN
#16509 AMAZON-02

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.eum-appdynamics.com
FingerprintFC:48:9F:81:33:3D:2B:6F:D9:CA:C8:3B:5F:11:C2:DC:DE:71:48:F5
ValidityTue, 14 Jun 2022 00:00:00 GMT - Sat, 15 Jul 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 1535
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 02 Jun 2023 00:56:36 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:55|g:53c5002f-5591-451d-92e5-0dc15a7d9e9d; Path=/; Expires=Fri, 02-Jun-2023 00:57:06 GMT; Max-Age=30
ADRUM_BTa=R:55|g:53c5002f-5591-451d-92e5-0dc15a7d9e9d|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e; Path=/; Expires=Fri, 02-Jun-2023 00:57:06 GMT; Max-Age=30
SameSite=None; Path=/; Expires=Fri, 02-Jun-2023 00:57:06 GMT; Max-Age=30; Secure
ADRUM_BT1=R:55|i:559461; Path=/; Expires=Fri, 02-Jun-2023 00:57:06 GMT; Max-Age=30
ADRUM_BT1=R:55|i:559461|e:12; Path=/; Expires=Fri, 02-Jun-2023 00:57:06 GMT; Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 12
server: envoy
X-Firefox-Spdy: h2

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.e50d6f2958b549874d2c.chunk.js

95.101.10.136

200 OK

610 kB

URL GET HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.e50d6f2958b549874d2c.chunk.js
IP
95.101.10.136:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT

File type

Size
610 kB (609503 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /accounts/static/7M/accounts/public/js/vendor.e50d6f2958b549874d2c.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 366646
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-59836"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Fri, 02 Jun 2023 00:56:29 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=y5nD8xoG1hfcslAUyDwl3ljtpP%2fl8hOyrxe8nK+HiGI%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:28 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum

34.213.146.121

200 OK

0 B

URL POST HTTP/2
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP
34.213.146.121:443
ASN
#16509 AMAZON-02

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.eum-appdynamics.com
FingerprintFC:48:9F:81:33:3D:2B:6F:D9:CA:C8:3B:5F:11:C2:DC:DE:71:48:F5
ValidityTue, 14 Jun 2022 00:00:00 GMT - Sat, 15 Jul 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 10879
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 02 Jun 2023 00:56:30 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:55|g:9d1f5adf-d314-4302-bcf8-b14679bc074d; Path=/; Expires=Fri, 02-Jun-2023 00:57:00 GMT; Max-Age=30
ADRUM_BTa=R:55|g:9d1f5adf-d314-4302-bcf8-b14679bc074d|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e; Path=/; Expires=Fri, 02-Jun-2023 00:57:00 GMT; Max-Age=30
SameSite=None; Path=/; Expires=Fri, 02-Jun-2023 00:57:00 GMT; Max-Age=30; Secure
ADRUM_BT1=R:55|i:559461; Path=/; Expires=Fri, 02-Jun-2023 00:57:00 GMT; Max-Age=30
ADRUM_BT1=R:55|i:559461|e:18; Path=/; Expires=Fri, 02-Jun-2023 00:57:00 GMT; Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.77e559b79db575fffbe9.chunk.js

95.101.10.194

200 OK

681 kB

URL GET HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.77e559b79db575fffbe9.chunk.js
IP
95.101.10.194:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT

File type

Size
681 kB (680981 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /accounts/static/7M/accounts/public/js/wfui.77e559b79db575fffbe9.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 331228
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-50ddc"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Fri, 02 Jun 2023 00:56:29 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=iqSb9A9m8PCg%2f2Kw5suRRwiLb0RY9ErLcdV9lukQF5r8DPCTd8OSPoh8qh0E09Gx; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.a939a86ee26c77766c4a.chunk.js

95.101.10.194

200 OK

941 kB

URL GET HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.a939a86ee26c77766c4a.chunk.js
IP
95.101.10.194:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT

File type

Size
941 kB (941155 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /accounts/static/7M/accounts/public/js/main.a939a86ee26c77766c4a.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--g449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 307653
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-4b1c5"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Fri, 02 Jun 2023 00:56:29 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=RF36oMSPyrmdq9q8WLE6lBT1ptgN83bQF5crdeTk7JuJXynoQxnrmMcMO4Lm5%2fxC; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 01:11:28 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (31)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML