Report - www--wellsfargo--com--6f49329d48d6c.wsipv6.com/

Report Overview

Submitted URL
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
IP
163.171.131.129
ASN
#54994 QUANTILNETWORKS
Submitted
2022-12-08 01:30:41
Access
Website Title
Final URL
Tags
None
urlquery detections
Phishing - Wells Fargo

Detections

urlquery
18
Network Intrusion Detection
0
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	541 B	694 B	142.250.74.67
www--wellsfargo--com--6f49329d48d6c.wsipv6.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	67 kB	692 kB	163.171.131.129
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.186.209.73
api.rlcdn.com	791	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	465 B	192 B	34.120.133.55
static.wellsfargo.com	12306	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.7 kB	404 kB	23.36.79.26
www17.wellsfargomedia.com	76964	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	14 kB	381 kB	104.110.27.78
connect.secure.wellsfargo.com	11812	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	7.9 kB	1.1 MB	23.36.79.24
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	680 B	1.9 kB	172.64.155.188
wellsfargobankna.demdex.net	10546	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	562 B	1.2 kB	34.251.90.149
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.33.119.27
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	8.0 kB	93.184.220.29
adservice.google.no	96969	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	740 B	1.1 kB	142.250.74.130
pdx-col.eum-appdynamics.com	4816	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	1.8 kB	44.239.15.23
ocsp.dcocsp.cn	33518	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	338 B	1.1 kB	47.246.44.230
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.1 kB	8.4 kB	142.250.74.131
googleads.g.doubleclick.net	42	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	873 B	1.4 kB	142.250.74.162
dpm.demdex.net	204	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	2.3 kB	34.251.90.149
rubicon.wellsfargo.com	11786	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	625 B	1.1 kB	23.36.79.18
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	666 B	142.250.74.110
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	662 B	741 B	108.177.14.157
www.facebook.com	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	591 B	349 B	157.240.200.35
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.9 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	49 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-12-07	medium	www--wellsfargo--com--6f49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-07	medium	www--wellsfargo--com--6f49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-07	medium	www--wellsfargo--com--6f49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-07	medium	www--wellsfargo--com--6f49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-07	medium	www--wellsfargo--com--6f49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-07	medium	www--wellsfargo--com--6f49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-07	medium	www--wellsfargo--com--6f49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-07	medium	www--wellsfargo--com--6f49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-07	medium	www--wellsfargo--com--6f49329d48d6c.wsipv6.com/	Wells Fargo & Company

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (31)

	URL	Size	First Seen	Last Seen
	static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js	32 kB	2023-03-07	2023-11-04
Pretty URL static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js IP 23.36.79.26 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2023-11-04 00:29:39 Times Seen29 Hash 162100f507af8b50f1406bf3fc405ce5 cf0a2bf9b914710962e0dd7899b93ba5ceb5134d e9a598a5cc23c24a8ecc364ed7413961e416f5e9ec3df513ad9a12cda625a279 Loading...

	www--wellsfargo--com--6f49329d48d6c.wsipv6.com/	306 B	2023-03-07	2023-04-05
Pretty URL www--wellsfargo--com--6f49329d48d6c.wsipv6.com/ IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2023-04-05 02:01:42 Times Seen260 Hash bf7d1aee3b865a6842835bce8c0a0685 c5213d92fbf617eec79bcade5d93355daf5f199f a14e4c94d8fddca88038c337df0f10bc9bc25460c913bdb20c064ac48ca545a8 Loading...

	www--wellsfargo--com--6f49329d48d6c.wsipv6.com/	114 B	2023-03-08	2023-04-13
Pretty URL www--wellsfargo--com--6f49329d48d6c.wsipv6.com/ IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:59:53 Last Seen2023-04-13 08:50:12 Times Seen270 Hash 365ddb72c37cebb912aa0592fee6d67b 4db151969054fda826b478c23c47ca594d1aefdf 3ee0b2776fac2745ea071d2476528f6190f67abe0491ce74aedbb02f2bd7e0b6 Loading...

	www--wellsfargo--com--6f49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js	538 kB	2023-03-08	2023-03-13
Pretty URL www--wellsfargo--com--6f49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:03:38 Last Seen2023-03-13 19:24:38 Times Seen1 Hash 2527531002b85960239d82afa22c7acb 602fb4f7cec1213a27fca1773c78af27678475e4 58020c2639ef4df91190872d5dda8cb517fbdde491cb2fde718916b58f3b57d1 Loading...

	static.wellsfargo.com/tracking/ga/ec.js	2.8 kB	2023-03-07	2024-03-28
Pretty URL static.wellsfargo.com/tracking/ga/ec.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-03-28 17:41:50 Times Seen4661 Hash 0ae62a83927125e9b9dfa97f89af9d3f efb68f49f2b9b6b5567bf26a17015ede289e429d 618688d9849fef712931832c71e01be145d1791d6da917a702ab86a74ce66089 Loading...

	connect.secure.wellsfargo.com/AIDO/glu.js	69 kB	2023-03-08	2023-03-08
Pretty URL connect.secure.wellsfargo.com/AIDO/glu.js IP 23.36.79.24 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 21:19:13 Last Seen2023-03-08 21:19:13 Times Seen1 Hash 9986798eca6d98ebe9f995a8a2aea4bc 738b2359f0d91a56b43a92fb45766f99dde3d862 79dcaedd0a082648402e8b1a3e9b4622fc26ae1a7fefc67a15070bd6fff26e6c Loading...

	connect.secure.wellsfargo.com/auth/static/prefs/atadun.js	1.2 kB	2023-03-07	2024-04-19
Pretty URL connect.secure.wellsfargo.com/auth/static/prefs/atadun.js IP 23.36.79.24 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-19 19:43:46 Times Seen4753 Hash 566dda94252f1860a7a28665c715b530 6aa0455dc8ea41441b1f3a733985758dc40af736 43dd833f33570535401d009e6b6f9cde54bdac4e210fc6c89cfdcfcbaa9fc903 Loading...

	static.wellsfargo.com/tracking/hp/utag.js	205 kB	2023-03-08	2023-03-13
Pretty URL static.wellsfargo.com/tracking/hp/utag.js IP 23.36.79.26 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:19:07 Last Seen2023-03-13 03:25:42 Times Seen1 Hash c49f02d7e266f43a86d049fb03ec2e84 81f75202544d483a0ec714ddf4d90470c09f4a72 a1c2d9ec5a1e85656556a423d105950bf1ba6c71324ba02fa3b3358f1cb4bd65 Loading...

	www--wellsfargo--com--6f49329d48d6c.wsipv6.com/	252 B	2023-03-07	2024-04-24
Pretty URL www--wellsfargo--com--6f49329d48d6c.wsipv6.com/ IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-24 01:46:25 Times Seen2499 Hash 4f6526fc5cfbf8f77c674e5cb40c36d6 94bb860d263ab388eea733a7a0e7fc00717d0637 06249a30772721e1f681be4a0d74c05a58b36a266c273eafdbe86ebcca83aabc Loading...

	connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js	1.2 kB	2023-03-08	2023-03-13
Pretty URL connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js IP 23.36.79.24 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:55:54 Last Seen2023-03-13 18:26:06 Times Seen1 Hash 439057c862d1967b1aeeacd491fb6d6a 5a7e1d2191e546aea4ff59a752a834afc89890c0 ae212a56fa9bf5613e72d1d44ca54d5ac9854447f3a537f5b148064e8ab7083e Loading...

	www--wellsfargo--com--6f49329d48d6c.wsipv6.com/	199 B	2023-03-07	2024-03-28
Pretty URL www--wellsfargo--com--6f49329d48d6c.wsipv6.com/ IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-03-28 17:41:48 Times Seen2469 Hash e086f28166bf73bc94e3cd49222ba6b3 e672fcd875785616f34372b6dd2a8245edbd0ca6 268683f78bf540a4628d352b35364a4405e8f1693eaee6a34e081045b1f95e54 Loading...

	static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js	48 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js IP 23.36.79.26 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-08 03:26:09 Times Seen4875 Hash aeccb854b0a76aa9f478e466c8011b29 625d31cbeb8978cf2419f58d14bba92a42dbb45c 7f0d10bc282c3d7b0eb4d7527303490f8d3b86a1c65e293c2d9f0793006441e6 Loading...

	connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEB3Zkh1NWpzRm5tKzB4a28rcjNtL1NKZmZDRHZNRGtqb2ZYME1Ia1pvano5OE43T2lpcitZYzNsNEdRc2FQM0swa2YzVHFZV0dEZlBqRkNpY1p0NmRHZUtZdTBHUVQ4RUF5cDFZcUhPUGlnMmxLYWpjZ0FkNjNhN3NKSnJUSlpPaDdLendxcTA5N01jcnIvUGxKMThNWGw1YUJXQURTdGtqZjhkcXFzT0tNUkRyeFA0R3BybmtKejh6R2dpd0xFUi8rVkRmayt1NUV6N1I0T1Qwd1ZPMGNrSy9QWThncFdyeExyemE1dll4aFFjcW5JaGhaU285ZHFOY1dEZlJvbWpnNk55bXArbkVmdVQyS2JId2g2eENPNXJBNHpnMjc0OGJCWEU2TjQwPXwzZjY4MDQ0ZDc3NWM1YTQ1NmM2MzMxOTVjNTFkMTI5OWNjOTEyM2QzZjdkNzM5ZmY0ZGY5YmZhNzI4N2U1MGRkZGQ3OWIxZGJmYzEwNDIyNGQxOGY1MzNhNWU1MTk5OWFjODk0N2FkYmM4MDE4NGE3ODVjYzZhNDhhYWUxMDY4NTUwYmQ2NjJkODFlZTVlMGEzOGRiNzY5MGNmMDlmZTRhMzFiZGYwNDgzNmRhYjQzNGY4NjczNTYwYTk2MTZlZTgzYTJmMWZiOWQ2MGFkYTc4OTM2ZTBiOTY3MDVmOWIyOTlmMmNmZDcwODUwYWE3M2Y5OTAxZTRlN2EwNzI2YThkNTlkOGZhODJjM2I2ZDIzMTBlMGM4NDNmMTJhMGZmMDI0MWM0OTUwYWFiMzIxZTJjMWVmZGVkNDIzN2EwOTlmYmQ1ZDcyMTJkMzg0ZmI3Yzc2OTIzZTU2YzUxOTk4MDg5Y2E3YmY5MDFiNzAyYmVkMzM0MmJmNGRjMjVmZjU5N2NiZGI1MTQ1MWFlYWQ5OTJiNDhkYmZiN2E4MmEyOTY0N2JmMmJiZTBlMDRiODI4NzJlMmY1NDhjMjllMTUzY2ZkZjM5YWMzZTUyYjMyMTIxZThmN2ZjN2ZjMDlkNmM1MjA2MGMzYTE0YTFiMTM5YzM3Mjc0OGZjODY5ZTAxZmQyMnwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com&t=jsonp&c=ihizgeur_qxuboma&eu=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F	90 B	2023-03-08	2023-03-08
Pretty URL connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEB3Zkh1NWpzRm5tKzB4a28rcjNtL1NKZmZDRHZNRGtqb2ZYME1Ia1pvano5OE43T2lpcitZYzNsNEdRc2FQM0swa2YzVHFZV0dEZlBqRkNpY1p0NmRHZUtZdTBHUVQ4RUF5cDFZcUhPUGlnMmxLYWpjZ0FkNjNhN3NKSnJUSlpPaDdLendxcTA5N01jcnIvUGxKMThNWGw1YUJXQURTdGtqZjhkcXFzT0tNUkRyeFA0R3BybmtKejh6R2dpd0xFUi8rVkRmayt1NUV6N1I0T1Qwd1ZPMGNrSy9QWThncFdyeExyemE1dll4aFFjcW5JaGhaU285ZHFOY1dEZlJvbWpnNk55bXArbkVmdVQyS2JId2g2eENPNXJBNHpnMjc0OGJCWEU2TjQwPXwzZjY4MDQ0ZDc3NWM1YTQ1NmM2MzMxOTVjNTFkMTI5OWNjOTEyM2QzZjdkNzM5ZmY0ZGY5YmZhNzI4N2U1MGRkZGQ3OWIxZGJmYzEwNDIyNGQxOGY1MzNhNWU1MTk5OWFjODk0N2FkYmM4MDE4NGE3ODVjYzZhNDhhYWUxMDY4NTUwYmQ2NjJkODFlZTVlMGEzOGRiNzY5MGNmMDlmZTRhMzFiZGYwNDgzNmRhYjQzNGY4NjczNTYwYTk2MTZlZTgzYTJmMWZiOWQ2MGFkYTc4OTM2ZTBiOTY3MDVmOWIyOTlmMmNmZDcwODUwYWE3M2Y5OTAxZTRlN2EwNzI2YThkNTlkOGZhODJjM2I2ZDIzMTBlMGM4NDNmMTJhMGZmMDI0MWM0OTUwYWFiMzIxZTJjMWVmZGVkNDIzN2EwOTlmYmQ1ZDcyMTJkMzg0ZmI3Yzc2OTIzZTU2YzUxOTk4MDg5Y2E3YmY5MDFiNzAyYmVkMzM0MmJmNGRjMjVmZjU5N2NiZGI1MTQ1MWFlYWQ5OTJiNDhkYmZiN2E4MmEyOTY0N2JmMmJiZTBlMDRiODI4NzJlMmY1NDhjMjllMTUzY2ZkZjM5YWMzZTUyYjMyMTIxZThmN2ZjN2ZjMDlkNmM1MjA2MGMzYTE0YTFiMTM5YzM3Mjc0OGZjODY5ZTAxZmQyMnwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com&t=jsonp&c=ihizgeur_qxuboma&eu=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F IP 23.36.79.24 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 21:19:13 Last Seen2023-03-08 21:19:13 Times Seen1 Hash 99e3ad1eba5f8ad66fbbc785d5ae011b 48843c9b2a82cedb0592addd87390fb367e6d001 e3f728d10ec2920abd1eab50a9e1ace303b0c9da332fbc4557fef7ca41c3a728 Loading...

	www--wellsfargo--com--6f49329d48d6c.wsipv6.com/ngflDmct_8__GE5CZEW8/r9V9D8VJ7V/M3MLaQE/XhU/UMB0ABkEB	196 kB	2023-03-08	2023-03-12
Pretty URL www--wellsfargo--com--6f49329d48d6c.wsipv6.com/ngflDmct_8__GE5CZEW8/r9V9D8VJ7V/M3MLaQE/XhU/UMB0ABkEB IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:47:01 Last Seen2023-03-12 21:10:57 Times Seen1 Hash b61f7de6cec194f0a00bdf64b7c3aa14 62b17d0d97ff2c18580f8adc67a8b95a339239eb 0c7b79ba74a86379afcd374b523379e8fa2239d920b9fa130ab4996de7590dc1 Loading...

	www--wellsfargo--com--6f49329d48d6c.wsipv6.com/	388 B	2023-03-08	2023-03-08
Pretty URL www--wellsfargo--com--6f49329d48d6c.wsipv6.com/ IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 21:19:13 Last Seen2023-03-08 21:19:13 Times Seen1 Hash 55606955f0b41b7d766e1da4d529b1e5 b49e3590dbde4355fe3dc74851375b995169d38f a5059fff8c584870e7386c786f8e1d51b9543a768cb325b23734cf94cd994641 Loading...

	static.wellsfargo.com/tracking/ga/ga_conversion_async.js	36 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/tracking/ga/ga_conversion_async.js IP 23.36.79.26 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-08 03:26:09 Times Seen4900 Hash 0a40602db7616a31c9da4548ee920190 878e01cb0c90cb247aabc137327655a6fcffcbd5 6c771bd1c269646a76015f2f6410a40c031e5adea88f665bfe9ae15a972ab6ab Loading...

	connect.secure.wellsfargo.com/PIDO/pic.js?r=0.47435318577464447	78 kB	2023-03-08	2023-03-08
Pretty URL connect.secure.wellsfargo.com/PIDO/pic.js?r=0.47435318577464447 IP 23.36.79.24 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 21:19:13 Last Seen2023-03-08 21:19:13 Times Seen1 Hash 350d299c759affad74029748ddbb6193 84f6f6f1918d2fbccf3a4ec2dcdfa5afc6001217 7449f0937d5414eb0984f75884b85282077bebb48aebe45d7c8cf1eedab86c54 Loading...

	connect.secure.wellsfargo.com/jenny/nd	52 kB	2023-03-08	2023-03-08
Pretty URL connect.secure.wellsfargo.com/jenny/nd IP 23.36.79.24 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:55:30 Last Seen2023-03-08 21:19:16 Times Seen1 Hash 93f1bd0f4c1d1f9b1aa3379a720721b5 4aa3da3f7c46709339f7a312ced78786a4b784ea 5ad99a28f66b7f8ad69d3ca5c335d69ef112fdad5b4a5b375cc324418ed6b0f4 Loading...

	www--wellsfargo--com--6f49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js	56 kB	2023-03-08	2023-03-13
Pretty URL www--wellsfargo--com--6f49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:30:44 Last Seen2023-03-13 04:06:15 Times Seen1 Hash 69d78e2cf9a8928376449948d17e716e 32495fc43cfe023a0441b5ac991168db0de39a98 f9dd179ea0ec98ffe4c687564c30584fe4ef8fcdf03347d8f3657eee6958c61b Loading...

	unknown	0 B	2023-03-07	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-27 06:22:07 Times Seen37112185 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www--wellsfargo--com--6f49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single	11 kB	2023-03-08	2023-03-08
Pretty URL www--wellsfargo--com--6f49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 21:19:13 Last Seen2023-03-08 21:19:13 Times Seen1 Hash 0ca6df04b3547b8f7c6360e9f5e9fbdd a3d5234ec2acde370f98db06ca0228b4e2ab7f78 a377e30e31bf2742b9983a985547ad442fffc6069d1a40dc4ac5e727ce5b86c3 Loading...

	static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js	2.0 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js IP 23.36.79.26 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-08 03:26:08 Times Seen4778 Hash e7cf4c458b327ab7ed31e0936ccd404f 970bf05073f91ad6b8f21521f7c9886f71f2af1d 52b687a685d2239142be0db5335c5710951ba8c2b39a44431a40f156b4d9312d Loading...

	static.wellsfargo.com/tracking/gb/detector-dom.min.js	440 kB	2023-03-08	2023-04-13
Pretty URL static.wellsfargo.com/tracking/gb/detector-dom.min.js IP 23.36.79.26 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:19:07 Last Seen2023-04-13 08:50:50 Times Seen267 Hash d980391562cb88335867228eb62355e0 ee7af0c08ee43ff66f6bba09c08852f7b3859a42 313c07f6e4facc5730db27563c4aeaad1a86126333d448e47c7b29adb1f806fd Loading...

	connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js	269 kB	2023-03-08	2023-03-08
Pretty URL connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js IP 23.36.79.24 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 21:19:13 Last Seen2023-03-08 21:19:13 Times Seen1 Hash 8a39050e96e50178e10ab91b4e9da3ba 8033bc322fd9d35a221660e43676bf0de31a18ff 51c68c5daa16811ca169f22ee0769af8291c2765c177c3370f7788570fdc4cb4 Loading...

	connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.6688844930898981	88 kB	2023-03-08	2023-03-08
Pretty URL connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.6688844930898981 IP 23.36.79.24 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 21:19:13 Last Seen2023-03-08 21:19:13 Times Seen1 Hash 12a9766ed61e368e4a5d514bdc3b3dc7 069f25c8c49c996644cb6171a90f5e22865883ef c0a2d71e9e58c2d66f6b638a42c7ce892f308f8e8f54f090f6fef9d4f21a8cf4 Loading...

	www--wellsfargo--com--6f49329d48d6c.wsipv6.com/	126 B	2023-03-07	2024-03-28
Pretty URL www--wellsfargo--com--6f49329d48d6c.wsipv6.com/ IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-03-28 17:41:49 Times Seen2471 Hash f1b0375ca8995f583d4f31df97c9e172 d901e5604947f5b57d3bda7a78e92cdcef0439ec a6117a82be9fcdf7e808ce5f2a8b37a4b0dc1dd7052feb6088fc72f32503343d Loading...

	www--wellsfargo--com--6f49329d48d6c.wsipv6.com/	691 B	2023-03-07	2024-03-28
Pretty URL www--wellsfargo--com--6f49329d48d6c.wsipv6.com/ IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-03-28 17:41:49 Times Seen2441 Hash 48aed8d68c7d2fffc25f5635f592d555 910339ea378c481f21efced8b39c292816bc2fbd 54900b733cd406a3d2232358c17db394d9c2b5118167fbdf4f769a105635a6e2 Loading...

	www--wellsfargo--com--6f49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AMCNWu-EAQAAtb18JPLevGML_CvtfjmQSNryDXJQwXUSRGR5glowJ7hDS6-b&X-G2Q3kxs3--z=q	266 kB	2023-03-08	2023-03-08
Pretty URL www--wellsfargo--com--6f49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AMCNWu-EAQAAtb18JPLevGML_CvtfjmQSNryDXJQwXUSRGR5glowJ7hDS6-b&X-G2Q3kxs3--z=q IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 21:19:12 Last Seen2023-03-08 21:19:16 Times Seen1 Hash 71dc600b3a72093bc491f7c07c4228cb 16a436670bb7c84fdee231bd37ad688ed9788919 11f068a37c3e17c027512c1464dd7b938d9a07510da0747d05d5a14c1b4f18ec Loading...

	static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1	117 kB	2023-03-08	2023-09-21
Pretty URL static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1 IP 23.36.79.26 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:36:56 Last Seen2023-09-21 03:50:16 Times Seen11701 Hash 91c536ff4d2c8db1822702f866e60b08 3370d3721e28923f099da1985f718a88015975aa d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a Loading...

	static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js	45 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js IP 23.36.79.26 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-08 03:26:09 Times Seen4864 Hash 5f310e2e2a558d76b916e137aee73462 c7ff0190c9c2c414321211f3863e9e27f32b713e 385196f0fce7cea80c2c99d971780ecb73df9dea6e5b2d95d19df3aa849c7b1f Loading...

	static.wellsfargo.com/tracking/ga/ga.js	49 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/tracking/ga/ga.js IP 23.36.79.26 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-08 03:26:09 Times Seen4882 Hash 8402e9ebdf9290c018b0617018227681 2d840fcd6c3008d9aca747ba0ce056b496db8e1b 0b2af045acafbdf14516bf55f310568036ace959946d16edb1acebcd58029d22 Loading...

HTTP Transactions (139)

URL IP Response Size

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12136
Expires: Thu, 08 Dec 2022 04:52:45 GMT
Date: Thu, 08 Dec 2022 01:30:29 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3704
Expires: Thu, 08 Dec 2022 02:32:13 GMT
Date: Thu, 08 Dec 2022 01:30:29 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 08 Dec 2022 01:08:06 GMT
content-type: application/json
age: 1343
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
00e7703bd74975689fc9050356aaca6b
9788fe6a36d6f278e8da329ebc5dd87bcd212317
593bc437ff8a8233516c62613d50220fcb25b9f967ed5fb384c253f0db135103

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "593BC437FF8A8233516C62613D50220FCB25B9F967ED5FB384C253F0DB135103"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7962
Expires: Thu, 08 Dec 2022 03:43:11 GMT
Date: Thu, 08 Dec 2022 01:30:29 GMT
Connection: keep-alive

ocsp.dcocsp.cn/

47.246.44.230

200 OK

471 B

URL HTTP/1.1
ocsp.dcocsp.cn/
IP
47.246.44.230:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
471 B (471 bytes)
Hash
27c4362835c05b244608a470943792c1
fe63f386d5c88511610b38d415bb5c4cbed8e8e8
9361c4d19dad365304cf30b60cf88234693447bdbe8d6edcc2ee2e08119362c6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Thu, 08 Dec 2022 01:14:40 GMT
Last-Modified: Wed, 07 Dec 2022 14:24:42 GMT
ETag: "6390a22a-1d7"
Expires: Fri, 09 Dec 2022 14:24:42 GMT
Accept-Ranges: bytes
Ali-Swift-Global-Savetime: 1670462080
Via: cache21.l2de2[0,0,200-0,H], cache25.l2de2[1,0], cache1.se1[0,0,200-0,H], cache1.se1[1,0]
Age: 949
X-Cache: HIT TCP_MEM_HIT dirn:4:235880954
X-Swift-SaveTime: Thu, 08 Dec 2022 01:25:28 GMT
X-Swift-CacheTime: 2952
Timing-Allow-Origin: *
EagleId: 2ff62c9516704630293831880e

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: DiCBDUAL0h+3rlrnFnUHfPv/rouibxmM7nIZPD3ntmd+mZnH2On6hm88+JHg6SqjKTgaXpk67F609SPOMkpnWw==
x-amz-request-id: 728PXC2F19JG36AS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 08 Dec 2022 00:47:43 GMT
age: 2566
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 01:30:29 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 08 Dec 2022 01:07:55 GMT
age: 1354
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/

163.171.131.129

200 OK

18 kB

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (731), with CRLF line terminators
Size
18 kB (17761 bytes)
Hash
9394c3bacf4b7e1160b28b5e22ec0ce5
32df647d49e9852f345aaf6ad551c0362eb38829
16e712d0056d9873befac61f5ed5eff2bf16aa858546d336b3bae444da61e45a

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company

HTTP Headers

GET / HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:2$_ss:0$_st:1670464726608$ses_id:1670462925538%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067726%7C6%7CMCAAMB-1671067726%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-144558651%7CMCOPTOUT-1670470126s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:30 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 17761
Connection: keep-alive
Expires: -1
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-c24d2661-addb-4257-89ca-7c9036990e4d' 'self' https://*.wellsfargo.com https://*.wfinterface.com;report-uri https://ort.wellsfargo.com/reporting/csp
Content-Language: en-US
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Akamai-Transformed: 9 21494 0 pmb=mTOE,1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:db7a3bb6-16da-43ba-b5b8-22f6921ada7b; Expires=Thu, 08-Dec-2022 01:30:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:0|g:db7a3bb6-16da-43ba-b5b8-22f6921ada7b|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 08-Dec-2022 01:30:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Thu, 08-Dec-2022 01:30:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894; Expires=Thu, 08-Dec-2022 01:30:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:66; Expires=Thu, 08-Dec-2022 01:30:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=112022120717302992137691; domain=.wellsfargo.com; path=/; expires=5 Dec 2032 01:30:29 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=; path=/; Httponly; Secure
WesdAksn=Ax0BW--EAQAAA2FtrTBvVF-3tYJM7jgxTSAq8LoYpy6KhTmyFlc8p1vuXKIuAaOrg2CcuDv8wH8AAEB3AAAAAA|1|0|f2f1bfac1490310cd618c7bb9e82b42f0ed88751; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=msZW5EYw8HIREaHzqf3AwzrIyGc%2fR0jLWTpZaa%2fQD1c9G53YFdMRPUA5SDbN7htS; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:29 GMT;Httponly; Secure
_abck=96A825AD3966AE014C86226616397860~-1~YAAQHWgRYLgYKoqEAQAAHQNb7wncKeAid0l/1xKwIb4VmHy5n2+dgsk9F2SO7KlJ0n2IS3Ggo70CIrMWARz6pcRKGNot0i+TrXmUqtURAGyqKGt2Yi6doIWLEezpr3LojUuxACTZHGHRqqupKHMRDkJuWhSlDKxBXgikFY4IosPten0VY7gCZlnf5MsDvH3kEe8Tr6yxH/r5uJLhReSpDd0s5Us0El/hBx/lPHJA76+tLqm6j9tDqZBN4FnKfIQ92Eb9b0aqnJP+p9+92jHVcHZH5PbHR5TQ9blvyHOwIP4v9UBnG4JuhUrT8rV+KOsoOHmFW6OUmtyZFv/FVucOjrnfSa+dNw70fixm3hz9+o1tgLGFVos2dZ8Gsc/tcHGtiQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 08 Dec 2023 01:30:30 GMT; Max-Age=31536000; Secure
bm_sz=6D112A012FE0EB34C352DC2B41057C55~YAAQHWgRYLkYKoqEAQAAHQNb7xKNgLcnbyCP7Iu7sO0ib6bodf3q+iDYvnZwGgY+TU35NcPkWEuLGGrSQC316zrJ9aefOCvQQiwVM1CNqfPS0ZmgnAZz3I0XWiD2OgnMw9O6PJurgX7eK6057Xefs/JdoyKHophvdsaWRdQ9psK2KPGTHQ6pZBFgQWrUEs3MxFrfovyeHlajWcTiUCZRWbho01c3KZiB37e1mh0nQ0pErlKuDSJfNylIHEPq6avIw516PuJTsxmAijzs8bA9o6P3ksLjPoSAQIbn5btPri5H7J3QiCUa~4338997~4602177; Domain=.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 05:30:29 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl22:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e35_bl21_27590-9862

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
053aff7451e55d4269dd9610ab070f3f
b3376256d11d159b0c7280ba1515b78d7d9e12ca
24114ca560fe70d03185bd66985603fd5a03dc310aa9a8ea7a7b3723ed46ce3e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1094
Cache-Control: max-age=114874
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 01:30:30 GMT
Etag: "639057aa-1d7"
Expires: Fri, 09 Dec 2022 09:25:04 GMT
Last-Modified: Wed, 07 Dec 2022 09:06:50 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d33e77bc735a42c4569b77df1d3e53d9
5be5bef9347306b7ad0f696b817fd454a935a2b9
96aa8cb49643f5c99308d3075e7f535826c848ece72891daa0ca5a5c2b9e40c1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4313
Cache-Control: max-age=112739
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 01:30:30 GMT
Etag: "639042c0-1d7"
Expires: Fri, 09 Dec 2022 08:49:29 GMT
Last-Modified: Wed, 07 Dec 2022 07:37:36 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d33e77bc735a42c4569b77df1d3e53d9
5be5bef9347306b7ad0f696b817fd454a935a2b9
96aa8cb49643f5c99308d3075e7f535826c848ece72891daa0ca5a5c2b9e40c1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4072
Cache-Control: max-age=112498
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 01:30:30 GMT
Etag: "639042c0-1d7"
Expires: Fri, 09 Dec 2022 08:45:28 GMT
Last-Modified: Wed, 07 Dec 2022 07:37:36 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js

23.36.79.26

200 OK

901 B

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
IP
23.36.79.26:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (1952), with no line terminators
Size
901 B (901 bytes)
Hash
5dcc7c101ced74367609685d577093f6
f0d8214335e3c33b634048b992afd536f5bd3e43
10aab16ccfb5374425dc6ee64453a7fe6d7b6dfa47ab65779f42c7db740da1ef

HTTP Headers

GET /assets/js/wfui/appdynamics/appdEUMConfig.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 20 Jan 2022 02:38:25 GMT
Vary: Accept-Encoding
ETag: W/"61e8cb21-7a0"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 901
Date: Thu, 08 Dec 2022 01:30:30 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=wyCcxpOpG7OlEA%2fPfhdvXA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js

23.36.79.26

200 OK

11 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
IP
23.36.79.26:0
ASN
#20940 Akamai International B.V.

File type
Unicode text, UTF-8 text, with very long lines (31790)
Size
11 kB (11076 bytes)
Hash
6d79a0dbc6ea2602aa38bbf53e43124e
8b53e45df3e4aea81cbfaa90081f6795bcfe39fc
d2aa003ecdd6c31e12964104bd23498a60e94fa2d163c6d1ff285db59f61bb6a

HTTP Headers

GET /assets/js/wfui/container/wfui-container-bottom.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Sat, 12 Feb 2022 17:58:28 GMT
Vary: Accept-Encoding
ETag: W/"6207f544-7c61"
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 11076
Date: Thu, 08 Dec 2022 01:30:30 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=LPCupfv8BKT%2f6hIxQ1CoEA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_check_mark_gradient_64x64.png

104.110.27.78

200 OK

1.3 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_check_mark_gradient_64x64.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.3 kB (1344 bytes)
Hash
20cf7cbf9f523ea23270f0140672e57d
61c40fed4a85b0ff069f6361f87ee77ff4207c2d
9d7f1fe0833268a6a9468b9fc19436ffe00b8596c67131b09361467deaed1b76

HTTP Headers

GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_check_mark_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61a93697-12d2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 1344
content-type: image/webp
cache-control: private, no-transform, max-age=1091556
expires: Tue, 20 Dec 2022 16:43:06 GMT
date: Thu, 08 Dec 2022 01:30:30 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png

104.110.27.78

200 OK

1.7 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.7 kB (1710 bytes)
Hash
c5f6eb132665afa77e8ac7a1a707e951
70d65ab0dcfaace4c1d8bbb772af4fd7c6f66c80
0d7727e08780a04f9c86fca16ed264664eea2b161744cfb70836880bf04fc1ac

HTTP Headers

GET /assets/images/rwd/wf_logo_220x23.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61bcfcce-10c2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 853
x-check-cacheable: YES
content-length: 1710
content-type: image/webp
cache-control: private, no-transform, max-age=1319044
expires: Fri, 23 Dec 2022 07:54:34 GMT
date: Thu, 08 Dec 2022 01:30:30 GMT
X-Firefox-Spdy: h2

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js

163.171.131.129

200 OK

18 kB

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
Unicode text, UTF-8 text, with very long lines (31354), with NEL line terminators
Size
18 kB (17883 bytes)
Hash
59e9efb0258fa77e22ba60cebadda375
14d20bc503649a3b3275eb229e8a965069d74253
7e28a89f68d98388e4f1b5d76b6770fbc175df1c3545d54ba6c67b1abda5b97b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /ui/javascript/homepage-ui/homepage_iaoffer.js HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:2$_ss:0$_st:1670464726608$ses_id:1670462925538%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067726%7C6%7CMCAAMB-1671067726%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-144558651%7CMCOPTOUT-1670470126s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; ADRUM_BTa=R:0|g:db7a3bb6-16da-43ba-b5b8-22f6921ada7b|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:66; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:30 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 17883
Connection: keep-alive
Expires: Thu, 08 Dec 2022 00:38:06 GMT
Last-Modified: Wed, 19 Oct 2022 17:27:48 GMT
ETag: W/"63503394-d905"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Age: 1
X-Via: 1.1 VM-CDG-01uY9168:5 (Cdn Cache Server V2.0), 1.1 bl22:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e36_bl21_27669-47804

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css

163.171.131.129

200 OK

24 kB

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
ASCII text, with very long lines (65536), with no line terminators
Size
24 kB (23639 bytes)
Hash
ab14fc94e9e3eda1147b33096ce78036
d2dc912ef40215c52466a63f55b3fcb274b1a3b9
fbdda4705c51998c24e57f486500422fdf801052b612b7d43272a0895e245207

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /ui/css/homepage-ui/ps-homepage.css HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:2$_ss:0$_st:1670464726608$ses_id:1670462925538%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067726%7C6%7CMCAAMB-1671067726%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-144558651%7CMCOPTOUT-1670470126s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; ADRUM_BTa=R:0|g:db7a3bb6-16da-43ba-b5b8-22f6921ada7b|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:66; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:30 GMT
Content-Type: text/css
Content-Length: 23639
Connection: keep-alive
Expires: Thu, 08 Dec 2022 02:00:30 GMT
Last-Modified: Wed, 19 Oct 2022 17:27:48 GMT
ETag: "63503394-29ee7"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:5 (Cdn Cache Server V2.0), 1.1 bl21:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e36_bl21_27527-6435

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png

104.110.27.78

200 OK

1.0 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.0 kB (1004 bytes)
Hash
2700367e62982f99dbdb7efa2e11328c
7db153f43a4bc9d95eb94e0d07404440b92ec129
8e16030cdf2d91809d0540f79aa3a3be4b83e4a9bf13bd91def3962f1484406f

HTTP Headers

GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61a93697-f60"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 131
x-check-cacheable: YES
content-length: 1004
content-type: image/webp
cache-control: private, no-transform, max-age=1401945
expires: Sat, 24 Dec 2022 06:56:15 GMT
date: Thu, 08 Dec 2022 01:30:30 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png

104.110.27.78

200 OK

562 B

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
562 B (562 bytes)
Hash
dffe59af45e3b6e5d78ffcb4a1a5386a
f273b4eded463939c9a9ec7944a892d2a3921ed2
9bd4d77dfdadd6574d42e469c1968fffce0422134f4487f1d785367752743f96

HTTP Headers

GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61a93697-769"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 562
content-type: image/webp
cache-control: private, no-transform, max-age=1504415
expires: Sun, 25 Dec 2022 11:24:05 GMT
date: Thu, 08 Dec 2022 01:30:30 GMT
X-Firefox-Spdy: h2

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js

163.171.131.129

200 OK

57 kB

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
Unicode text, UTF-8 text, with very long lines (65500), with no line terminators
Size
57 kB (57297 bytes)
Hash
bf3200896bd105e86dc947dfa3c7fbf3
f39afea6027114a0d0378fd02736b71ff2f86df8
39472107f9bee2c7bd46249baa5b90c51bef93f866685c418f2a9b7175d5ed64

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /ui/javascript/homepage-ui/ps-homepage.js HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:2$_ss:0$_st:1670464726608$ses_id:1670462925538%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067726%7C6%7CMCAAMB-1671067726%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-144558651%7CMCOPTOUT-1670470126s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; ADRUM_BTa=R:0|g:db7a3bb6-16da-43ba-b5b8-22f6921ada7b|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:66; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:30 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 57297
Connection: keep-alive
Expires: Thu, 08 Dec 2022 02:00:30 GMT
Last-Modified: Wed, 19 Oct 2022 17:27:48 GMT
ETag: W/"63503394-2b951"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01cV0174:5 (Cdn Cache Server V2.0), 1.1 bl21:7 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e36_bl21_27669-47805

www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png

104.110.27.78

200 OK

2.5 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.5 kB (2496 bytes)
Hash
e3dfb8e67322de6a7be8c293043e69e1
9c2339e0b48afdfdcd908f78777be88c133d2aef
ea103ea932d2ebdd8e57887e4beabb394c21b6f260f49adfa8be4772cb61faec

HTTP Headers

GET /assets/images/rwd/first_time_experience-account_summary.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "618287e9-14da"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 2496
content-type: image/webp
cache-control: private, no-transform, max-age=1557102
expires: Mon, 26 Dec 2022 02:02:12 GMT
date: Thu, 08 Dec 2022 01:30:30 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_g_1199830824_1600x700.jpg

104.110.27.78

200 OK

52 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_g_1199830824_1600x700.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x502, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
52 kB (51474 bytes)
Hash
67a063a06589a4e40465cffe34adf460
83bd779eab37f708db097c28d9eb4295c3ebdc13
e037cf255bed27ebd83c682b368532fc925848a9ff0e42d97132ac995e43bbdf

HTTP Headers

GET /assets/images/contextual/responsive/lpromo/wfi_ph_g_1199830824_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61a7e46d-172e2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 51474
content-type: image/webp
cache-control: private, no-transform, max-age=1401828
expires: Sat, 24 Dec 2022 06:54:18 GMT
date: Thu, 08 Dec 2022 01:30:30 GMT
X-Firefox-Spdy: h2

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/ngflDmct_8__GE5CZEW8/r9V9D8VJ7V/M3MLaQE/XhU/UMB0ABkEB

163.171.131.129

200 OK

76 kB

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/ngflDmct_8__GE5CZEW8/r9V9D8VJ7V/M3MLaQE/XhU/UMB0ABkEB
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
ASCII text, with very long lines (65536), with no line terminators
Size
76 kB (76003 bytes)
Hash
5cf20c2d914939f0d2e7e12fa91f777d
29e375db191026973ca979d46bcaff2b165cef2f
f58e093bc623c37323179d5e6a862898b300479a5a6f56b826ab7b19c123333f

HTTP Headers

GET /ngflDmct_8__GE5CZEW8/r9V9D8VJ7V/M3MLaQE/XhU/UMB0ABkEB HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:2$_ss:0$_st:1670464726608$ses_id:1670462925538%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067726%7C6%7CMCAAMB-1671067726%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-144558651%7CMCOPTOUT-1670470126s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; ADRUM_BTa=R:0|g:db7a3bb6-16da-43ba-b5b8-22f6921ada7b|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:66; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:30 GMT
Content-Type: application/javascript
Content-Length: 76003
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 15:58:55 GMT
ETag: "93eab3a0bb65580813c7bd658963fe649b396249081ec8ae963c7388b973964b"
Content-Encoding: gzip
Cache-Control: max-age=21600
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=pVXf9Fgz1f8xbKO9H2pniQ%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=E7AB80E2EE2DF00E7C8D8B8DF4A905A8~-1~YAAQHWgRYMIYKoqEAQAA7wNb7wm2pA5MpSaZvZfd4OeMQdRM6vllGm+B8adoWsZhdWfUDEgnQP7pRVVn2ODHC98LVZZaIoJY/V9cRaz9XQBnDHivyk6cnrmb7GWDPenPMT96CIiWFj/ovAFuQz/Lyzg7qp4eA7q8OxxpLQwrWKUx7TwGCNwDKsED5BVFvN8CpzUooupO3H2cipfi30XFEsF+Yh1rHG7plU3Pd9Y4OAeJYysl+k+yzxk9h+awzJLu1rViv3e1qzAsMV8qTx+Z0jzFDk0zJaOmVdUegPzq5R933wLkimLpsCf+YUTzlpnz7oIHDpCtfPcvEByhTKPSCGvk1CYC1wqtvZqO3GvAOcExH8o1Kd2evEhVhJ+RlUlNew==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 08 Dec 2023 01:30:30 GMT; Max-Age=31536000; Secure
bm_sz=464008541F5E2850710B17E65459B55E~YAAQHWgRYMMYKoqEAQAA7wNb7xLU+KT/pJ1DgWyXoN4uNFgdDYzZcdaELxjBxFn7OVRnVMEKEwFZAMb9wtZ8yeKkle1v0IvAIecfBoK56FebjwsO2fK0qmQ8lpH7mUlePU3zz9pSuvERLMHZZahiKHmOhQjLKzX4GCFYkRZPwRrPFuBfF0Kcwfgnug2ZuibHrhChrTZDC+BFIbzlj4D9mfG+ZmZoGhfcDe2ywt9gZJDzfQ0A/KSeZMdlQM+FUi+g6Ld4PWV9ETYIKSeiPVJMv8qreAVvfI/KIjzIx1Cn5aPM201zLcv2~4272953~4470578; Domain=.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 05:30:30 GMT; Max-Age=14400
X-Via: 1.1 bl21:2 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e36_bl21_26288-12062

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single

163.171.131.129

200 OK

4.3 kB

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
ASCII text, with very long lines (9269)
Size
4.3 kB (4287 bytes)
Hash
050f773c302af63da1a459cc2e17bea7
69980cda7ee7ae21a2e917ce7f67ea1d884f8a36
7e6a566ca4f08f610ff479f87c0393dd6317ec0ca821a9cc155633ef13cb1021

HTTP Headers

GET /auth/login/static/js/general_alt.js?single HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:2$_ss:0$_st:1670464726608$ses_id:1670462925538%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067726%7C6%7CMCAAMB-1671067726%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-144558651%7CMCOPTOUT-1670470126s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; ADRUM_BTa=R:0|g:db7a3bb6-16da-43ba-b5b8-22f6921ada7b|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:66; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:30 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 4287
Connection: keep-alive
Content-Encoding: gzip
Expires: Thu, 08 Dec 2022 01:30:30 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A-UDW--EAQAAFc6gugRjn-g-RpC07G0Ph0HDszawKfDJSm0hWQfD7u2-DLVdAaOrg1-cuDv8wH8AAEB3AAAAAA|1|0|bd5406c7ec79b45ad4b6d9b0768664816c9bffd5; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=Swrk0+9BJ9Y0lET+zVRMFTAmPsPD6qa2V5I0VHQrpflE+Wq53Ou8rSaXI6R13Pfk; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e36_bl21_27590-9892

www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png

104.110.27.78

200 OK

49 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 1187 x 406, 8-bit colormap, non-interlaced\012- data
Size
49 kB (48569 bytes)
Hash
4576998e5446061faba47c4c609823e0
3beff60a8beab6ef65403e7bc02f996509c737a2
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39

HTTP Headers

GET /assets/images/sprite/responsive-sprite-v7.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 48569
last-modified: Thu, 21 Jul 2022 20:04:58 GMT
etag: "62d9b16a-bdb9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=7699758
expires: Tue, 07 Mar 2023 04:19:48 GMT
date: Thu, 08 Dec 2022 01:30:30 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2

104.110.27.78

200 OK

22 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Size
22 kB (22424 bytes)
Hash
0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc

HTTP Headers

GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=1840608
expires: Thu, 29 Dec 2022 08:47:18 GMT
date: Thu, 08 Dec 2022 01:30:30 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2

104.110.27.78

200 OK

23 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Size
23 kB (22600 bytes)
Hash
83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba

HTTP Headers

GET /assets/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5848"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=1750467
expires: Wed, 28 Dec 2022 07:44:57 GMT
date: Thu, 08 Dec 2022 01:30:30 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2

104.110.27.78

200 OK

22 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Size
22 kB (22172 bytes)
Hash
f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704

HTTP Headers

GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=1817402
expires: Thu, 29 Dec 2022 02:20:32 GMT
date: Thu, 08 Dec 2022 01:30:30 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2

104.110.27.78

200 OK

22 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107\012- data
Size
22 kB (21636 bytes)
Hash
1a2740c8df445989e4ee5f5396b6474c
a3f8545619fdd5b2a481952cd9e2c7b169bb43a6
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc

HTTP Headers

GET /assets/fonts/wellsfargosans-lt.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 21636
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5484"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=1750187
expires: Wed, 28 Dec 2022 07:40:17 GMT
date: Thu, 08 Dec 2022 01:30:30 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

push.services.mozilla.com/

54.186.209.73

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.186.209.73:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 6Gw/HF2/G+vfABwHuTQ8dA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ZnJaCdKtXdtMUzg80Ids/d42mPI=

static.wellsfargo.com/tracking/hp/utag.js

23.36.79.26

200 OK

55 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/hp/utag.js
IP
23.36.79.26:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (15536), with CRLF line terminators
Size
55 kB (54746 bytes)
Hash
a2ab4b46ad30f60866211f2fe5de68a3
125c39f1a776161eb319a742ae7ce621f4c38933
11f666b297e903717f7f8fb577dca1beb1db6bff324a2a99b4dc0c639f883452

HTTP Headers

GET /tracking/hp/utag.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:06:35 GMT
Vary: Accept-Encoding
ETag: W/"632cc04b-32229"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 54746
Date: Thu, 08 Dec 2022 01:30:30 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=X3RD%2fhMhaWLwHcsGeOQ6IQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/ngflDmct_8__GE5CZEW8/r9V9D8VJ7V/M3MLaQE/XhU/UMB0ABkEB

163.171.131.129

201 Created

18 B

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/ngflDmct_8__GE5CZEW8/r9V9D8VJ7V/M3MLaQE/XhU/UMB0ABkEB
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

HTTP Headers

POST /ngflDmct_8__GE5CZEW8/r9V9D8VJ7V/M3MLaQE/XhU/UMB0ABkEB HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1977
Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:2$_ss:0$_st:1670464726608$ses_id:1670462925538%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067726%7C6%7CMCAAMB-1671067726%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-144558651%7CMCOPTOUT-1670470126s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; ADRUM_BTa=R:0|g:db7a3bb6-16da-43ba-b5b8-22f6921ada7b|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:66; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 201 Created
Date: Thu, 08 Dec 2022 01:30:30 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=MwVVowDel6UDyyCul33CBg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=MwVVowDel6UDyyCul33CBg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=72D7FD230E7968868184BF652A0D4A60~-1~YAAQHWgRYMUYKoqEAQAAJwVb7wlqE4s3Wg2TvOcM262N9hsJFrxvrg+plO1jHvVjuxiHPdbYQn4zyws7ukrLsJYd7y09eAejQHHJub1+FIG3PAPqimtx+57960jOyY1QHUzsEMeabaRneLmCcVK/E1z0s5Q0radrD7QJBfXqKayb3U3Km2HCp2nsms9muSmqRxc1AQKRrkQO0U9X+8wyJqUo1AjbSfDvE3IpHAxMCSGazssXVF75QgvzSBOceJpsx/rPp4OnYW/bimTwahjb/ZiDSJk1rqVybZE5tV5ZODOxm8IqM9WKi2D9xARVLl+4Lca0k0gkteVKC/6yYFM6QOwV6J7tTThh9Wq4SAgEOMUcfg45dfbjWPT5WpDdZhCpWg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 08 Dec 2023 01:30:30 GMT; Max-Age=31536000; Secure
bm_sz=FDDCB1A1950B1595C8C29418ACA4BB3B~YAAQHWgRYMYYKoqEAQAAJwVb7xLFv/ML/Kk4MpdmuULXvfQVYMjWCmJnMu3JEjtPQduFK375o58W9lHmEscl6x7MHEVuFe/iUxxRbnwTF1/MN8EM8EDcNlpjxhKuS+UV/l/2PV1Aw69yAAevdFdIgO2E+8foReYSy2L+ftA62FV8ifnO1QJOFiiDr4THIbyMAgWDHyu6ohgJCtS5GRYy6LmWuprSAUF807Sgp6wS2biA3ZNObPpUpl0JFjBG2gD0orBOUaoyCeUiUTTXLw2le5KOqAWIyR6FImGm/b7TF8wgMbv9cEW0~4272953~4470578; Domain=.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 05:30:30 GMT; Max-Age=14400
X-Via: 1.1 bl21:2 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e36_bl21_27669-47825

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/target/offers/conversations

163.171.131.129

200 OK

2.0 kB

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/target/offers/conversations
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (9863), with no line terminators
Size
2.0 kB (2005 bytes)
Hash
2f93fb30786c613b786647dd726b233a
b91b6894e792acc1e5ccae6fc15a6e01049f73dd
47be8588b40adb2f48050e1ab16c0196e6760664d3f2dd4afce123647810fd05

HTTP Headers

POST /target/offers/conversations HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 105
Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:2$_ss:0$_st:1670464726608$ses_id:1670462925538%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067726%7C6%7CMCAAMB-1671067726%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-144558651%7CMCOPTOUT-1670470126s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; ADRUM_BTa=R:0|g:db7a3bb6-16da-43ba-b5b8-22f6921ada7b|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:66; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:30 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 2005
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-c678acdf-3928-4670-a3f9-c5c48619cdc2' 'self' https://*.wellsfargo.com https://*.wfinterface.com;report-uri https://ort.wellsfargo.com/reporting/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:db7a3bb6-16da-43ba-b5b8-22f6921ada7b|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:66; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:cf13dd3d-ed1d-4855-99fd-3ee3466dd5dd; Expires=Thu, 08-Dec-2022 01:31:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:cf13dd3d-ed1d-4855-99fd-3ee3466dd5dd|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 08-Dec-2022 01:31:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Thu, 08-Dec-2022 01:31:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893; Expires=Thu, 08-Dec-2022 01:31:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:193; Expires=Thu, 08-Dec-2022 01:31:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=11202212071730301398004802; domain=.wellsfargo.com; path=/; expires=5 Dec 2032 01:30:30 GMT; secure=true; SameSite=Lax; HttpOnly
wcmcookiehp=38728CE7E3B64170483108C7664C0DBD; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
DCID=rAjdttIb%2fvY8xOo7zNhHnQSvJJHlsQbZ67OCobcWtwycOFM03iGAGABDFKonq4v0; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:30 GMT;Httponly; Secure
_abck=95D1867D44B54E86A656420F0B3F5DEF~-1~YAAQHWgRYMkYKoqEAQAAvwVb7wld8OF4REZ91BojKSMBPXlWBzvs0gLGvHOuynETSH+TKwEfEFds9GVp5/FzbRMYhEFgAFKYTstpuuyd1NkoGyVnDh8NhWYeYXNv5jydIHcKYSecd4zvgO96K/yxdHjKjFvxWG1d12toj2MzchLCWG1FfqyoiwXI9beSljcqYnE3+OtrlWfAPDvslkkq99Dei/uV3PpR/pEsQfI2E099JjGm5LvbFIG1RAHPvRSLvl+4xi7CGjQoXdg+DmTMzk/Z5DI6gJf+iuI/8DaXuv4+AY0h1w57FlSSTXK1PLnrA8FX8awJgjncvGAA6EPY5vrW4EdDkhs0Fq3Y2TsX/4n491TcTZx/ChCBqMj6IfascA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 08 Dec 2023 01:30:30 GMT; Max-Age=31536000; Secure
bm_sz=50D3B16C1434AF76B7A4D89E65A0C0C0~YAAQHWgRYMoYKoqEAQAAvwVb7xJRoZbEkapzyyoUfy8iltkIAgAb7HIPgLcGtqn+sMCi+Mg/SMSs/nhaF0mKoNPBZ4V8CTfp5f4yhH3Tq+bYNDHyTYTqy+digndzwPQlWV55qFN/weGGV7l67ETbF/JFNHmrZh9tYQlobuWz4AfLoy26rRW+KAP+gpm3y3UqNHTrs9oz7Ssy0ZK5/pKXQlzFFFZGByMo+1NNrTczs2WjFvwpbKeEBTwxFbcLn+/hppa6SPWs9vtRtcsK5zXfSbPsFITZcKNuaYE+z24mEY87Pfttzr5I~4272953~4470578; Domain=.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 05:30:30 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl22:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e36_bl21_27527-6446

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AMCNWu-EAQAAtb18JPLevGML_CvtfjmQSNryDXJQwXUSRGR5glowJ7hDS6-b&X-G2Q3kxs3--z=q

163.171.131.129

200 OK

149 kB

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AMCNWu-EAQAAtb18JPLevGML_CvtfjmQSNryDXJQwXUSRGR5glowJ7hDS6-b&X-G2Q3kxs3--z=q
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
ASCII text, with very long lines (65536), with no line terminators
Size
149 kB (149304 bytes)
Hash
af371bb986cd654353c765d5e4c93c54
32ce8c9c62cafcab4d3c4bc4eba0c578401e13d3
4040d4113a6354a23fe46e1d7c0ee9a14285ea5612cafe1ee54c47d85964f379

HTTP Headers

GET /auth/login/static/js/general_alt.js?async&seed=AMCNWu-EAQAAtb18JPLevGML_CvtfjmQSNryDXJQwXUSRGR5glowJ7hDS6-b&X-G2Q3kxs3--z=q HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:2$_ss:0$_st:1670464726608$ses_id:1670462925538%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067726%7C6%7CMCAAMB-1671067726%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-144558651%7CMCOPTOUT-1670470126s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; ADRUM_BTa=R:0|g:db7a3bb6-16da-43ba-b5b8-22f6921ada7b|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:66; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:30 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Thu, 08 Dec 2022 01:30:30 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A7IEW--EAQAAkhvzq97sq9kNHBxtuYE3vCBMLinMEnEBq0mhJT39ZXdkpZZrAaOrg1-cuDv8wH8AAEB3AAAAAA|1|0|20c03c483c46ab9b47798ad476b308db04e8529c; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=t2LPLXr4tHo%2frDXaZ1gbhMYTt7oq3FpyW15PZAuqJ5QUFQWaxcpvfl8g1eM+XzXW; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e36_bl21_26288-12071

www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png

104.110.27.78

200 OK

1.6 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 192x192, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
1.6 kB (1636 bytes)
Hash
b9d2c719de3d6701349f1134e129defe
703a51a2f72672f6b34a3dcf8d07c351143f9151
95ae72a8f3b1f5794802b2704b74bef2f29fe1b8da1f06c97a8e7ab2acb5e435

HTTP Headers

GET /assets/images/icons/icon-hires_192x192.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6116f9a6-dcf"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 1636
content-type: image/webp
cache-control: private, no-transform, max-age=1399456
expires: Sat, 24 Dec 2022 06:14:46 GMT
date: Thu, 08 Dec 2022 01:30:30 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico

104.110.27.78

200 OK

9.2 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
9.2 kB (9198 bytes)
Hash
cd112f1acb59ef6e59e09c0effd8ce2a
bc104cd92adc32a8f695300d2b0cc69c2776f6af
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c

HTTP Headers

GET /assets/images/icons/ico/favicon.ico HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/x-icon
content-length: 9198
last-modified: Fri, 17 Dec 2021 21:10:38 GMT
etag: "61bcfcce-23ee"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=44598
expires: Thu, 08 Dec 2022 13:53:48 GMT
date: Thu, 08 Dec 2022 01:30:30 GMT
X-Firefox-Spdy: h2

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/ngflDmct_8__GE5CZEW8/r9V9D8VJ7V/M3MLaQE/XhU/UMB0ABkEB

163.171.131.129

201 Created

18 B

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/ngflDmct_8__GE5CZEW8/r9V9D8VJ7V/M3MLaQE/XhU/UMB0ABkEB
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

HTTP Headers

POST /ngflDmct_8__GE5CZEW8/r9V9D8VJ7V/M3MLaQE/XhU/UMB0ABkEB HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2839
Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:3$_ss:0$_st:1670464830094$ses_id:1670462925538%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067726%7C6%7CMCAAMB-1671067726%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-144558651%7CMCOPTOUT-1670470126s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; SameSite=None; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=; ADRUM_BTa=R:27|g:cf13dd3d-ed1d-4855-99fd-3ee3466dd5dd|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:193
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 201 Created
Date: Thu, 08 Dec 2022 01:30:31 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=rrPKnHS+7TMRFh8NIzZLOg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=rrPKnHS+7TMRFh8NIzZLOg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=B669E4C2460F8CDB743DB5CCC3C7F7EF~-1~YAAQHWgRYNEYKoqEAQAAbwdb7wngshTmXSHr6vcs/zYVgbxzAtnvHfdD69V/q1cCbctYjfzTqF2ftirVOLcaUWFosWsf/hFB4iHpu6DZv/Nmlq+/Q5wcnMIBgnWydYVYSt8L56TdWldxa0mo3Ub6Zf+vPiAw2z1h+0D0PLzscNqWErIucSm7sWdEdxJwqYy9W3bNMFl6ksl9n8nlqjrnmSM2hhcDxr55ogGDBiPkwbYm2cA+CrYjo18MFyOpXve2HOciaY9XkH6yqh1Vertz9AfQPuhhtZ8RhPAgerjeWZU2BNmFrgj4V6rUpXZTtOXIWDnSBXCVyco4YuuuSgU4MBIsmmS6uoTubtD6ANZ2RFdtTgFlsRtsBDzTbHsQKIvVyQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 08 Dec 2023 01:30:31 GMT; Max-Age=31536000; Secure
bm_sz=611143A6E1118DE632A36C2C666E435C~YAAQHWgRYNIYKoqEAQAAbwdb7xJmYUlzmj4bm6bHVCAYig4XR+Thenft/kLlGabTT80GguE/I/reU2zI9pGYHHtsReFl6MgC197cdAImJUTi7lwCiXX1+5dU2PkkXDyjozyvkRh6MJfwFNPsGnGmKsKDP6Grj8ePQSEqLc0PrLCoJbOrwnh62avrdKK/1oQR8hoVTBpF5bkcLWz1ImTvv+r2EzaxEpcxPHs54EeKEym/aom8FQcr+s+e08KYniA1oMNv6T2mmeKY3h4Bp8vPI0lBWF9WdZjGaipnwwc1mg9qWo2BxWUS~3683654~3359537; Domain=.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 05:30:31 GMT; Max-Age=14400
X-Via: 1.1 bl21:2 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e37_bl21_26288-12112

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6376
Expires: Thu, 08 Dec 2022 03:16:47 GMT
Date: Thu, 08 Dec 2022 01:30:31 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6376
Expires: Thu, 08 Dec 2022 03:16:47 GMT
Date: Thu, 08 Dec 2022 01:30:31 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6376
Expires: Thu, 08 Dec 2022 03:16:47 GMT
Date: Thu, 08 Dec 2022 01:30:31 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6376
Expires: Thu, 08 Dec 2022 03:16:47 GMT
Date: Thu, 08 Dec 2022 01:30:31 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5245 bytes)
Hash
43fdc85bfd574fa803f0bcdc216ef622
27f558d5cdc150a50f080c054423500666b63d74
fafd2a81cddacdb4e5fd7c9963a784e6e56d06ac98f0bd4124fd74fa3ba015e0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5245
x-amzn-requestid: 9770ebcd-fb1e-4b81-bb87-1e98ef024741
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy-E8HugoAMFsKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911085-54eb7a48323113d52329abf5;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 22:15:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: d2DHUS5fGT4uoPPdjDXmHUOQVF93ULtO4zSHRmrx7KMu3lO0y0K9ag==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:24:13 GMT
age: 11178
etag: "27f558d5cdc150a50f080c054423500666b63d74"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6557 bytes)
Hash
210b27f5f6310d8fad640acce3d9ae0e
08d241e56622cb900754d95bc5d58ed8826d9f32
64410e13759cdfa24976dcba0c64aca27edc3ee56358f344e55f60793422e3ea

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: 0232ddcd-8274-431e-a55e-8298fbfd6dfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cmcuMG6bIAMFUng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c0e5a-3cc17121425f87321ce7ae7e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 03:04:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: va_vly0iX6rzm_aTWrryPRjoTWlI-_0m6rpS6VrTx-nsd71dk1cSZw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 06:11:41 GMT
age: 69530
etag: "08d241e56622cb900754d95bc5d58ed8826d9f32"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb40390-82ef-453b-afca-e37aa7674ed3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.1 kB (9058 bytes)
Hash
f0c8a8dbe6c3ae6eaa2e464296708f5c
98556b27bc3759d0ceb8200ff5bc7b9567e428a5
bfc64a0e18c0137360f746eca256f464e26d23a04521ea629c46ae50ea6af173

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb40390-82ef-453b-afca-e37aa7674ed3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9058
x-amzn-requestid: 1f7fdd3d-1e65-46f7-8ef2-d164bf81e72b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctlz4FtuIAMFjsg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee9b2-4866b3fd61fdb35d34317038;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:05:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: rKTosJz8cRhO0Bh2MpbFNF5gHtR5wecakD1UZvR2wZUaFRUQC6IW5Q==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 07:18:54 GMT
age: 65497
etag: "98556b27bc3759d0ceb8200ff5bc7b9567e428a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9f5f2e2-f4e8-4ddc-9a23-4327bb79769a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.6 kB (4565 bytes)
Hash
00cdac5a7f801c10e53b8651ceb94c46
d83d7a30038bbf534c531c3786c3458c66d6504a
4d767e2c8aee11a230ecbb4c5c2339a65ca380e87b713f2ad6c1efc02df07238

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9f5f2e2-f4e8-4ddc-9a23-4327bb79769a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4565
x-amzn-requestid: 153e9d72-d9e1-498e-b74b-f4fad27f4efd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy3_pHs4oAMFYYg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639106ca-44aa3006114060145bd0b16d;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:34:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: R18FvbBqHk-TVWaS2scvsqim40JdzbHScbg9ougAYX9zwLx91NoS0A==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:01:22 GMT
age: 12549
etag: "d83d7a30038bbf534c531c3786c3458c66d6504a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8659 bytes)
Hash
b87d6543345f73653ed4a49b37d7c959
c4f26846b8b72293368ff16915d49297cf12bbb9
aee6aa42e4b5b83b81f74801ff8f0039fc6d38036f42ee81875813c856cf5eef

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8659
x-amzn-requestid: 6f420d07-65d5-4bb2-9f1f-e56025de497b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFSYFArIAMF46w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911c0f-0a295e5c48228d5806b4f107;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:04:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: TSh1BNzzIPhWCfYEiqvQJckSPAyhHobe-HK6msEVeEJ1ruX-_rMSSA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:35:32 GMT
age: 6899
etag: "c4f26846b8b72293368ff16915d49297cf12bbb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2dbe127a-1d23-4c1b-b13e-cd024e5fd5de.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8626 bytes)
Hash
d2d14fc1b5d2e6d6f4751a2fe741b990
86cd1428b2fd21ccb9d80c7f6be4d1e6221e97ef
bfe88cb97ccec5af627853d0bbc02f4799c4b8a25a995c8578365cb5a2914d6a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2dbe127a-1d23-4c1b-b13e-cd024e5fd5de.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8626
x-amzn-requestid: c5f3e36b-87f1-4938-819c-7b1a6ec6bfeb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy4BXHJ0oAMFaKQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639106d5-15635f9a10d25d8c1d702bbd;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:34:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zQXtGXxwwTmn7gMQQj5wM69mPzAmYXRyfTbYfgUovTGsS0y048GZDg==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:06:53 GMT
age: 12218
etag: "86cd1428b2fd21ccb9d80c7f6be4d1e6221e97ef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/ngflDmct_8__GE5CZEW8/r9V9D8VJ7V/M3MLaQE/XhU/UMB0ABkEB

163.171.131.129

201 Created

18 B

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/ngflDmct_8__GE5CZEW8/r9V9D8VJ7V/M3MLaQE/XhU/UMB0ABkEB
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

HTTP Headers

POST /ngflDmct_8__GE5CZEW8/r9V9D8VJ7V/M3MLaQE/XhU/UMB0ABkEB HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2775
Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:3$_ss:0$_st:1670464830094$ses_id:1670462925538%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067726%7C6%7CMCAAMB-1671067726%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-144558651%7CMCOPTOUT-1670470126s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; SameSite=None; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=; ADRUM_BTa=R:27|g:cf13dd3d-ed1d-4855-99fd-3ee3466dd5dd|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:193
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 201 Created
Date: Thu, 08 Dec 2022 01:30:31 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=js1q279bRalZQuaiq%2fnjIA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=js1q279bRalZQuaiq%2fnjIA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=5C4EFBD4D2D66D533CDD52145F289BA9~-1~YAAQHWgRYOAYKoqEAQAAiglb7wlAUkkZ3ZD2eyKR4r24bk1/Y6jgJJDVgGnwP1Npowo/ryDTFG+CJkAigH5o8RfbKmOXcLDZZWwTCXTsWuEoPMX5LyuLa4+UzvJ2CN4d/htTnILbkEhAqKBZtO0KhbggG7HHLCPPGAgHpSF9lMXSZdwbjnsh+tyw5OSLBBIeOAGAYoG41f/FHexUvrksGcQPdHTXHq6cGyJ+EKVAAVOhLJYeQWwZ7ZGbMX2AcgoIDxEihDoVchz3OFxmDeqkngBl20a3mNaK6ghJ4yp8hYSkaovT3NUrtBoJB8uObv4YYs04+pe6Z/OlnlWu+jgpWbz/Sje3hZfgl7MmMZREe5ENLy3U4UoS9W8M4ByMOQ21SA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 08 Dec 2023 01:30:31 GMT; Max-Age=31536000; Secure
bm_sz=E6735F618ACE7DC0128B6BBBA0E5817C~YAAQHWgRYOEYKoqEAQAAiglb7xLGxz/TKtdS8nP4YxQ3osuQ3dJAWGQvHL6ZCu3mgDPmwMSp0JE/cammrS8s8hn1us5+N74DGrpZ6aijS3a9GgRv7EsscN9Ys6kvBG7k1KYdhJ77mrc1QNA33fWBeMptEQdnTs7MBQM7JyPQAMD6Uj5fL5KiJgBke9tiOUzIE6xLm/6yKnM+O4UbWjBZTbfM8tP6bFzxa4KpAW56IxMSHbtev1r6Qs3Js7MvG53WQeWI8W0fXM6wxhOba7iDmPTnDW1eK8AXoYYkAT5vOAz2J0bzW7Xz~3683654~3359537; Domain=.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 05:30:31 GMT; Max-Age=14400
X-Via: 1.1 bl21:2 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e37_bl21_26288-12142

www17.wellsfargomedia.com/assets/images/rwd/man_on_phone_working_616x353.jpg

104.110.27.78

200 OK

27 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/man_on_phone_working_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
27 kB (27308 bytes)
Hash
74b4165e39bd1f78bcfea02714305ed8
0ce77880f95e344c533c511614e1d0c110b48c2a
43c8519af2d895bb25d7f0aad6b5cd1f48576c8950111f34d4270ee79599188f

HTTP Headers

GET /assets/images/rwd/man_on_phone_working_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "618017dd-b06e"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 27308
content-type: image/webp
cache-control: private, no-transform, max-age=1392960
expires: Sat, 24 Dec 2022 04:26:31 GMT
date: Thu, 08 Dec 2022 01:30:31 GMT
X-Firefox-Spdy: h2

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js

163.171.131.129

200 OK

306 kB

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
ASCII text, with very long lines (65356)
Size
306 kB (305866 bytes)
Hash
0a73606e47133a2d2a13f7b5e1750e3c
8faaf759f275f0b66491df1c5077939099282044
cadbb05fc74ea8549b09ebed74da9dddf5499847acbcfaf7775b67a48abfc1ed

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company

HTTP Headers

GET /auth/login/static/js/general_alt.js?1js HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:2$_ss:0$_st:1670464726608$ses_id:1670462925538%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067726%7C6%7CMCAAMB-1671067726%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-144558651%7CMCOPTOUT-1670470126s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; ADRUM_BTa=R:0|g:db7a3bb6-16da-43ba-b5b8-22f6921ada7b|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:66; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:31 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Thu, 08 Dec 2022 01:30:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: DCID=KHAfvQqz3wqYkDB%2f2%2fWBJSAAj%2fQVyMF008%2fE8NXRstY%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e36_bl21_27669-47811

www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png

104.110.27.78

200 OK

2.3 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.3 kB (2330 bytes)
Hash
cd43a2d200f1b8eec84495408eb299f0
2eb173b0af9b49b634e0645a96931f5fdf6e3ab3
659ec8c02bafa9c286c39731fb1d2d382a7a8dd2ee8cc4132146558dbe27b6a8

HTTP Headers

GET /assets/images/homepage/position-1-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61619278-9f2c"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 858
x-check-cacheable: YES
content-length: 2330
content-type: image/webp
cache-control: private, no-transform, max-age=1518050
expires: Sun, 25 Dec 2022 15:11:21 GMT
date: Thu, 08 Dec 2022 01:30:31 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png

104.110.27.78

200 OK

2.3 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.3 kB (2340 bytes)
Hash
2f9e97870725142046712437d067b97f
bf8db685193835edea05ac95e5671b24e0f49467
50ce7b0d954443e5fd62e3cd003bc7124bda0b30dd58d6a66485c72be96959c0

HTTP Headers

GET /assets/images/homepage/position-2-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61619278-cf3e"
last-modified: Thu, 14 Jul 2022 02:02:39 GMT
server: Akamai Image Manager
content-length: 2340
content-type: image/webp
cache-control: private, no-transform, max-age=1368980
expires: Fri, 23 Dec 2022 21:46:51 GMT
date: Thu, 08 Dec 2022 01:30:31 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png

104.110.27.78

200 OK

2.1 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.1 kB (2092 bytes)
Hash
bf02d082705f06162b2e73f68602e79e
219dbb45081fa5d8663bad2f96e9066e7f17aa6e
10c22e3b130204065c1a61e7995a9defe21f0408801e8b442035a03f8d16ad64

HTTP Headers

GET /assets/images/homepage/position-3-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61619278-7b35"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
x-serial: 416
x-check-cacheable: YES
content-length: 2092
content-type: image/webp
cache-control: private, no-transform, max-age=1549460
expires: Sun, 25 Dec 2022 23:54:51 GMT
date: Thu, 08 Dec 2022 01:30:31 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png

104.110.27.78

200 OK

852 B

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
852 B (852 bytes)
Hash
83d5bb1eeca48fd91b76ba78a6033079
795d21b0703fe9606406267cbb1740251f17949c
b5b73fb58b90213e3e94e8bb2f2821ae968e4a14c736940a2a80673c5039919b

HTTP Headers

GET /assets/images/rwd/Active-Cash-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6217f519-1d25"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 852
content-type: image/webp
cache-control: private, no-transform, max-age=1288522
expires: Thu, 22 Dec 2022 23:25:54 GMT
date: Thu, 08 Dec 2022 01:30:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg

104.110.27.78

200 OK

1.1 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 79x50, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
1.1 kB (1118 bytes)
Hash
8fc4a7236687f00978c3d3d9c679fa7d
5d7bcfc23ba4a4b58f22f497b214e7b427916b05
c2f04b9277e2158e498ea44ff61a651461ac7bcf0eed712b78fa8e21ae6eabfb

HTTP Headers

GET /assets/images/rwd/wf_autograph_card_79x50.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6286a22a-81c"
last-modified: Thu, 14 Jul 2022 19:31:27 GMT
server: Akamai Image Manager
x-serial: 2010
x-check-cacheable: YES
content-length: 1118
content-type: image/webp
cache-control: private, no-transform, max-age=1618017
expires: Mon, 26 Dec 2022 18:57:29 GMT
date: Thu, 08 Dec 2022 01:30:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png

104.110.27.78

200 OK

712 B

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
712 B (712 bytes)
Hash
856ba11ad61b561850f726f3f9bd8c6b
b50337dec6ee97d505a21bdcaa15f4a0d2bb2571
7867b0f1e4d21ebd684268360f820149578a15141a9128b57a97843c0fcb3b72

HTTP Headers

GET /assets/images/rwd/Reflect-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6217f519-1c20"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 712
content-type: image/webp
cache-control: private, no-transform, max-age=1440654
expires: Sat, 24 Dec 2022 17:41:26 GMT
date: Thu, 08 Dec 2022 01:30:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/h.com_card_79x50.png

104.110.27.78

200 OK

2.3 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/h.com_card_79x50.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.3 kB (2286 bytes)
Hash
54a0dd5862244507f56e176ecde59056
2d8f7d7e00316c6811ce2552e608260481303898
749d47078866f2ebe0c2b692de339996ede393b570c7f73418ac0ed9a6882539

HTTP Headers

GET /assets/images/rwd/h.com_card_79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6217f519-23fc"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 2286
content-type: image/webp
cache-control: private, no-transform, max-age=1222663
expires: Thu, 22 Dec 2022 05:08:15 GMT
date: Thu, 08 Dec 2022 01:30:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png

104.110.27.78

200 OK

1.3 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.3 kB (1348 bytes)
Hash
20395535ccb9d64fc541151586d860d7
791003e66d20380a1925d19a9bb3c4cbaf451073
5220e2267bf1d52810fa37112ed26e7d0d6a6f8cfaaa7d36c032b68562030d05

HTTP Headers

GET /assets/images/rwd/bilt_card_79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6217f519-1be6"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 961
x-check-cacheable: YES
content-length: 1348
content-type: image/webp
cache-control: private, no-transform, max-age=1385187
expires: Sat, 24 Dec 2022 02:16:59 GMT
date: Thu, 08 Dec 2022 01:30:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/couple_consulting_616x353.jpg

104.110.27.78

200 OK

16 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/couple_consulting_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
16 kB (15636 bytes)
Hash
b7db89ceab29fc66b8bf41f01cdcb875
4655ce2c2ad59aa036e7521e8173a8f62d5de1a6
353a26fcba41b08c62531bc66778f21c2e4960b5c5bc579704a1852c14698505

HTTP Headers

GET /assets/images/rwd/couple_consulting_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "618017dd-8830"
last-modified: Thu, 14 Jul 2022 02:03:42 GMT
server: Akamai Image Manager
x-serial: 1144
x-check-cacheable: YES
content-length: 15636
content-type: image/webp
cache-control: private, no-transform, max-age=1557016
expires: Mon, 26 Dec 2022 02:00:48 GMT
date: Thu, 08 Dec 2022 01:30:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/woman_phone_street_616x353.jpg

104.110.27.78

200 OK

38 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/woman_phone_street_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
38 kB (38106 bytes)
Hash
30b25c4c8908dc48046948d992ac1654
500fdd111803c9762158dcbb9cf69f686614f9c9
7636534f520bd4e393d4f0f4779d7bb78f10d4bb340a35be5434198a1ad94985

HTTP Headers

GET /assets/images/rwd/woman_phone_street_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "618017dd-b92e"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 38106
content-type: image/webp
cache-control: private, no-transform, max-age=1557004
expires: Mon, 26 Dec 2022 02:00:36 GMT
date: Thu, 08 Dec 2022 01:30:32 GMT
X-Firefox-Spdy: h2

static.wellsfargo.com/tracking/gb/detector-dom.min.js

23.36.79.26

200 OK

132 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/gb/detector-dom.min.js
IP
23.36.79.26:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65434)
Size
132 kB (131829 bytes)
Hash
73ad7a8f8ccda765b898b038f90d8274
756ac35ad2422d93a0b327dfeff7fe9200695883
60ccc38cf175aba7cbe63bf1ec6319b5c1648d9a52014dfefa6ec718476a17b7

HTTP Headers

GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:03:51 GMT
Vary: Accept-Encoding
ETag: W/"632cbfa7-6b8d3"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 131829
Date: Thu, 08 Dec 2022 01:30:32 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=zdkrFKkN%2feqYCMqlCkFcLw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png

104.110.27.78

200 OK

9.7 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
9.7 kB (9652 bytes)
Hash
8b4c65145c9e79c9856c52e2ce603d3b
438a74f7b0422772484641c478e42249dfe67b02
768a1f0d67ab6d887d220ae8500265022bc019d8076b815c8ca7b009556be135

HTTP Headers

GET /assets/images/rwd/Native_App_Phone_Personal_v8.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6328cc17-9829"
last-modified: Tue, 11 Oct 2022 18:46:18 GMT
server: Akamai Image Manager
content-length: 9652
content-type: image/webp
cache-control: private, no-transform, max-age=2304130
expires: Tue, 03 Jan 2023 17:32:42 GMT
date: Thu, 08 Dec 2022 01:30:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg

104.110.27.78

200 OK

29 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
29 kB (29240 bytes)
Hash
1368994cfb46c8ae169c749459365581
49af26a99885e645354f7b26e123655cdeee159b
a5bcbe6002a1fbae84d43160b1f45c3686d5c35e7fda458e9f4b3fd2dacfe3e5

HTTP Headers

GET /assets/images/rwd/volunteers_cars_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "618017dd-cd21"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 29240
content-type: image/webp
cache-control: private, no-transform, max-age=1397336
expires: Sat, 24 Dec 2022 05:39:28 GMT
date: Thu, 08 Dec 2022 01:30:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/woman_in_office_616x353.jpg

104.110.27.78

200 OK

32 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/woman_in_office_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
32 kB (31450 bytes)
Hash
7b5816c180aaf51a1142bd41e53a6ed3
f8dfd3ec8e0fb88ecef0a4b07acda06d280741ab
d7651b47c8d449b7311d15e9625df3514e7c0278ff059392189e608b5a9113a1

HTTP Headers

GET /assets/images/rwd/woman_in_office_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "618017dd-d06e"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 31450
content-type: image/webp
cache-control: private, no-transform, max-age=1557121
expires: Mon, 26 Dec 2022 02:02:33 GMT
date: Thu, 08 Dec 2022 01:30:32 GMT
X-Firefox-Spdy: h2

static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1

23.36.79.26

200 OK

45 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1
IP
23.36.79.26:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65507), with CRLF line terminators
Size
45 kB (45055 bytes)
Hash
02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4

HTTP Headers

GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Thu, 08 Dec 2022 01:30:32 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=TQ0G41v2ArH+pO4mqtzs0A%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js

23.36.79.24

200 OK

569 B

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
C source, ASCII text
Size
569 B (569 bytes)
Hash
33fbe3a2d69cddef6e4a946096d516c6
5dc02187efd63f59e7747024016774a9ae4046bf
5afe00e1770197f51923e187f09f529db01f0ad8a3f245b2e9b571446e364fe8

HTTP Headers

GET /accounts/static/7M/accounts/short/accounts-cache.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: W/"6387ebc6-497"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 569
Date: Thu, 08 Dec 2022 01:30:32 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=WdF0OwgH3rA4PFMY+%2fupLi1%2fQOPqiK3FF9EWKRmKX5RoNz4QWoSl1%2fC80cfLljzq; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:32 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
abfe375096bfad484cdbeca1076184cd
41a864ca85b8798975b0bab4891129ff76f4fd55
6e89ad7525e4268ae0dc2f35741b2b3594f91e3242e576bedf6566d03fd09628

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 343
Cache-Control: max-age=103328
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 01:30:32 GMT
Etag: "63902d81-1d7"
Expires: Fri, 09 Dec 2022 06:12:40 GMT
Last-Modified: Wed, 07 Dec 2022 06:06:57 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
abfe375096bfad484cdbeca1076184cd
41a864ca85b8798975b0bab4891129ff76f4fd55
6e89ad7525e4268ae0dc2f35741b2b3594f91e3242e576bedf6566d03fd09628

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 343
Cache-Control: max-age=103328
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 01:30:32 GMT
Etag: "63902d81-1d7"
Expires: Fri, 09 Dec 2022 06:12:40 GMT
Last-Modified: Wed, 07 Dec 2022 06:06:57 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js

23.36.79.24

200 OK

150 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
150 kB (150268 bytes)
Hash
b56ba6b9ae75f31004f7088491c457ab
9b9cddd9a2de2dcaf19759c6af83e8f4e92764a1
579392ee22125d04387c1ed476bf7752b2016f9b769f2403ac2cfe9617a12f96

HTTP Headers

GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Allow: GET, POST, OPTIONS
Access-Control-Allow-Methods: POST
X-Frame-Options: SAMEORIGIN
ETag: W/"638eacf5-172f"
Last-Modified: Tue, 06 Dec 2022 02:46:13 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Thu, 08 Dec 2022 01:30:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
WesdAksn=A-4LW--EAQAAkABxtVcxwb0arx69rgRsRHuTsINlWLg9c4aSdLr5zrFlUIEvAVtaKpqcuDv8wH8AAEB3AAAAAA|1|0|9c5a75edbef17c72ba78c2cb2d5840f51d639523; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=dBjGX+AXMHRkXpt+QxzeLsvxrWvqrxCIR61xtbM1owrDyrpDdUPy7o7xfVvsl6NV; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:32 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
abfe375096bfad484cdbeca1076184cd
41a864ca85b8798975b0bab4891129ff76f4fd55
6e89ad7525e4268ae0dc2f35741b2b3594f91e3242e576bedf6566d03fd09628

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 343
Cache-Control: max-age=103328
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 01:30:32 GMT
Etag: "63902d81-1d7"
Expires: Fri, 09 Dec 2022 06:12:40 GMT
Last-Modified: Wed, 07 Dec 2022 06:06:57 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
6fdb9b8e1963d5f13d91db22e9294f97
f808d36103005c224eb6f7e4543d30271d2957b0
7ca8f99e7a6c7664a782af94d7b833d3a6374601a8a3a5cd382726d5d7fa3030

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:32 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 13:42:55 GMT
Expires: Wed, 14 Dec 2022 13:42:54 GMT
Etag: "f808d36103005c224eb6f7e4543d30271d2957b0"
Cache-Control: max-age=561741,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7761bc806fb3b506-OSL

wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1670463031764

34.251.90.149

200 OK

324 B

URL HTTP/1.1
wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1670463031764
IP
34.251.90.149:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (596), with no line terminators
Size
324 B (324 bytes)
Hash
42e9633e2e68c8c9188ba0da09c068bd
f59fe00505ee31b7c8b1619373f4aebc4c32f6d6
eeefb461a4d9ac7c61c85b2dbdbc23eea1433382f720d935db15f7415a60301b

HTTP Headers

POST /event?d_dil_ver=9.5&_ts=1670463031764 HTTP/1.1
Host: wellsfargobankna.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 388
Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0f14bb97f.edge-irl1.demdex.com 5 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=34466049908474681300816556444920714739; Max-Age=15552000; Expires=Tue, 06 Jun 2023 01:30:32 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: UUJI1j4VRXo=
Content-Length: 324
Connection: keep-alive

dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=34480036718994535530817953272492748768&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%01112022120717302992137691%011&ts=1670463031759

34.251.90.149

200 OK

319 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=34480036718994535530817953272492748768&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%01112022120717302992137691%011&ts=1670463031759
IP
34.251.90.149:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Size
319 B (319 bytes)
Hash
19e6fc3523eedf8ebc7a2a142d717fff
32fa845df7b9d849ce1f7c586abe082dfba702c6
45635cb78083023b00f69c504881e6cf2871dc19edc3178a1e6f89f35516f368

HTTP Headers

GET /id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=34480036718994535530817953272492748768&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%01112022120717302992137691%011&ts=1670463031759 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0665c523e.edge-irl1.demdex.com 1 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=43308407186914200100331825301538191536; Max-Age=15552000; Expires=Tue, 06 Jun 2023 01:30:32 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: JreivLB7QqI=
Content-Length: 319
Connection: keep-alive

api.rlcdn.com/api/identity/idl?pid=1317

34.120.133.55

451 Unavailable For Legal Reasons

0 B

URL HTTP/2
api.rlcdn.com/api/identity/idl?pid=1317
IP
34.120.133.55:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /api/identity/idl?pid=1317 HTTP/1.1
Host: api.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 451 Unavailable For Legal Reasons
date: Thu, 08 Dec 2022 01:30:32 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=34480036718994535530817953272492748768&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&ts=1670463031755

34.251.90.149

200 OK

320 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=34480036718994535530817953272492748768&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&ts=1670463031755
IP
34.251.90.149:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Size
320 B (320 bytes)
Hash
5505bc66d05faedd615de82fd7e30d15
aacb78abc93d07db03edd13a5d3f0e96cb13a486
4994843ab563f3f3e61c7e07b6bb872289794a566d92771fda6307f95e20923b

HTTP Headers

GET /id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=34480036718994535530817953272492748768&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&ts=1670463031755 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-085e2ce89.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=25463357008526225102377765625093928150; Max-Age=15552000; Expires=Tue, 06 Jun 2023 01:30:32 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: uVrGpnC7Sp8=
Content-Length: 320
Connection: keep-alive

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031722&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031722&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031722&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:3$_ss:0$_st:1670464830094$ses_id:1670462925538%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067726%7C6%7CMCAAMB-1671067726%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-144558651%7CMCOPTOUT-1670470126s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; SameSite=None; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=; ADRUM_BTa=R:27|g:cf13dd3d-ed1d-4855-99fd-3ee3466dd5dd|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:193
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:32 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 07 Dec 2022 01:30:32 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=TdL6JdoDu0+ZDeYsEJNXRD9%2fasqX6TGrFxPBmhsMZqaWEruA4Bh4o1K9OfdQabm1; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:32 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e38_bl21_27669-47920

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031775&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031775&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031775&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32 HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:3$_ss:0$_st:1670464830094$ses_id:1670462925538%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067726%7C6%7CMCAAMB-1671067726%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-144558651%7CMCOPTOUT-1670470126s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; SameSite=None; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=; ADRUM_BTa=R:27|g:cf13dd3d-ed1d-4855-99fd-3ee3466dd5dd|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:193
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:32 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 07 Dec 2022 01:30:32 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=2e1NpWXZCx5uy0Yy2upu+CT+QUqbwcIKGjihr9Ru8Dhd7w8+xELiFewzCk6c5BVz; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:32 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e38_bl21_26288-12182

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031781&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031781&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031781&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32 HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:3$_ss:0$_st:1670464830094$ses_id:1670462925538%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067726%7C6%7CMCAAMB-1671067726%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-144558651%7CMCOPTOUT-1670470126s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; SameSite=None; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=; ADRUM_BTa=R:27|g:cf13dd3d-ed1d-4855-99fd-3ee3466dd5dd|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:193
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:32 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 07 Dec 2022 01:30:32 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=YViVdczeMymA87x6QvIOVTY+8wKHYUpvD5nHZEU%2fh7lIcYv%2fk3meZ68gv6GpbDAW; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:32 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e38_bl21_27527-6552

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031784&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031784&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031784&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8 HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:3$_ss:0$_st:1670464830094$ses_id:1670462925538%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067726%7C6%7CMCAAMB-1671067726%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-144558651%7CMCOPTOUT-1670470126s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; SameSite=None; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=; ADRUM_BTa=R:27|g:cf13dd3d-ed1d-4855-99fd-3ee3466dd5dd|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:193
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:32 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 07 Dec 2022 01:30:32 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=kY+y%2fTvDTzWFeVuEbZkxTqcA6TBddMoYj1RCCuWPJBveq%2fkxOMKrI0JeZnbYhEhz; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:32 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e38_bl21_27669-47925

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031789&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A242-223859-16%7Etcm%3A91-223657-32

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031789&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A242-223859-16%7Etcm%3A91-223657-32
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031789&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A242-223859-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:3$_ss:0$_st:1670464830094$ses_id:1670462925538%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067726%7C6%7CMCAAMB-1671067726%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-144558651%7CMCOPTOUT-1670470126s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; SameSite=None; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=; ADRUM_BTa=R:27|g:cf13dd3d-ed1d-4855-99fd-3ee3466dd5dd|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:193
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:32 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 07 Dec 2022 01:30:32 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=tD8O1FLCwzZiTIPc2e+gpcVH2fJECALCNUom9PYyhOWdiZjn%2fe718wobwVsO+ob1; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:32 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e38_bl21_27590-9990

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.dfcfda3cf6ac55a7ceb9.chunk.css

23.36.79.24

200 OK

37 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.dfcfda3cf6ac55a7ceb9.chunk.css
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
37 kB (37102 bytes)
Hash
1524d2feddb5b31daa9fe7c4fcb562b1
45717724083119d92a3e2e5e7b65724ae0333b84
ddb56ac96f135f1dc6eede90348813730b1a2744bdd3e5f20443dbc6010820a0

HTTP Headers

GET /accounts/static/7M/accounts/public/stylesheets/wfui.dfcfda3cf6ac55a7ceb9.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 37102
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-90ee"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Thu, 08 Dec 2022 01:30:32 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=BSLamZdNKabtTxVCXhMFFA%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.2f6490b248e0bc46f824.chunk.css

23.36.79.24

200 OK

23 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.2f6490b248e0bc46f824.chunk.css
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
23 kB (23136 bytes)
Hash
1f394d5e622516de8455a0adad3ec3a4
6ea419e3813723cbe7bb8e2b1a55007c27de2cf5
f5e90651778c28c44a8527a67cf1e6ca98e3f444079e453f4005558e66437e2c

HTTP Headers

GET /accounts/static/7M/accounts/public/stylesheets/main.2f6490b248e0bc46f824.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 23136
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-5a60"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Thu, 08 Dec 2022 01:30:32 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=xdXYtmYq1EXOP2jOta2Jnw%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1670463031792&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarqueeOffer

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1670463031792&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarqueeOffer
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1670463031792&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarqueeOffer HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:3$_ss:0$_st:1670464830094$ses_id:1670462925538%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067726%7C6%7CMCAAMB-1671067726%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-144558651%7CMCOPTOUT-1670470126s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; SameSite=None; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=; ADRUM_BTa=R:27|g:cf13dd3d-ed1d-4855-99fd-3ee3466dd5dd|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:193
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:32 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 07 Dec 2022 01:30:32 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=u3CHTDXjWsRARulVzhjDAHIdZ044ymqMBE0TGCTj4OGA2AnjwxBkruAclYBZ4eZP; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:32 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e38_bl21_27353-4964

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.85f8fe51d92e1666882c.js

23.36.79.24

200 OK

3.6 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.85f8fe51d92e1666882c.js
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (7300), with no line terminators
Size
3.6 kB (3646 bytes)
Hash
529a7c0a23255dcba4b28d93223b1baa
d42dccc998c4ef14ccd29ac23dad922646aff36f
efe09028974baf21caabbc06eceea0e8b01d1efd9102f7985743241f6cc8abb2

HTTP Headers

GET /accounts/static/7M/accounts/public/js/runtime.85f8fe51d92e1666882c.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: W/"6387ebc6-1c84"
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Content-Encoding: gzip
Content-Length: 3646
Date: Thu, 08 Dec 2022 01:30:32 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=i1B6UAhPqtK6cFOJ6Cjb%2f%2fyfFqzmXRlkH4XcoKYyEV+yvqUjuDy0Z7rpIck3gy1O; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:32 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031795&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-228778-16%7Etcm%3A91-228643-32

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031795&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-228778-16%7Etcm%3A91-228643-32
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031795&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-228778-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:3$_ss:0$_st:1670464830094$ses_id:1670462925538%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067726%7C6%7CMCAAMB-1671067726%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-144558651%7CMCOPTOUT-1670470126s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; SameSite=None; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=; ADRUM_BTa=R:27|g:cf13dd3d-ed1d-4855-99fd-3ee3466dd5dd|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:193
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:32 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 07 Dec 2022 01:30:32 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=USGT6mjNqUtRQZAmdkURqrwhUBcF4k9hsPxeU%2fKm4hwJrjYBdV5HZrCywlf1nRdk; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:32 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e38_bl21_27669-47935

static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js

23.36.79.26

200 OK

14 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP
23.36.79.26:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (32088), with CRLF line terminators
Size
14 kB (14304 bytes)
Hash
3aebe41731e9656c48b87e8e8b2d1177
43369d1732f4ad8a5e7a1e9a3e133d96945afe02
6cf0cd136cefa8b4cce2da6ead22c33b83af4af3e87d7e4e9589b60f6ce4e395

HTTP Headers

GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 14304
Date: Thu, 08 Dec 2022 01:30:32 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Xexulm2nSUkrXTeLUrwdcg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1670463031799&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=1

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1670463031799&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=1
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1670463031799&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=1 HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:3$_ss:0$_st:1670464830094$ses_id:1670462925538%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067726%7C6%7CMCAAMB-1671067726%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-144558651%7CMCOPTOUT-1670470126s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; SameSite=None; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=; ADRUM_BTa=R:27|g:cf13dd3d-ed1d-4855-99fd-3ee3466dd5dd|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:193
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:32 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 07 Dec 2022 01:30:32 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=jVGwDSotxHjag%2fVSW28XBcH1AnaBYXVUdZ9Bc9LF5K78PamLRbkMhMg3tPeGua7h; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:32 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e38_bl21_26288-12196

static.wellsfargo.com/tracking/ga/gtag.js?t=UA-107148943-1

23.36.79.26

200 OK

45 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/gtag.js?t=UA-107148943-1
IP
23.36.79.26:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65507), with CRLF line terminators
Size
45 kB (45055 bytes)
Hash
02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4

HTTP Headers

GET /tracking/ga/gtag.js?t=UA-107148943-1 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Thu, 08 Dec 2022 01:30:32 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=bqAvJ4k3OWTxd9PcwtUIOQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1670463031805&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=2

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1670463031805&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=2
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1670463031805&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=2 HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:3$_ss:0$_st:1670464830094$ses_id:1670462925538%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067726%7C6%7CMCAAMB-1671067726%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-144558651%7CMCOPTOUT-1670470126s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; SameSite=None; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=; ADRUM_BTa=R:27|g:cf13dd3d-ed1d-4855-99fd-3ee3466dd5dd|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:193
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:32 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 07 Dec 2022 01:30:32 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=%2f2Hulz+4wSjORzyrokNcvxd85l22bCNaCgLR+DKwBDDvbJPv37pALBjkEW9cUT+Q; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:32 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e38_bl21_27669-47939

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031802&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-228784-16%7Etcm%3A91-228643-32

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031802&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-228784-16%7Etcm%3A91-228643-32
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031802&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-228784-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:3$_ss:0$_st:1670464830094$ses_id:1670462925538%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067726%7C6%7CMCAAMB-1671067726%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-144558651%7CMCOPTOUT-1670470126s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; SameSite=None; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=; ADRUM_BTa=R:27|g:cf13dd3d-ed1d-4855-99fd-3ee3466dd5dd|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:193
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:32 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 07 Dec 2022 01:30:32 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=SVw+dXfWRkz%2fzyiNak3KPJfj60gNO6661hrcDxicn7NOrwYlyAE+UtSdljjprafB; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:32 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e38_bl21_27527-6559

static.wellsfargo.com/tracking/ga/gtag.js?t=DC-2549153

23.36.79.26

200 OK

45 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/gtag.js?t=DC-2549153
IP
23.36.79.26:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65507), with CRLF line terminators
Size
45 kB (45055 bytes)
Hash
02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4

HTTP Headers

GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Thu, 08 Dec 2022 01:30:32 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=GfQ6b6HVpMtIZA%2fYmJsx5g%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
6fdb9b8e1963d5f13d91db22e9294f97
f808d36103005c224eb6f7e4543d30271d2957b0
7ca8f99e7a6c7664a782af94d7b833d3a6374601a8a3a5cd382726d5d7fa3030

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:32 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 13:42:55 GMT
Expires: Wed, 14 Dec 2022 13:42:54 GMT
Etag: "f808d36103005c224eb6f7e4543d30271d2957b0"
Cache-Control: max-age=561741,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7761bc813815b506-OSL

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031811&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-228805-16%7Etcm%3A91-228643-32

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031811&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-228805-16%7Etcm%3A91-228643-32
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031811&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-228805-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:3$_ss:0$_st:1670464830094$ses_id:1670462925538%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067726%7C6%7CMCAAMB-1671067726%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-144558651%7CMCOPTOUT-1670470126s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; SameSite=None; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=; ADRUM_BTa=R:27|g:cf13dd3d-ed1d-4855-99fd-3ee3466dd5dd|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:193
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:32 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 07 Dec 2022 01:30:32 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=ui2cJ%2f0jc5po71w5%2f6Icj7Ec5K29YSXV17+dgl0rP5lUhHrZwgd7cI85Wc53Imoc; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:32 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e38_bl21_27590-9998

connect.secure.wellsfargo.com/auth/static/prefs/atadun.js

23.36.79.24

200 OK

607 B

URL HTTP/1.1
connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with CRLF line terminators
Size
607 B (607 bytes)
Hash
00c66df208db2e1ba86a1bf44853001c
703b030e21167b9bbb52ae54bca96921a886c2dc
ab1989dd07ba1ed256db9131647ea9cb1b3735fac736fd27fb73b4b44c6e45b9

HTTP Headers

GET /auth/static/prefs/atadun.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 02:46:08 GMT
Vary: Accept-Encoding
ETag: W/"638eacf0-4a0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Content-Encoding: gzip
Content-Length: 607
Date: Thu, 08 Dec 2022 01:30:32 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=x2dVZXgC2vQYj6FP8+QXe9Ria7iUe25HSHM0yBHfzBXdrccMPg2dmVNqAC2T+YW3; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:32 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1670463031814&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=3

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1670463031814&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=3
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1670463031814&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=3 HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:3$_ss:0$_st:1670464830094$ses_id:1670462925538%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067726%7C6%7CMCAAMB-1671067726%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-144558651%7CMCOPTOUT-1670470126s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; SameSite=None; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=; ADRUM_BTa=R:27|g:cf13dd3d-ed1d-4855-99fd-3ee3466dd5dd|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:193
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:32 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 07 Dec 2022 01:30:32 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=uLSNcHqkPkUljA7AbT7xVZvPM9FsgD0ojPEbM3k+MDt1vaIJyT4+xDuVJ1NmLED4; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:32 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e38_bl21_27353-4972

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.c4eb3419682ffa818284.chunk.js

23.36.79.24

200 OK

299 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.c4eb3419682ffa818284.chunk.js
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
299 kB (299256 bytes)
Hash
075b5111b9edae7527599ba8fe2027f8
16f74720f0a7cd715ce41508159518e81568c17f
c16be83aac3e6b97452902a3bebdc9b28a66977979b352a709d04b09c20287fd

HTTP Headers

GET /accounts/static/7M/accounts/public/js/main.c4eb3419682ffa818284.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 299256
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-490f8"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Thu, 08 Dec 2022 01:30:32 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=OZtRBFOR4fDL52rjTOEF5nHQMBTKCMHKn5Mpo2vSMtYC0hdbvFG1IfJBEXIenF6r; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:32 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031816&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031816&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&cb=1670463031816&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32 HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:3$_ss:0$_st:1670464830094$ses_id:1670462925538%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067726%7C6%7CMCAAMB-1671067726%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-144558651%7CMCOPTOUT-1670470126s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; SameSite=None; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=; ADRUM_BTa=R:27|g:cf13dd3d-ed1d-4855-99fd-3ee3466dd5dd|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:193
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:32 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 07 Dec 2022 01:30:32 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=dNg3evlFqbtgaDroKcGpOb8hjdywP2%2fgbvJBOvExULz8HlsBPnSMt%2fbvJqsJm0Tn; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:32 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e38_bl21_27669-47949

static.wellsfargo.com/tracking/ga/ga.js

23.36.79.26

200 OK

20 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/ga.js
IP
23.36.79.26:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (49163)
Size
20 kB (19477 bytes)
Hash
d76c07f3794667edfb1c8ac0df3aac66
23e1915175dad06223c692b49c7b3c2aad1a5820
e0a246ff71144016a26e53493b8275a3a02b9386c690a169801840072851136b

HTTP Headers

GET /tracking/ga/ga.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-c025"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 19477
Date: Thu, 08 Dec 2022 01:30:32 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=kHqiCtgVfU8vEA684k1FUw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA

163.171.131.129

200 OK

175 B

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
175 B (175 bytes)
Hash
520a9f07b7cf32685fd72ffbba3c46c6
6c420e16e764a6c5489911da5a52bd02d5acd50a
d03039ab383a2b72fe8f41943c2fb8e4440f6e8ab0084aba77082ca3b5bb88f4

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company

HTTP Headers

POST /dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Content-Type: multipart/form-data; boundary=---------------------------32012151561852940673813912714
Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Content-Length: 169
Connection: keep-alive
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:3$_ss:0$_st:1670464830094$ses_id:1670462925538%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067726%7C6%7CMCAAMB-1671067726%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-144558651%7CMCOPTOUT-1670470126s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; SameSite=None; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=; ADRUM_BTa=R:27|g:cf13dd3d-ed1d-4855-99fd-3ee3466dd5dd|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:193
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:32 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 175
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
x-envoy-decorator-operation: ingress DeviceCategoryPost4
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=H1VGlShsQPfwfhnjjmjy%2fzcbdmsY2hNHNZaQ19Nd1zqEWNjt17c9LbWsnE1GpgZT; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:32 GMT;Httponly; Secure
_abck=32DBA9CC010EEF8FB4F53C1C3154AD86~-1~YAAQHWgRYAAZKoqEAQAAZw5b7wmdf+1OuQrI5cYiQEz4I7WFI0bypmZTQvxxOYcx5mHJsaxddzKpZL8A3WoJtsWrLg/Pai9Q1GQR5Xr3oUuP6sTeo7sHKBNRGA0lzSzErX6e03paoRbxTN7BdrMxZWSJHT4NqGXD1F6m+ji9q6xRMM2IuP3U+cj81Xo6lWYiS5l9GSzqqfuEWoekN4EyXi4dJvBRDh5iRxQTRQMZmFzDQ+OL7pjsAVMUWWjezZ9scTtcyUa5cBvbQtzQzIOUronckZMne/LBf20LXLkdjQQl0k6zJU3SYDe14px476GqJ2OZbZNI6d5mGWMgltUTKQyzwcx3u1RohXUEPtDqaMFVxRO9VnMXoTSQSArs73Gd3Q==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 08 Dec 2023 01:30:32 GMT; Max-Age=31536000; Secure
bm_sz=60760AA0A3FFEA23E36C8F40D9C9CC75~YAAQHWgRYAEZKoqEAQAAZw5b7xKBnDKATgPxPFdfKMjORJU04HvW0v1GfTx6B8mosusF/LEnapK2jsFxaN7LIFcFSLWU9AhaSPFrByfXCoBebud/DxsWl4e0jIp3fB6/Zj0vrZCP5gOR867rz/fK4+8D0fCdYmOX3rZ8zoXrVxTEXeVn4r6mWBOWyeW4RWJPQNWXA6YLcHheJDLSKN79qOaKEywzjp9oKmuep0NLzBW6GAdbDSBRoqbBUlcSr/E632ZE8OLT61wGTWiqL7BZEo79WvmUSIkv2BG3BjiOvjA7pEJlDWQa~4408885~3422007; Domain=.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 05:30:32 GMT; Max-Age=14400
X-Via: 1.1 bl21:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e38_bl21_26288-12207

static.wellsfargo.com/tracking/ga/ga_conversion_async.js

23.36.79.26

200 OK

14 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/ga_conversion_async.js
IP
23.36.79.26:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (35846)
Size
14 kB (13593 bytes)
Hash
42c817a7b5f9583b2bc70f742dc950c9
ff75711716f8605860abe551b0235f7194e4348e
881b430ac699f32b3b5234582494d1f4fc0d22be1e6ac797847d66bc5ebc250f

HTTP Headers

GET /tracking/ga/ga_conversion_async.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-8c31"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 13593
Date: Thu, 08 Dec 2022 01:30:32 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=nl3QUK+SCKfgTK0Gpcwj%2fQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=5d7a0a94-036b-4234-ab57-b84477e5a9b3%3A1&_cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576&pv=2&f_cls_s=true

23.36.79.18

200 OK

76 B

URL HTTP/1.1
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=5d7a0a94-036b-4234-ab57-b84477e5a9b3%3A1&_cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576&pv=2&f_cls_s=true
IP
23.36.79.18:0
ASN
#20940 Akamai International B.V.

File type
JSON data\012- , ASCII text, with no line terminators
Size
76 B (76 bytes)
Hash
3c7de0da45dac4f443802a7395c99728
305a5d622c46c82c68ad752e0028708f0c1d8b8f
becc235a51185f117f447bd43c33976fac7011497f30737d890df7553d0d9164

HTTP Headers

GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=5d7a0a94-036b-4234-ab57-b84477e5a9b3%3A1&_cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 76
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Thu, 08 Dec 2022 01:30:32 GMT
Connection: keep-alive
Set-Cookie: _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; Secure; SameSite=None;HttpOnly;Secure
_cls_s=5d7a0a94-036b-4234-ab57-b84477e5a9b3:1; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!9FyyziyyLvW0LSPjbMKMZ0gdoDa2edHi3nvU6X2uaGRKtPNdGk/bU6OsYM74AOEvmSS3/a271XogCCU=; path=/; Httponly; Secure
DCID=G7xL4txHmODFPsaij0PrceZUVsPleMw3aigLsiir7bE%3d; Domain=rubicon.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:32 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/as/jsLog

163.171.131.129

200 OK

0 B

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/as/jsLog
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

POST /as/jsLog HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 343
Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:4$_ss:0$_st:1670464832197$ses_id:1670462925538%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22Rht9Suog8yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22d3dDNUdiNWtwd0tWeGVnVw%3D%3DmocYQsBjzTFrDZ8enOqhFYSIg28ijRBN0lB22HjtKvJKYDgIjLXKGIJLRlZW2pfPnnYhSp4EjM_UYFPYhq9uH0XVmQWQ6M7zfuU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067832%7C6%7CMCAAMB-1671067832%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C582093503%7CMCOPTOUT-1670470232s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; SameSite=None; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=; ADRUM_BTa=R:27|g:cf13dd3d-ed1d-4855-99fd-3ee3466dd5dd|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:193; _cls_s=5d7a0a94-036b-4234-ab57-b84477e5a9b3:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:32 GMT
Content-Length: 0
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-01dae6b9-3ad4-485b-a027-fd3225be0045' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/reporting/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Set-Cookie: ADRUM_BTa=R:27|g:cf13dd3d-ed1d-4855-99fd-3ee3466dd5dd|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:193; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:0c5f588c-bb88-48b5-98b2-f2d2ab8e2bc4; Expires=Thu, 08-Dec-2022 01:31:02 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:0c5f588c-bb88-48b5-98b2-f2d2ab8e2bc4|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 08-Dec-2022 01:31:02 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Thu, 08-Dec-2022 01:31:02 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=797191FB47C7F85EE441B260D88D67FF; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Fri, 08-Dec-2023 01:30:32 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120221207173032347337870; domain=.wellsfargo.com; path=/; expires=5 Dec 2032 01:30:32 GMT; secure=true; SameSite=Lax; HttpOnly
ADRUM_BT1=R:27|i:206915; Expires=Thu, 08-Dec-2022 01:31:02 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206915|e:9; Expires=Thu, 08-Dec-2022 01:31:02 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTs=R:27|s:f; Expires=Thu, 08-Dec-2022 01:31:02 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206915|e:9|d:0; Expires=Thu, 08-Dec-2022 01:31:02 GMT; Path=/; Secure; SameSite=Lax; Httponly
ISD_WCM_COOKIE=!eSujCmMhUuzgBlACM1DtwKm8Wrr89wvUBiLJjyrBvzoxKcOaNibKCm8fDcz1B9ddJmyfUwd0K8fTKeg=; path=/; Httponly; Secure
DCID=J+jFcW8z9SatQp0upXdyY62hOg96AbZA+i2JJyz6hk%2fJcJWfV6OfZn4sZgXiqNIG; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:32 GMT;Httponly; Secure
_abck=EA24520171482224A7F44A7E9958EF20~-1~YAAQHWgRYAIZKoqEAQAAjA5b7wnr95ZQg4eEKo4kC5YDleDhhL/F+UI3hhyHNhF+zNg2/9K0wWHFZnQowOtYV4k+vM2cKnVB886dxgP1oAyRDtnl5crH+kOzxSIddP5EYDHtA8BZ6G1TeE2Iv/xUWRE9LCprDyrCBUQpz85RidtIHaEZyL+VdPNBYcPv/fGPcIlhTnWZoQFrlDqKZI+Z2XdqYCwOCMuIeMPVr8jJLurjmFAQ1oX/9hx1RMMHrfmcRuh072LKpJMrMm+HvwqBgeB/RZHllQTMDorqbSBMmovEPDNn4+n/atTX/qppoFnAhArs17dz9xVDHKYxtq+w1PUNyd3HI0y1fhdDltJpRgxnRTIjbbihvWdsYRdb/szG3g==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 08 Dec 2023 01:30:32 GMT; Max-Age=31536000; Secure
bm_sz=AD4940C3CD35296441CA3ECDC1A7CB8D~YAAQHWgRYAMZKoqEAQAAjA5b7xILmDwh3zyn1j3RLpDzjwz+6TLjuBvalz9ZpVf+S4OQQcZ9F0qnfSwyv8lH1pmI6fRWP8HhToJKfXRQZmyBMN9/uZRqph9hNYgzpyTUQJPsH0xK+zfDQbh0XP1obWcI+1N0nqec/vMPGpqkqbM9IswpqIVLV8HB6GMuLC25xgNAyfRdawd9N/K/M49yv0ANuNM90+Wn2DR/bsLWyU2wji5Ym9w+ykg4fuG8Kcdc1MmfEbmTho2tifG4y9DdasA7jbZTl4rQIi5/dcCSK/3h9B24piE3~4408885~3422007; Domain=.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 05:30:32 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl22:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e38_bl21_27527-6571

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
38d1c089860ce360f5266ae101ab05ca
31705702b50e1c818c052b6d2a23f22583aa07d1
097ac1bb8edd3ef2e02fa551d824a0104c6995e130f9cdc4bcfa65583a9785d0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 01:30:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.8f9cf4ffa67837217dd4.chunk.js

23.36.79.24

200 OK

185 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.8f9cf4ffa67837217dd4.chunk.js
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
data
Size
185 kB (184798 bytes)
Hash
a19b4a6c27841f990c8954de4c052b81
e141670e58498aeebdd94f3e24972b999d0ea91b
a3f89dfdb97fbb04635e44ac908a90b5dc1c76b3b2d3b4eb8f380b8893bc68dd

HTTP Headers

GET /accounts/static/7M/accounts/public/js/wfui.8f9cf4ffa67837217dd4.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 310941
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-4be9d"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Thu, 08 Dec 2022 01:30:32 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=S%2f83Aaip6BwsEt78315VDlkDZ+Im47kAdnebglbHXLW8Ud6PFgS+Q8Ee0ocFckE%2f; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:32 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js

23.36.79.26

200 OK

16 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
IP
23.36.79.26:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (599)
Size
16 kB (15970 bytes)
Hash
18a9dcc7cee831010cf1647c8e39088a
731f39c30835414c6e165dd4687bf4071fe0eb10
1dc439a17ef08f995584c4869ccc397120b2502b57ba40240887df28e347be9b

HTTP Headers

GET /assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 Mar 2021 23:46:24 GMT
Vary: Accept-Encoding
ETag: W/"60401fd0-bbed"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15970
Date: Thu, 08 Dec 2022 01:30:33 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=8oLuCOBrWmdiH3he18v7BA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
30aec170d58f580f2ed4da4b92d72cc7
3b11a98ba9563f7f266e7a935e3b78bd0c0712aa
7b25e66e4383cdb29228d0451a4810eeab7d194ca81045e066c00c9467f29312

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 01:30:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=531608918&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=wCCACUALBAAAAC~&jid=157219791&gjid=1044564630&cid=8318349.1670462927&tid=UA-107148943-1&_gid=115383961.1670462927&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=112022120717302992137691&cd12=BROWSER&cd22=hp&cd23=4.48.0&gtm=2ou8g0&cd35=8318349.1670462927&z=1739001508

142.250.74.110

200 OK

2 B

URL HTTP/2
www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=531608918&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=wCCACUALBAAAAC~&jid=157219791&gjid=1044564630&cid=8318349.1670462927&tid=UA-107148943-1&_gid=115383961.1670462927&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=112022120717302992137691&cd12=BROWSER&cd22=hp&cd23=4.48.0&gtm=2ou8g0&cd35=8318349.1670462927&z=1739001508
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
cc7a1e792bca8ccb1946b7a07f6dbc03
11a2757082428311f587b7664fa9840376137f80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

HTTP Headers

POST /j/collect?v=1&_v=j92&aip=1&a=531608918&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=wCCACUALBAAAAC~&jid=157219791&gjid=1044564630&cid=8318349.1670462927&tid=UA-107148943-1&_gid=115383961.1670462927&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=112022120717302992137691&cd12=BROWSER&cd22=hp&cd23=4.48.0&gtm=2ou8g0&cd35=8318349.1670462927&z=1739001508 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
date: Thu, 08 Dec 2022 01:30:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
b9083cdf8a3f174763927ae3e9ca3934
1d1ca843e0517b384f693ff52b55fcafc48f9ee7
0f42326e84100eb58e3ac1d2eb5e21f7f0ba3502ddea7f607627a465cc234801

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 01:30:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0c89743226644fddacbe5d50c110b950
b343ae9eb9047cf764b518083d612ffd3652b209
1bf675bb6e12e913a98cd8849c1af9a0c50b0bb8bfa670c86419b41782e06e47

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 01:30:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.c8097827d58cdc727a2c.chunk.js

23.36.79.24

200 OK

221 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.c8097827d58cdc727a2c.chunk.js
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
data
Size
221 kB (220644 bytes)
Hash
dc27774087f24ac3f4fd921c79f72495
ea51c79776f0943bdae223e62b8747dae86ec37a
d8c6fafd3cf22e167d8c35972bfa3951f7f47ac40603d5014ffcc14a166d9a52

HTTP Headers

GET /accounts/static/7M/accounts/public/js/vendor.c8097827d58cdc727a2c.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 365187
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-59283"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Thu, 08 Dec 2022 01:30:33 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=DM85WTUOfyxcOyry8H2YYK1Wedh6pTlquI%2fEHXabsCFSpgsqU1wqE5Ddne%2fnuL34; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:32 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

connect.secure.wellsfargo.com/AIDO/glu.js

23.36.79.24

200 OK

37 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/AIDO/glu.js
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
37 kB (37011 bytes)
Hash
90f645e6c9e4d4b0d970a76eb527e135
082298a1460081ac969e17c5809a7c95fc8ffa05
cc8dc8105918d2a1790d7bdedad05a2530ed31c4fd93ec07c01b3fc75634fc15

HTTP Headers

GET /AIDO/glu.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 37011
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, OPTIONS
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Encoding: gzip
Date: Thu, 08 Dec 2022 01:30:33 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=%2fEquyLYlp6njtfeU3yNf2vRqr%2f86sd9MVRjsyrWSj1vTATt7Hl0YKWsfaRsLdkJs; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:32 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6d7737802f93eeb14503d61c77c137bc
fa6861c298d00f879b9f16af4f05470cecfc80af
6b1b9763bcfaeb92a63ad6020651b3745e8279c634eb3505fc9fa875e772af42

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 01:30:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=8318349.1670462927&jid=157219791&gjid=1044564630&_gid=115383961.1670462927&_u=wCCACUAKBAAAAC~&z=1573234080

108.177.14.157

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=8318349.1670462927&jid=157219791&gjid=1044564630&_gid=115383961.1670462927&_u=wCCACUAKBAAAAC~&z=1573234080
IP
108.177.14.157:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=8318349.1670462927&jid=157219791&gjid=1044564630&_gid=115383961.1670462927&_u=wCCACUAKBAAAAC~&z=1573234080 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 08 Dec 2022 01:30:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.6688844930898981

23.36.79.24

200 OK

56 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.6688844930898981
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
56 kB (55573 bytes)
Hash
2e8e65d2784f65042bec4650b63f72b2
a389d0ee9616f3f3f98f8a5b5942059d2efffc04
3bbb50980f40f4a824dfd8106f0ebeff6007f908d8a237482525a2629992486d

HTTP Headers

GET /AIDO/mint.js?dt=login&r=0.6688844930898981 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 55573
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 08 Dec 2022 01:30:33 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=rGX1Xm%2fwDL4sYQhGlnBGrL31MSByKevlWP3owKeqZDYr7RIDKTVP0r2YJzmcWsOY; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:33 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c221e4deeb8144b7fc354cce5dc563f8
578e9395e2800e2e19bde2a1d49d9501f6aa3364
258bf83c23b05e8bc9b987e849a194b9f81742ee4268f6453a1e88bfaca959f5

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 01:30:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=866715562787;gtm=2od8g0;auiddc=808933356.1670462927;u1=112022120717302992137691;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.8318349.1670462927;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F

142.250.74.130

200 OK

85 B

URL HTTP/2
adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=866715562787;gtm=2od8g0;auiddc=808933356.1670462927;u1=112022120717302992137691;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.8318349.1670462927;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F
IP
142.250.74.130:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
85 B (85 bytes)
Hash
4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb

HTTP Headers

GET /ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=866715562787;gtm=2od8g0;auiddc=808933356.1670462927;u1=112022120717302992137691;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.8318349.1670462927;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 01:30:33 GMT
expires: Thu, 08 Dec 2022 01:30:33 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6d7737802f93eeb14503d61c77c137bc
fa6861c298d00f879b9f16af4f05470cecfc80af
6b1b9763bcfaeb92a63ad6020651b3745e8279c634eb3505fc9fa875e772af42

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 01:30:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0fa282ae07239f0cf04503485877d681
631aa2fff49d29c46341db6540d25917b3626ef5
9020928ea0c9addf3e0a04d78db4158b54b4f29577785b5adb4cf7f2949ced17

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 01:30:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

connect.secure.wellsfargo.com/PIDO/pic.js?r=0.47435318577464447

23.36.79.24

200 OK

42 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/PIDO/pic.js?r=0.47435318577464447
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
42 kB (42437 bytes)
Hash
1ec55f826cdfab1035a20b55e8b88102
c6ac7df0158145ff308b42ee8b019d20bb97bd66
e7b01fb97c9abaaada69baca95e8dc98192179adbb6eee3d7bcea92b21bcde7f

HTTP Headers

GET /PIDO/pic.js?r=0.47435318577464447 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 42437
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 08 Dec 2022 01:30:33 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=+h2%2f53I5YW0XV1Tn5HvPNEOdQCQlISZadeBLUe+8MPyZd2xfIG%2fNTDzVQEXPg419; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:33 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
47ca575e4e17f0d22c64cb660e7a09e7
4dcbee84c5dba4dc2d9e647ff157302b427e869e
5e7f53f02ba783b9bab5cd6670ce0dcd230bd0f9c54fde6c0c1f3ba1523fee63

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 652
Cache-Control: max-age=140741
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 01:30:33 GMT
Etag: "6390be71-1d7"
Expires: Fri, 09 Dec 2022 16:36:14 GMT
Last-Modified: Wed, 07 Dec 2022 16:25:21 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
47ca575e4e17f0d22c64cb660e7a09e7
4dcbee84c5dba4dc2d9e647ff157302b427e869e
5e7f53f02ba783b9bab5cd6670ce0dcd230bd0f9c54fde6c0c1f3ba1523fee63

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3927
Cache-Control: max-age=144015
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 01:30:33 GMT
Etag: "6390be71-1d7"
Expires: Fri, 09 Dec 2022 17:30:48 GMT
Last-Modified: Wed, 07 Dec 2022 16:25:21 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471

connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEB3Zkh1NWpzRm5tKzB4a28rcjNtL1NKZmZDRHZNRGtqb2ZYME1Ia1pvano5OE43T2lpcitZYzNsNEdRc2FQM0swa2YzVHFZV0dEZlBqRkNpY1p0NmRHZUtZdTBHUVQ4RUF5cDFZcUhPUGlnMmxLYWpjZ0FkNjNhN3NKSnJUSlpPaDdLendxcTA5N01jcnIvUGxKMThNWGw1YUJXQURTdGtqZjhkcXFzT0tNUkRyeFA0R3BybmtKejh6R2dpd0xFUi8rVkRmayt1NUV6N1I0T1Qwd1ZPMGNrSy9QWThncFdyeExyemE1dll4aFFjcW5JaGhaU285ZHFOY1dEZlJvbWpnNk55bXArbkVmdVQyS2JId2g2eENPNXJBNHpnMjc0OGJCWEU2TjQwPXwzZjY4MDQ0ZDc3NWM1YTQ1NmM2MzMxOTVjNTFkMTI5OWNjOTEyM2QzZjdkNzM5ZmY0ZGY5YmZhNzI4N2U1MGRkZGQ3OWIxZGJmYzEwNDIyNGQxOGY1MzNhNWU1MTk5OWFjODk0N2FkYmM4MDE4NGE3ODVjYzZhNDhhYWUxMDY4NTUwYmQ2NjJkODFlZTVlMGEzOGRiNzY5MGNmMDlmZTRhMzFiZGYwNDgzNmRhYjQzNGY4NjczNTYwYTk2MTZlZTgzYTJmMWZiOWQ2MGFkYTc4OTM2ZTBiOTY3MDVmOWIyOTlmMmNmZDcwODUwYWE3M2Y5OTAxZTRlN2EwNzI2YThkNTlkOGZhODJjM2I2ZDIzMTBlMGM4NDNmMTJhMGZmMDI0MWM0OTUwYWFiMzIxZTJjMWVmZGVkNDIzN2EwOTlmYmQ1ZDcyMTJkMzg0ZmI3Yzc2OTIzZTU2YzUxOTk4MDg5Y2E3YmY5MDFiNzAyYmVkMzM0MmJmNGRjMjVmZjU5N2NiZGI1MTQ1MWFlYWQ5OTJiNDhkYmZiN2E4MmEyOTY0N2JmMmJiZTBlMDRiODI4NzJlMmY1NDhjMjllMTUzY2ZkZjM5YWMzZTUyYjMyMTIxZThmN2ZjN2ZjMDlkNmM1MjA2MGMzYTE0YTFiMTM5YzM3Mjc0OGZjODY5ZTAxZmQyMnwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com&t=jsonp&c=ihizgeur_qxuboma&eu=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F

23.36.79.24

200 OK

90 B

URL HTTP/1.1
connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEB3Zkh1NWpzRm5tKzB4a28rcjNtL1NKZmZDRHZNRGtqb2ZYME1Ia1pvano5OE43T2lpcitZYzNsNEdRc2FQM0swa2YzVHFZV0dEZlBqRkNpY1p0NmRHZUtZdTBHUVQ4RUF5cDFZcUhPUGlnMmxLYWpjZ0FkNjNhN3NKSnJUSlpPaDdLendxcTA5N01jcnIvUGxKMThNWGw1YUJXQURTdGtqZjhkcXFzT0tNUkRyeFA0R3BybmtKejh6R2dpd0xFUi8rVkRmayt1NUV6N1I0T1Qwd1ZPMGNrSy9QWThncFdyeExyemE1dll4aFFjcW5JaGhaU285ZHFOY1dEZlJvbWpnNk55bXArbkVmdVQyS2JId2g2eENPNXJBNHpnMjc0OGJCWEU2TjQwPXwzZjY4MDQ0ZDc3NWM1YTQ1NmM2MzMxOTVjNTFkMTI5OWNjOTEyM2QzZjdkNzM5ZmY0ZGY5YmZhNzI4N2U1MGRkZGQ3OWIxZGJmYzEwNDIyNGQxOGY1MzNhNWU1MTk5OWFjODk0N2FkYmM4MDE4NGE3ODVjYzZhNDhhYWUxMDY4NTUwYmQ2NjJkODFlZTVlMGEzOGRiNzY5MGNmMDlmZTRhMzFiZGYwNDgzNmRhYjQzNGY4NjczNTYwYTk2MTZlZTgzYTJmMWZiOWQ2MGFkYTc4OTM2ZTBiOTY3MDVmOWIyOTlmMmNmZDcwODUwYWE3M2Y5OTAxZTRlN2EwNzI2YThkNTlkOGZhODJjM2I2ZDIzMTBlMGM4NDNmMTJhMGZmMDI0MWM0OTUwYWFiMzIxZTJjMWVmZGVkNDIzN2EwOTlmYmQ1ZDcyMTJkMzg0ZmI3Yzc2OTIzZTU2YzUxOTk4MDg5Y2E3YmY5MDFiNzAyYmVkMzM0MmJmNGRjMjVmZjU5N2NiZGI1MTQ1MWFlYWQ5OTJiNDhkYmZiN2E4MmEyOTY0N2JmMmJiZTBlMDRiODI4NzJlMmY1NDhjMjllMTUzY2ZkZjM5YWMzZTUyYjMyMTIxZThmN2ZjN2ZjMDlkNmM1MjA2MGMzYTE0YTFiMTM5YzM3Mjc0OGZjODY5ZTAxZmQyMnwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com&t=jsonp&c=ihizgeur_qxuboma&eu=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with no line terminators
Size
90 B (90 bytes)
Hash
99e3ad1eba5f8ad66fbbc785d5ae011b
48843c9b2a82cedb0592addd87390fb367e6d001
e3f728d10ec2920abd1eab50a9e1ace303b0c9da332fbc4557fef7ca41c3a728

HTTP Headers

GET /AIDO/vyHb?d=ZW5jZEB3Zkh1NWpzRm5tKzB4a28rcjNtL1NKZmZDRHZNRGtqb2ZYME1Ia1pvano5OE43T2lpcitZYzNsNEdRc2FQM0swa2YzVHFZV0dEZlBqRkNpY1p0NmRHZUtZdTBHUVQ4RUF5cDFZcUhPUGlnMmxLYWpjZ0FkNjNhN3NKSnJUSlpPaDdLendxcTA5N01jcnIvUGxKMThNWGw1YUJXQURTdGtqZjhkcXFzT0tNUkRyeFA0R3BybmtKejh6R2dpd0xFUi8rVkRmayt1NUV6N1I0T1Qwd1ZPMGNrSy9QWThncFdyeExyemE1dll4aFFjcW5JaGhaU285ZHFOY1dEZlJvbWpnNk55bXArbkVmdVQyS2JId2g2eENPNXJBNHpnMjc0OGJCWEU2TjQwPXwzZjY4MDQ0ZDc3NWM1YTQ1NmM2MzMxOTVjNTFkMTI5OWNjOTEyM2QzZjdkNzM5ZmY0ZGY5YmZhNzI4N2U1MGRkZGQ3OWIxZGJmYzEwNDIyNGQxOGY1MzNhNWU1MTk5OWFjODk0N2FkYmM4MDE4NGE3ODVjYzZhNDhhYWUxMDY4NTUwYmQ2NjJkODFlZTVlMGEzOGRiNzY5MGNmMDlmZTRhMzFiZGYwNDgzNmRhYjQzNGY4NjczNTYwYTk2MTZlZTgzYTJmMWZiOWQ2MGFkYTc4OTM2ZTBiOTY3MDVmOWIyOTlmMmNmZDcwODUwYWE3M2Y5OTAxZTRlN2EwNzI2YThkNTlkOGZhODJjM2I2ZDIzMTBlMGM4NDNmMTJhMGZmMDI0MWM0OTUwYWFiMzIxZTJjMWVmZGVkNDIzN2EwOTlmYmQ1ZDcyMTJkMzg0ZmI3Yzc2OTIzZTU2YzUxOTk4MDg5Y2E3YmY5MDFiNzAyYmVkMzM0MmJmNGRjMjVmZjU5N2NiZGI1MTQ1MWFlYWQ5OTJiNDhkYmZiN2E4MmEyOTY0N2JmMmJiZTBlMDRiODI4NzJlMmY1NDhjMjllMTUzY2ZkZjM5YWMzZTUyYjMyMTIxZThmN2ZjN2ZjMDlkNmM1MjA2MGMzYTE0YTFiMTM5YzM3Mjc0OGZjODY5ZTAxZmQyMnwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com&t=jsonp&c=ihizgeur_qxuboma&eu=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 90
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Thu, 08 Dec 2022 01:30:33 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=2aDa%2fnZ23ahSb7DPQGJvVMgtgGLhf1on2e6AOJ%2flayjiuR7128TuaPWs2ndzFoD7; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:33 GMT;Httponly; Secure
_abck=459B6CEEF45B2B9F2EE6CDC3FCBE3FD7~-1~YAAQFE8kF6vFEYeEAQAACBJb7wmlLdaQ9Fh3O1jSjdEIroOoj58LfR3XSNIygkwtyLI0NhAzF56pjtUV1+UVJZZH+x14rU7iQrEhIjskuQOdMDubIPvScIqQ1Jfm3zILCtoYcnrrboSwHclZrQx4z2S3XckQZjK06PGJr5mqveuFlLON0sbF52NWZC5s1Z5YUSmiaCqZANxDEyC3xDVF2FTvCCZIgcA1Zh0Kcu3/FtoGkx3BKZ79pIpfhSAQFmCMmjhArEllB902dSSe5E/cdMi6YcMQ2T7uGQyn3owjajSjuYFMLPRDcMMHLj5II0ZtIkHTln3ppydBY1fNd1ZXgIz7L8t/fDsqsk1sraMuU/sXu830Niw5+1X1Rx5jB8OVbw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 08 Dec 2023 01:30:33 GMT; Max-Age=31536000; Secure
bm_sz=66C19C4B078D1AF5CDBD0D46DB8CDA31~YAAQFE8kF6zFEYeEAQAACBJb7xKupct5x9vjgaWlRTx3kY7+LCszKK3LCipcslxlnYCBtJC9gxsEiYHfEF+nV3C2ZKS1fEp2F6nhJRUboNcwZW7U7RkEYru9r5shDvZvkc+pbXM2QSyxXWVFMhge5pe1xVGPFDqvobtnlSWX8P0GMRJ+IQM982iTPNti6/wtgMeHdltIJI0qxNmK4BOr3Jc2AJIjvApwfv7hZTPiARq2dMzEyTA4K3w1P+Xf0evs5lJdPDvR85Lw4szkxa6qYoEwMV+ux5IIwXRdqLlUCiIuAQuz5JEG~3293495~3359542; Domain=.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 05:30:33 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

connect.secure.wellsfargo.com/jenny/nd

23.36.79.24

200 OK

17 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/jenny/nd
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (2285)
Size
17 kB (17012 bytes)
Hash
862309933e03f65952380d18f0e816ff
a1253923cdfaf5377d10fceaa9af7e60ba9d7b76
82254d79571805a998ae22b2bebe0487ff1764083c5e590ef519281da04dcdf9

HTTP Headers

GET /jenny/nd HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/javascript;charset=ISO-8859-1
Content-Length: 17012
Date: Thu, 08 Dec 2022 01:30:33 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:55|g:b8381dd6-84a9-4c03-a7d5-d2a75a492f9f; Expires=Thu, 08-Dec-2022 01:31:03 GMT; Path=/; Secure
ADRUM_BTa=R:55|g:b8381dd6-84a9-4c03-a7d5-d2a75a492f9f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 08-Dec-2022 01:31:03 GMT; Path=/; Secure
SameSite=None; Expires=Thu, 08-Dec-2022 01:31:03 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812; Expires=Thu, 08-Dec-2022 01:31:03 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812|e:3; Expires=Thu, 08-Dec-2022 01:31:03 GMT; Path=/; Secure
ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=aaAQIybzXpBkr0uUEI5QWPvgQa2NmhWFKndIwqj3h0ebKpkUnWdFR4biOdg5rbOO; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:33 GMT;Httponly; Secure
_abck=E6B73F53F1D95E9D8855EF9493E75666~-1~YAAQFE8kF63FEYeEAQAAIRJb7wlizXJ2L6YtvTV2I8JBuvow6atdPh/eZ2ja0wGHtxpT+riCE9ouIECPuB7VvUSZFT9HUMRoS7sWg6vgDx34mhq+8iki0YNziLEBKd6bRlW6O4lOrvLyFPi+1gpCuJY05CwgoaQzF+wF0S/8Te25qb0RPp2D9qsl1mi78ivfi1Cv7/axEp7Bn9zRblqC2YhhhV8yjgZMjfMG5NjBUcoNU715vtCL/4Fd4aFZJSQ3+E+WVnLHfQ6FDcUjMnB2GOyuXibXx+XcwObWvFQS+PnODEozelUgpR12fa3jllKnW/FBq0efznRZmCwZOl6pE169mg0QqGpwlTS2uuMYHZe3JL4ulX3vsu4nlpSq6eE9pQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 08 Dec 2023 01:30:33 GMT; Max-Age=31536000; Secure
bm_sz=125B084B7DD169D8A2EAF545304D8F2F~YAAQFE8kF67FEYeEAQAAIRJb7xLgIokxj54VKkdIixS9RPHE9ZFq+ETfltYwrLWrNkjram6Dd0bRp4JOx0PGjF89Lr0BWyTBBwg7QiarK2Gmmbxxqe/4s6VvyccyQO7VT+J44oLPkX7LkV0D7vvLPwX+jZoodHmaTz5ZzkGF2Vs4eaK0SxdABAw0mbizHqjzdZnmzzCyRGcYKcoZ+HmPzU+vPAn7EKom19f3PYvk9vSgQ5ng/XaxD5vMmIrb7JILsaArSByGGxab6wkxDeeTWjwFXzAVMOXoi3lURieLcXOk2Dx8Rlto~3293495~3359542; Domain=.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 05:30:33 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
3041a0828d1aeb289bac655852c04bbb
e7ac7db3b4861c0c269170a4b9f9cfcc07f30647
07600c5e37975e1e64911afe5150beb53526a4c552295fec54cda73347ebd833

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6044
Cache-Control: max-age=98919
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 01:30:34 GMT
Etag: "63900605-1d7"
Expires: Fri, 09 Dec 2022 04:59:13 GMT
Last-Modified: Wed, 07 Dec 2022 03:18:29 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a938af990a97b9856e1174d11c72cbf7
b57716fd0ea9a1e9e0a0595ff593f939560c0abf
6ab769333b231097d077edfbc1c3fc9560de5ae9bfeb5b8360dea8b7fadbcb44

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 01:30:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 01:30:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0

157.240.200.35

200 OK

0 B

URL HTTP/2
www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0
IP
157.240.200.35:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin: 
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Thu, 08 Dec 2022 01:30:34 GMT
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0fa282ae07239f0cf04503485877d681
631aa2fff49d29c46341db6540d25917b3626ef5
9020928ea0c9addf3e0a04d78db4158b54b4f29577785b5adb4cf7f2949ced17

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 01:30:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1670463032635&cv=9&fst=1670463032635&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1

142.250.74.162

302 Found

42 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1670463032635&cv=9&fst=1670463032635&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/viewthroughconversion/984436569/?random=1670463032635&cv=9&fst=1670463032635&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 01:30:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-user-list/984436569/?random=1670463032635&cv=9&fst=1670461200000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--6f49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=1522814346&resp=GooglemKTybQhCsO
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 08-Dec-2022 01:45:34 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=8318349.1670462927&jid=157219791&_u=wCCACUAKBAAAAC~&z=1809060263

142.250.74.67

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=8318349.1670462927&jid=157219791&_u=wCCACUAKBAAAAC~&z=1809060263
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=8318349.1670462927&jid=157219791&_u=wCCACUAKBAAAAC~&z=1809060263 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 01:30:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
3041a0828d1aeb289bac655852c04bbb
e7ac7db3b4861c0c269170a4b9f9cfcc07f30647
07600c5e37975e1e64911afe5150beb53526a4c552295fec54cda73347ebd833

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2337
Cache-Control: max-age=95212
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 01:30:34 GMT
Etag: "63900605-1d7"
Expires: Fri, 09 Dec 2022 03:57:26 GMT
Last-Modified: Wed, 07 Dec 2022 03:18:29 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
81a7e0ed8b45460991a7d9b719423d48
fa4824b64d5484b955cecebbeea06710ced4fba5
2fb356139722003d5c83566b936968a5ce9ba3756f69ace50a53bea6c1b9f7eb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 01:30:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50

44.239.15.23

200 OK

68 B

URL HTTP/2
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
IP
44.239.15.23:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
68 B (68 bytes)
Hash
1c56c7fb90221afddf56da30158ad2ef
8a845fff26270c2638fd6ec75423cae4903a8f49
925eef11602c9b08e433a33ce4d5c86a5f2f8b1dd959a04b0fac5490cf688f6e

HTTP Headers

GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 08 Dec 2022 01:30:34 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip

163.171.131.129

200 OK

164 B

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
164 B (164 bytes)
Hash
d43cb51e15e14a2578dbc2b1dec3e9ab
6fd83720d43daa60e0c8de395ab995c71471f98b
ce764a3de4551103925ba43634b5ca362ba7bc25c480c80e3a450d1e63819567

HTTP Headers

POST /dti_apg/api/dip/v1/dip HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
ADRUM: isAjax:true
Content-Length: 2042
Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:4$_ss:0$_st:1670464832197$ses_id:1670462925538%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22RhtGaPUK3yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22RTFjRWlLejdHOElTYlRRMg%3D%3DdBtcAV58FtPCdM8PNZLGG6nMHw4PgPYURndpBh1sGc-Yq3NlEeYw23hO47haA7KMn9mv4WCsiB3CXh0z-tbbo71Z0TqJmtiM__8%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067832%7C6%7CMCAAMB-1671067832%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C582093503%7CMCOPTOUT-1670470232s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; SameSite=None; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=; _cls_s=5d7a0a94-036b-4234-ab57-b84477e5a9b3:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ADRUM_BTs=R:27|s:f; ISD_WCM_COOKIE=!eSujCmMhUuzgBlACM1DtwKm8Wrr89wvUBiLJjyrBvzoxKcOaNibKCm8fDcz1B9ddJmyfUwd0K8fTKeg=; ADRUM_BTa=R:27|g:0c5f588c-bb88-48b5-98b2-f2d2ab8e2bc4|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206915|e:9|d:0; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoiSFF5SGg1bjN1MW5maFRnbzBRY3Z4Zz09IiwiZSI6ImZDMW5Majg5U0pwV2xDek0yelYrdmdidDJOMXNGYjRVVkxzWXI3WGpQVE9KUGJSMWhXTjVMc3pPMUxTNEpKK2VKQXU4c0haUEx1UVlKemJjXC92R2xkQ05BdnZyUmpvaklKNGdVUTByS0t0cEtaMHl4eXFLSmg0T0RWZFd5VVwvMlpMR3JsYStTaGVZY2M4cTQxMytKRFNBPT0ifQ%3D%3D.f6d74c7d0e0a5b63.YzViM2Y2ZjNhMjBlZmY2ZWQzZTViYWJlODVmNDUxODFhYzFkMTQ0NDlkOWU2MWI4YzU1YTdiZDgyZDRjNThlYQ%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:34 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 164
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
x-envoy-upstream-service-time: 28
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=EgrKBYRfZ0lw5++CuEwOALGAmEJzizBSD+lxtCMwOlUjnhgczgJQH7SBKkFFGFla; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:34 GMT;Httponly; Secure
_abck=F7DD42DC280F2BDAF8116325B2F6682E~-1~YAAQHWgRYCkZKoqEAQAAbRZb7wl9oeKAxGsJs5JPBjTflyaemEJwL/sCp6ACMk4X0y6FGD886+XLl4wffCblDwM/9jFrYeGx3uwQ+WNnbPj4GqnmYt1d4tYsYdn4hvvwQ/zZFixPyzzhJ/P2Zb2zy/cvJjRj7diFIilo19UF8RiHVcDXWs7u//ivEqKLTuIRgkpDrgi6qwh0Et85sDwMH0kW2s78EXeSl2AResDNsP0BftqEPmNR/4c0Bh8KHJ8rMdD2a6w0+kB/czqQ897GyH9ksK0MMtYfKIFeAABJHyefOY9fkLq7tLJky0t7Fgn2ZHosHmhjyA68PZAmpPa5zkYRXM5tgdpETZPVPpytwN3bKMbd0wpRSae07wmpO3UJxw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 08 Dec 2023 01:30:34 GMT; Max-Age=31536000; Secure
bm_sz=D0EDBDE69D0F92D23CE6D2018D332E57~YAAQHWgRYCoZKoqEAQAAbRZb7xJJRrGnHtdfAzvNFbJYIoyVoTZrPIB/+ch9J+0K96AO4JWN9y/Af81EckdRQYFos5TqKW4kGlkS6LhLa5PI05bWEm4U7897cTPIys/4FrzIvtpQN8H8006lqwgU88uYvPu3xZ/Luw2frtzpGW8bvCCsKa+yaD8hQuXodWlhf+OkpoFyc2qE3D4oM/alD3G8g58mRLF8sClXJvcqigAo0JeoZdMnV1a+z14P3MlRpH0kT68OO/vKOWWEu9kt9un+QeyezLTYwGtsziq+4irXqzYWjKxn~3683640~3355713; Domain=.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 05:30:34 GMT; Max-Age=14400
X-Via: 1.1 bl22:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e3a_bl21_27669-48031

www--wellsfargo--com--6f49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load

163.171.131.129

200 OK

265 B

URL HTTP/1.1
www--wellsfargo--com--6f49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
265 B (265 bytes)
Hash
ea0e6a3377f3d0adb336a619bf773dc6
f67f5a14ecb1f77af4a580b9649b638ae3db0cd7
3e4246fff744807de415648354361ddbc310d181609ab708bb082cf15dbc8e17

HTTP Headers

POST /dti_apg/api/imp/v1.0/report/?m&fq=load HTTP/1.1
Host: www--wellsfargo--com--6f49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
content-type: text/plain;charset=UTF-8
Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Content-Length: 1424
Connection: keep-alive
Cookie: utag_main=v_id:0184ef596ae100a383b1150029a000050003700900918$_sn:1$_se:4$_ss:0$_st:1670464832197$ses_id:1670462925538%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQUZeox3%2BlzJ8CmqwjXEmPpjEKXVyG3DywNl8WTytZg%3D%22%2C%22_s%22%3A%22RhtGaPUK3yrPRW%2B0rgVCmH7%2BF%2BOk6x2j0H8C%2BQ%2BEpYIY%22%2C%22c%22%3A%22RTFjRWlLejdHOElTYlRRMg%3D%3DdBtcAV58FtPCdM8PNZLGG6nMHw4PgPYURndpBh1sGc-Yq3NlEeYw23hO47haA7KMn9mv4WCsiB3CXh0z-tbbo71Z0TqJmtiM__8%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A10000%2C%22fr%22%3A%22ag9d8Oiy66tCORIDdJ6qug%3D%3DwG3rRchaCSAdqtmm-WiOYMmjLvw2kbNywTS2ZUeMsKUWmkShQoTpW41OA1L6Q1STdFqzuWDDWfNg-YkDEfl9sNwL_n7y0WA72LCKPG7YD3ZKRzQnc17obH0wMlXDbPVEBVQEA3JJ9YjGLO_605p7nfI_LVBPfaXk_Hbdr28rE3cExZjaYOCi2QRu%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPCa6Beu134B%2F0A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C34480036718994535530817953272492748768%7CMCAAMLH-1671067832%7C6%7CMCAAMB-1671067832%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C582093503%7CMCOPTOUT-1670470232s%7CNONE%7CvVersion%7C5.2.0; _cls_v=1f759a5d-66cc-475d-a4f0-7cb900fd5576; _gcl_au=1.1.808933356.1670462927; _ga=GA1.2.8318349.1670462927; _gid=GA1.2.115383961.1670462927; ndsid=ndsauid2m00p0nplbeehw9i; _imp_di_pc_=AdE9kWMAAAAAtrWV8pbdb5umZ0UkIj%2Bj; SameSite=None; ISD_WWWAF_COOKIE=!OCUKpwDCeGLvrpcpXMFYjsa6oia5iXcZF5v5DYXlzaUaQl/6GReoTuP323SX8QT1fT6GOBHXjLEfVIs=; _cls_s=5d7a0a94-036b-4234-ab57-b84477e5a9b3:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ADRUM_BTs=R:27|s:f; ISD_WCM_COOKIE=!eSujCmMhUuzgBlACM1DtwKm8Wrr89wvUBiLJjyrBvzoxKcOaNibKCm8fDcz1B9ddJmyfUwd0K8fTKeg=; ADRUM_BTa=R:27|g:0c5f588c-bb88-48b5-98b2-f2d2ab8e2bc4|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206915|e:9|d:0; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoiSFF5SGg1bjN1MW5maFRnbzBRY3Z4Zz09IiwiZSI6ImZDMW5Majg5U0pwV2xDek0yelYrdmdidDJOMXNGYjRVVkxzWXI3WGpQVE9KUGJSMWhXTjVMc3pPMUxTNEpKK2VKQXU4c0haUEx1UVlKemJjXC92R2xkQ05BdnZyUmpvaklKNGdVUTByS0t0cEtaMHl4eXFLSmg0T0RWZFd5VVwvMlpMR3JsYStTaGVZY2M4cTQxMytKRFNBPT0ifQ%3D%3D.f6d74c7d0e0a5b63.YzViM2Y2ZjNhMjBlZmY2ZWQzZTViYWJlODVmNDUxODFhYzFkMTQ0NDlkOWU2MWI4YzU1YTdiZDgyZDRjNThlYQ%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 01:30:35 GMT
Content-Type: text/plain
Content-Length: 265
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=UCJJu3HoHmnS4VWCUzmr8hNBGOrjvH7Rb97PydnY%2f3uHfQaBr7vw8HBLPInkjSn+; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 01:45:35 GMT;Httponly; Secure
_abck=C23FE0A3F96FCF968137F42ED749B5CD~-1~YAAQHWgRYEYZKoqEAQAALRpb7wlo9jJbniagtMlPCDEy2Yq6+djXT4jDK6eCj1sntxVx3DDwFTU05dxUgAdi94kZo9OgwygAICBvnN5AZrEflXdz+dbA0CLf1GM0DoR2Byn3G1dFMTdpZhaguX5fbrUZqg6k8rOMIhGnTMpjz8hTTwLXS1tU/ERRhKQyWn9Ngw8EYogFB7bcHrVa/r3qAaIFsGkr+vg6AUePm7it+srNfgnk2Gjz2FluDMChLiIHQVy16HtTkWbgltQZ32JSvIwi35JvHoNv/jWLzZs0oRDUv4nVZmHAor66f5YnxIZsLQKJzZQtVcj843KNTLu3I8g1FZtR3gpxz4ZmyGl3Lt3Yq7Q4EFB+9A9YIbzZcMYTaw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 08 Dec 2023 01:30:35 GMT; Max-Age=31536000; Secure
bm_sz=EB9309895990D3B9D49F0368AA20A508~YAAQHWgRYEcZKoqEAQAALRpb7xJKY/DQu9zJRCeUx0xAvScI28qsVTepYiYQsK/4IvT4HaolslF5V4BQrVkQLOkaXh96X4nq4GDpkCb3ez3noTDsWEaU0jZCH5g3rCE37TWlFhbxLizHfABHF2qsi3wnOgznXI82Gsj5K/r+xnQNQ4FnF1bX51tP2bOPQ+CzDzrI0ncs+rrf9DpE+cOMPXe30iOxY0ovsH5vtJAau2yNFXh1G86+AQ0/6ocRXA/pABFewuI5T7dgclfY4s6/m2UpvW1vz9syot4XvdVBCQb9p0RLIzKI~3622210~3683381; Domain=.wellsfargo.com; Path=/; Expires=Thu, 08 Dec 2022 05:30:35 GMT; Max-Age=14400
X-Via: 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63913e3b_bl21_27669-48085

www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg

104.110.27.78

200 OK

0 B

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "62057fd1-14ef3"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 35078
content-type: image/webp
cache-control: private, no-transform, max-age=1385470
expires: Sat, 24 Dec 2022 02:21:40 GMT
date: Thu, 08 Dec 2022 01:30:30 GMT
X-Firefox-Spdy: h2

pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51

44.239.15.23

200 OK

0 B

URL HTTP/2
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
IP
44.239.15.23:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 08 Dec 2022 01:30:34 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2

pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum

44.239.15.23

200 OK

0 B

URL HTTP/2
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP
44.239.15.23:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 14657
Origin: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--6f49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 08 Dec 2022 01:30:34 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:55|g:e7cbab94-6f40-4ae7-afe5-55f25211f207;Path=/;Expires=Thu, 08-Dec-2022 01:31:04 GMT;Max-Age=30
ADRUM_BTa=R:55|g:e7cbab94-6f40-4ae7-afe5-55f25211f207|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e;Path=/;Expires=Thu, 08-Dec-2022 01:31:04 GMT;Max-Age=30
SameSite=None;Path=/;Expires=Thu, 08-Dec-2022 01:31:04 GMT;Max-Age=30;Secure
ADRUM_BT1=R:55|i:559461;Path=/;Expires=Thu, 08-Dec-2022 01:31:04 GMT;Max-Age=30
ADRUM_BT1=R:55|i:559461|e:11;Path=/;Expires=Thu, 08-Dec-2022 01:31:04 GMT;Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (31)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations