Report - www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/

Report Overview

Submitted URL
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
IP
163.171.132.220
ASN
#54994 QUANTILNETWORKS
Submitted
2023-03-21 10:21:42
Access
public
Website Title
Final URL
Tags
wellsfargo financial phishing
urlquery detections
Phishing - Wells Fargo

Detections

urlquery
37
Network Intrusion Detection
0
Threat Detection Systems
30

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
adservice.google.com	76	2021-02-20T17:10:48Z	2023-03-26T06:45:04Z	731 B	882 B	142.250.74.130
www--wellsfargo--com--5g49329d48d6c.wsipv6.com	unknown	2022-08-13T10:25:10Z	2023-03-21T11:21:30Z	47 kB	704 kB	163.171.132.220
www17.wellsfargomedia.com	76964	2021-07-19T14:03:45Z	2023-03-25T10:35:11Z	14 kB	500 kB	104.110.27.78
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-26T05:18:47Z	2.0 kB	4.7 kB	192.229.221.95
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-26T05:32:55Z	680 B	1.9 kB	172.64.155.188
ort.wellsfargo.com	51778	2013-12-03T18:17:45Z	2023-03-25T03:09:55Z	952 B	4.1 kB	95.101.10.171
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-26T05:11:12Z	413 B	5.9 kB	34.160.144.191
www.google-analytics.com	40	2012-10-03T03:04:21Z	2023-03-26T06:13:06Z	1.1 kB	550 B	142.250.74.78
pdx-col.eum-appdynamics.com	4816	2018-10-26T09:20:40Z	2023-03-25T20:17:30Z	1.6 kB	1.8 kB	54.70.91.176
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-26T05:11:59Z	333 B	391 B	34.117.237.239
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-25T18:14:26Z	782 B	2.4 kB	35.241.9.150
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-25T18:12:03Z	2.7 kB	7.1 kB	23.36.76.226
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-26T05:10:29Z	606 B	127 B	52.26.112.186
c1.wfinterface.com	14481	2020-08-20T01:48:14Z	2023-03-25T10:35:09Z	3.7 kB	410 kB	23.36.79.32
rubicon.wellsfargo.com	11786	2019-12-17T21:15:25Z	2023-03-25T20:17:26Z	625 B	2.2 kB	95.101.10.104
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-26T05:10:41Z	4.5 kB	9.1 kB	142.250.74.163
ocsp.dcocsp.cn	33518	2018-11-07T14:15:36Z	2023-03-26T07:21:08Z	338 B	1.1 kB	47.246.44.228
googleads.g.doubleclick.net	42	2021-02-20T16:43:32Z	2023-03-26T06:13:32Z	930 B	1.3 kB	142.250.74.66
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-26T05:09:08Z	3.2 kB	50 kB	34.120.237.76
2549153.fls.doubleclick.net	30024	2015-01-13T00:13:33Z	2023-03-25T10:35:12Z	758 B	1.1 kB	142.250.74.38
wellsfargobankna.demdex.net	10546	2017-02-13T10:09:43Z	2023-03-25T10:35:14Z	562 B	1.2 kB	52.16.86.44
dpm.demdex.net	204	2012-05-22T07:45:05Z	2023-03-26T05:09:33Z	1.4 kB	2.3 kB	34.241.198.189
api.rlcdn.com	791	2018-09-26T07:12:06Z	2023-03-26T05:10:48Z	465 B	192 B	34.120.133.55
stats.g.doubleclick.net	96	2013-06-10T22:21:11Z	2023-03-26T06:32:39Z	664 B	625 B	209.85.233.157
adservice.google.no	96969	2018-06-20T01:38:38Z	2023-03-26T05:13:44Z	723 B	724 B	172.217.21.162
connect.secure.wellsfargo.com	11812	2017-01-31T16:32:35Z	2023-03-25T21:25:38Z	4.3 kB	403 kB	95.101.10.136
static.wellsfargo.com	12306	2015-03-14T23:03:25Z	2023-03-25T20:17:24Z	2.2 kB	72 kB	23.36.79.26

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-03-20	medium	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/	Wells Fargo & Company

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-03-21	medium	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/	Phishing
2023-03-21	medium	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js	Phishing
2023-03-21	medium	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/ui/javascript/publicsite-ui/ps-global.js	Phishing
2023-03-21	medium	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/Yo0J8f8Rx/tSR7mQL/AA/aOwawk2mmaz7/TVIrUAROBg/ZGBO/Y3ZAYl8	Phishing
2023-03-21	medium	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single	Phishing
2023-03-21	medium	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/_bm/get_params?type=get-akid	Phishing
2023-03-21	medium	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/Yo0J8f8Rx/tSR7mQL/AA/aOwawk2mmaz7/TVIrUAROBg/ZGBO/Y3ZAYl8	Phishing
2023-03-21	medium	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/as/target/offers/conversations	Phishing
2023-03-21	medium	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js	Phishing
2023-03-21	medium	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/Yo0J8f8Rx/tSR7mQL/AA/aOwawk2mmaz7/TVIrUAROBg/ZGBO/Y3ZAYl8	Phishing
2023-03-21	medium	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA	Phishing
2023-03-21	medium	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/Yo0J8f8Rx/tSR7mQL/AA/aOwawk2mmaz7/TVIrUAROBg/ZGBO/Y3ZAYl8	Phishing
2023-03-21	medium	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/as/target/offers/dispositions	Phishing
2023-03-21	medium	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (35)

	URL	Size	First Seen	Last Seen
	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/	695 B	2023-03-07	2023-03-26
Pretty URL www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/ IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:04 Last Seen2023-03-26 13:09:33 Times Seen18 Hash 899837b2f1e8a81797ae37ad361488d3 0f4abcaeceb40790ea9341b6f43328a983e8428f ab4f57987919925eaadb2fa2eb5e82798300b1b7aaab2066b875f8cded107873 Loading...

	c1.wfinterface.com/tracking/hp/utag.js	206 kB	2023-03-13	2023-04-13
Pretty URL c1.wfinterface.com/tracking/hp/utag.js IP 23.36.79.32 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 22:58:08 Last Seen2023-04-13 08:50:50 Times Seen239 Hash 17c10ca4f69f1ef398adc34b9e405439 489e45ba2943a69d0d91e26f69b4819bd78ab29a e0add97babd5a52fadf442a70636ee80aa36bdd002b72999c4dfa337ed221c4c Loading...

	static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js	45 kB	2023-03-25	2023-09-10
Pretty URL static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js IP 23.36.79.26 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-25 23:10:42 Last Seen2023-09-10 23:50:30 Times Seen4720 Hash 308e427d5e59a148900bf524ecd5829a 73baa209d84f2d15c88606b28280d2121efd878c c15cbdeb4d6f20c36afa165203fc74d9ee00c6d77954971b0e1ba2e5ec222b07 Loading...

	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/	408 B	2023-03-14	2023-05-03
Pretty URL www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/ IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 02:19:06 Last Seen2023-05-03 16:01:13 Times Seen52 Hash 60b6389c853bda6e687562244dd75f10 8e8aa5a7426e1e0aa09fcf771c216b2fa33408d3 023f7655b3b96900472fe656ec517e96f3f70c38764fe6bc1385924ed2313507 Loading...

	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/	64 B	2023-03-07	2024-04-08
Pretty URL www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/ IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2024-04-08 03:26:08 Times Seen57 Hash 2a7270f6787f0239e01ea8dab902b4da 19e78f37d5519902983822ca8bc8d89e2ad334bf a9e82d70d13300dfc269e01d630de6a93d94dbdf3637c7e29cfa6594737e0797 Loading...

	c1.wfinterface.com/tracking/ga/ec.js	2.8 kB	2023-03-07	2024-03-28
Pretty URL c1.wfinterface.com/tracking/ga/ec.js IP 23.36.79.32 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-03-28 17:41:50 Times Seen4661 Hash 0ae62a83927125e9b9dfa97f89af9d3f efb68f49f2b9b6b5567bf26a17015ede289e429d 618688d9849fef712931832c71e01be145d1791d6da917a702ab86a74ce66089 Loading...

	connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBYY2Q0NW1ibFIzRmdnQUt3RW5yTStWSGJaQjQ5TGtqZ3FrWHJtNHp2SVlLREVIVllxTGFNaDlIRUg0UTg3N2RuWXlIUTdqaHplU0hYY2Rnek5uUGhkZFBMZEFnUmtkZUQwYWlSZDdXMjJiYlJDN1VkbnBCL3FpaEhXQUduYmlwRzYzQ1E1SlMzcGlXc2J3U2hiM3hHN0tCSzdwdUVReER0R2Z0QTZRdXJZZ3BrSFN6cXBLOGtweDAzUkE0L2dkUUpUczgvajFhMGY5ZzZUZHJhTEVmQWlrSlV4ZkZjSlZxOUZBYjlUd2F4blJvWHozM1dnTTJ1V2VleU8wQVY1UUQ3aWMrOWJmeU15M1Qwb0ZEbjhoSWZHVkU2RkZUN0lTd2lsTTlBZGRsNFVCZDU3MzdYeEZSbGVnPT18N2FjMjk0YTNiZjA4YTUxOTVhZjI2ZWI5YTRiZTcxNmJlY2YzNTdhYjcxMTVlM2E3NGNlMzQwOGNhMzYwMzg0YmYwMTdhZTIyYTJkNmEwMGE1Yjg5MTI5YjkyMWE4NWJiNTM5MTZkYWYzMDBmZjMxODAwNDU5Njc0N2QxZWNkMTU5NDU4Nzk1Y2QxMjNhYzk5ZDA4MDJlYjYzMTZmZDFmNGUzZGQ3MDhlNzhhNTI0YjU3ODUzNzMyMzYyOThhMDRlNmU2MzI5MzQ3MGU0NjhmMWU0MDRlY2ZkOTdlZjdlYzk3MjQ0MDE0ZWQ4ZDMzYmE5YjFhMTcxMWY5YzU4NjU2MjkyNmJiNWRmNTRiOWExYjBlYTExODlkNjJiZjJjM2M1NDFjZGY4OWNiZjFiNGUxMDhkYjUyMTg0NTJlYTM0MDI3NDY2NWY2ZTgzYWNjMmY2NTUxMGJjMGExNDU2ZGIxYmFjNTBhZTY0YTBmN2ZiY2JhZDQ0MWQ4NzU2MmM1M2QxYzA0MWE3MmM4NjdiNmE1N2MxOThkN2E1Y2YwOTU2ZjUzNWUyNDQ1MmY3Y2IzMDg2N2E3ZDc1MDdkOGQxYmY4YmE5ZDM0M2MwNzk2ODU2NjU4NDI2ZTg3NDViYTA4ODVhNzg2MmQyYmRkNDc5NTY4M2FhZjkzOWQwZjJkMzBmYTB8MDBlZTBiNjJlY2FhYzg5Zg%3D%3D&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com&t=jsonp&c=zugafvnxunzkvrw_&eu=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F	90 B	2023-03-26	2023-03-26
Pretty URL connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBYY2Q0NW1ibFIzRmdnQUt3RW5yTStWSGJaQjQ5TGtqZ3FrWHJtNHp2SVlLREVIVllxTGFNaDlIRUg0UTg3N2RuWXlIUTdqaHplU0hYY2Rnek5uUGhkZFBMZEFnUmtkZUQwYWlSZDdXMjJiYlJDN1VkbnBCL3FpaEhXQUduYmlwRzYzQ1E1SlMzcGlXc2J3U2hiM3hHN0tCSzdwdUVReER0R2Z0QTZRdXJZZ3BrSFN6cXBLOGtweDAzUkE0L2dkUUpUczgvajFhMGY5ZzZUZHJhTEVmQWlrSlV4ZkZjSlZxOUZBYjlUd2F4blJvWHozM1dnTTJ1V2VleU8wQVY1UUQ3aWMrOWJmeU15M1Qwb0ZEbjhoSWZHVkU2RkZUN0lTd2lsTTlBZGRsNFVCZDU3MzdYeEZSbGVnPT18N2FjMjk0YTNiZjA4YTUxOTVhZjI2ZWI5YTRiZTcxNmJlY2YzNTdhYjcxMTVlM2E3NGNlMzQwOGNhMzYwMzg0YmYwMTdhZTIyYTJkNmEwMGE1Yjg5MTI5YjkyMWE4NWJiNTM5MTZkYWYzMDBmZjMxODAwNDU5Njc0N2QxZWNkMTU5NDU4Nzk1Y2QxMjNhYzk5ZDA4MDJlYjYzMTZmZDFmNGUzZGQ3MDhlNzhhNTI0YjU3ODUzNzMyMzYyOThhMDRlNmU2MzI5MzQ3MGU0NjhmMWU0MDRlY2ZkOTdlZjdlYzk3MjQ0MDE0ZWQ4ZDMzYmE5YjFhMTcxMWY5YzU4NjU2MjkyNmJiNWRmNTRiOWExYjBlYTExODlkNjJiZjJjM2M1NDFjZGY4OWNiZjFiNGUxMDhkYjUyMTg0NTJlYTM0MDI3NDY2NWY2ZTgzYWNjMmY2NTUxMGJjMGExNDU2ZGIxYmFjNTBhZTY0YTBmN2ZiY2JhZDQ0MWQ4NzU2MmM1M2QxYzA0MWE3MmM4NjdiNmE1N2MxOThkN2E1Y2YwOTU2ZjUzNWUyNDQ1MmY3Y2IzMDg2N2E3ZDc1MDdkOGQxYmY4YmE5ZDM0M2MwNzk2ODU2NjU4NDI2ZTg3NDViYTA4ODVhNzg2MmQyYmRkNDc5NTY4M2FhZjkzOWQwZjJkMzBmYTB8MDBlZTBiNjJlY2FhYzg5Zg%3D%3D&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com&t=jsonp&c=zugafvnxunzkvrw_&eu=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F IP 95.101.10.136 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 12:56:16 Last Seen2023-03-26 12:56:16 Times Seen1 Hash 64e9b8c4f7955f84ae71f96ae6efe6f8 1c88fc1d8b69d212c3a81e10930657c971194e46 78b518819fba1c687cef32101c8f501f7bd9a0a957a5a43088c3a26c00b1c29d Loading...

	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/	382 B	2023-03-26	2023-03-26
Pretty URL www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/ IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 12:56:16 Last Seen2023-03-26 12:56:16 Times Seen1 Hash a964a2eabdd64abfcdbc3a0022ebb129 510b5303259fae4c9313fdd44c0a2afac4dbcdee a1b5d4694f9d5667f1809c89c2280ae3baf3f12e244ac14e5b2bc4d0cfebd3b0 Loading...

	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/	49 B	2023-03-07	2023-03-29
Pretty URL www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/ IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:04 Last Seen2023-03-29 21:35:42 Times Seen10 Hash 9dc010e7b56b2574c973fb4ad46b4666 ff941ff2ebba382c97eb9c6241ded33e76b3f8c3 606e34582ec278a9d1f5cff8c942e8e97ecbd117817fbdaa755f8a910dbbd0d8 Loading...

	connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js	269 kB	2023-03-26	2023-03-26
Pretty URL connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js IP 95.101.10.136 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 12:56:16 Last Seen2023-03-26 12:56:16 Times Seen1 Hash c09c00d5399cde03a89f9f48e77fc085 4740635cf0afc855e4fdedd19965b5ee52e7ed2b 09fde43c3d279576b2650b1ea8fe484b63eb6df9ad1e2e3bd71bfd2a9da32d83 Loading...

	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single	11 kB	2023-03-26	2023-03-26
Pretty URL www--wellsfargo--com--5g49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 12:56:16 Last Seen2023-03-26 12:56:16 Times Seen1 Hash f873728664eeebf37c2f3afd5bdbd7ed 39099c8a870c6ba24bd9dc1e9395e600261afbcf 466863e518952ebf885f711d32ebd7fd0cd902c6ccdd7052585067d69982752e Loading...

	c1.wfinterface.com/tracking/ga/ga.js	49 kB	2023-03-07	2024-04-08
Pretty URL c1.wfinterface.com/tracking/ga/ga.js IP 23.36.79.32 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-08 03:26:09 Times Seen4882 Hash 8402e9ebdf9290c018b0617018227681 2d840fcd6c3008d9aca747ba0ce056b496db8e1b 0b2af045acafbdf14516bf55f310568036ace959946d16edb1acebcd58029d22 Loading...

	static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js	45 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js IP 23.36.79.26 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-08 03:26:09 Times Seen4864 Hash 5f310e2e2a558d76b916e137aee73462 c7ff0190c9c2c414321211f3863e9e27f32b713e 385196f0fce7cea80c2c99d971780ecb73df9dea6e5b2d95d19df3aa849c7b1f Loading...

	connect.secure.wellsfargo.com/AIDO/glu.js	70 kB	2023-03-26	2023-03-26
Pretty URL connect.secure.wellsfargo.com/AIDO/glu.js IP 95.101.10.136 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 12:56:16 Last Seen2023-03-26 12:56:16 Times Seen1 Hash 68297a029cd3ceac9b06e6d9529a2057 d7736776bea9705d9b67e7537bc38f26a7800d47 37febbaa0a4d74c81ebd745ec9ed08981b4d121c939efb50731929776df0a287 Loading...

	unknown	0 B	2023-03-07	2024-04-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 21:30:17 Times Seen36967517 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js	2.0 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js IP 23.36.79.26 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-08 03:26:08 Times Seen4778 Hash e7cf4c458b327ab7ed31e0936ccd404f 970bf05073f91ad6b8f21521f7c9886f71f2af1d 52b687a685d2239142be0db5335c5710951ba8c2b39a44431a40f156b4d9312d Loading...

	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AAB9nAOHAQAAB9TKwf_S-ORyDhC01SQKbTXglwky89CtsxwDqqoqRKJXrSLi&X-G2Q3kxs3--z=q	263 kB	2023-03-26	2023-03-26
Pretty URL www--wellsfargo--com--5g49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AAB9nAOHAQAAB9TKwf_S-ORyDhC01SQKbTXglwky89CtsxwDqqoqRKJXrSLi&X-G2Q3kxs3--z=q IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 12:55:55 Last Seen2023-03-26 12:56:28 Times Seen7 Hash 91e9385b9ba9257cdc994df516f0d0e6 c27b0738e97fa7d753a9b680f877fb418650f015 79a3d02e0f85e99832ca4d7d8cd0f7c9ea9974661e2abc238e7faae385ab88f5 Loading...

	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/Yo0J8f8Rx/tSR7mQL/AA/aOwawk2mmaz7/TVIrUAROBg/ZGBO/Y3ZAYl8	198 kB	2023-03-26	2023-06-19
Pretty URL www--wellsfargo--com--5g49329d48d6c.wsipv6.com/Yo0J8f8Rx/tSR7mQL/AA/aOwawk2mmaz7/TVIrUAROBg/ZGBO/Y3ZAYl8 IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 11:55:29 Last Seen2023-06-19 11:14:13 Times Seen514 Hash adc63c07490b3947ba80cc9e211bdb9a 1948fcbb8ef3360fa442356188a74cd001b93128 f83f52a3ef01a4360a0e01885cd652ba71d4fd946ffa69f745cc1afcfe428d60 Loading...

	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/	66 B	2023-03-08	2024-04-08
Pretty URL www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/ IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:41:37 Last Seen2024-04-08 03:26:08 Times Seen35 Hash b679714ddcbf292ed8e3d66e056cfbb4 2b741ae2946b86af705a271c5e7231aa3630035b b970e0f8d8f44672e2998d0a366ebb0eee18ac1048a16db57906df6635377762 Loading...

	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/	125 B	2023-03-08	2023-03-26
Pretty URL www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/ IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:41:37 Last Seen2023-03-26 13:02:55 Times Seen9 Hash 668ad28e78f3c05f20604f4d567e10fd 8b5c217dc88f278a8f74f4b4a33b2426179798e5 2b324682fd8e2393e454b49853d695195f58ab1f35e61ecd69063699d47896b9 Loading...

	c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1	117 kB	2023-03-08	2023-09-21
Pretty URL c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1 IP 23.36.79.32 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:36:56 Last Seen2023-09-21 03:50:16 Times Seen11701 Hash 91c536ff4d2c8db1822702f866e60b08 3370d3721e28923f099da1985f718a88015975aa d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a Loading...

	connect.secure.wellsfargo.com/jenny/nd	54 kB	2023-03-26	2023-03-26
Pretty URL connect.secure.wellsfargo.com/jenny/nd IP 95.101.10.136 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 12:55:55 Last Seen2023-03-26 12:58:21 Times Seen17 Hash 130e21bb308cf4be4a35b14585a09d11 d1ba20d17e71e286ac4ed5d1a7c7d3894d5f9f47 75e0abf780d1e1abc5d65c0853201d05b16aa6464ae2d45535623445753a9c3a Loading...

	static.wellsfargo.com/assets/js/wfui/container/wfui-container-top.js	63 kB	2023-03-26	2023-06-29
Pretty URL static.wellsfargo.com/assets/js/wfui/container/wfui-container-top.js IP 23.36.79.26 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 01:37:27 Last Seen2023-06-29 15:24:08 Times Seen77 Hash 8eabc472d8024408a547bde6e5a7e651 20081746413f0d1dbfdb081f519d1c58c313a876 c9050d5fbeb347076a2ca011d4c9723bc8a46dd0716479e0dfd12155f471fdd5 Loading...

	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/ui/javascript/publicsite-ui/ps-global.js	178 kB	2023-03-26	2023-03-29
Pretty URL www--wellsfargo--com--5g49329d48d6c.wsipv6.com/ui/javascript/publicsite-ui/ps-global.js IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 12:34:57 Last Seen2023-03-29 21:35:42 Times Seen4 Hash 982336f9e51dd78560c8941adbe550b7 8084697ccb9f4487ccb341c91a9a11d38f4395b1 62f7d4b3eb677e99d1e542ce8d59a4c7d17378ea0ad2fd3a3960f3bc9c578b2a Loading...

	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/	281 B	2023-03-07	2023-06-29
Pretty URL www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/ IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:07:02 Last Seen2023-06-29 15:24:07 Times Seen11 Hash 81e631308ffaca8191e65e8877751a22 21bfc3f12b2f47a693e17856fb4fe1030f2672eb 10a64199e3bf2264d6ac247b5c55f8f6332eefc3e42db9a7c2a5004a5dc37b01 Loading...

	c1.wfinterface.com/tracking/ga/ga_conversion_async.js	36 kB	2023-03-07	2024-04-08
Pretty URL c1.wfinterface.com/tracking/ga/ga_conversion_async.js IP 23.36.79.32 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-08 03:26:09 Times Seen4900 Hash 0a40602db7616a31c9da4548ee920190 878e01cb0c90cb247aabc137327655a6fcffcbd5 6c771bd1c269646a76015f2f6410a40c031e5adea88f665bfe9ae15a972ab6ab Loading...

	static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js	48 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js IP 23.36.79.26 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-08 03:26:09 Times Seen4875 Hash aeccb854b0a76aa9f478e466c8011b29 625d31cbeb8978cf2419f58d14bba92a42dbb45c 7f0d10bc282c3d7b0eb4d7527303490f8d3b86a1c65e293c2d9f0793006441e6 Loading...

	connect.secure.wellsfargo.com/PIDO/pic.js?r=0.8247245493999903	90 kB	2023-03-26	2023-03-26
Pretty URL connect.secure.wellsfargo.com/PIDO/pic.js?r=0.8247245493999903 IP 95.101.10.136 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 12:56:16 Last Seen2023-03-26 12:56:16 Times Seen1 Hash 03c49f547faaa366c9be5e86cd0c7f7a 70292f1d94d2de0fac4a34735511b23981b29812 ec7dac874be85c4ef6bbb85a0467b0a4f90c4dbfc1949be54168dc4cef48ece5 Loading...

	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js	59 kB	2023-03-26	2023-04-13
Pretty URL www--wellsfargo--com--5g49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 00:32:56 Last Seen2023-04-13 08:50:50 Times Seen305 Hash 33ec52ff2ee8f8c67af046401cd73e22 f45728e593cde772d9b4c894ddaefb373c847b8b 983ee094a3e2d2587fa6367e8ffb02acdf53ca5d935e70090a91622365d97a83 Loading...

	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/	64 B	2023-03-07	2023-03-29
Pretty URL www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/ IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2023-03-29 21:35:42 Times Seen10 Hash e88d65752d67bb0e037e0ffa6f5a1aa4 b81fad1cfeaf6d8f814ce652e5005854568b8dcf 8372d98f256b905a0140ba0e9751f83959948a2e30ac17fa57909d3d0cfd87ed Loading...

	connect.secure.wellsfargo.com/auth/static/prefs/atadun.js	1.2 kB	2023-03-07	2024-04-19
Pretty URL connect.secure.wellsfargo.com/auth/static/prefs/atadun.js IP 95.101.10.136 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-19 19:43:46 Times Seen4753 Hash 566dda94252f1860a7a28665c715b530 6aa0455dc8ea41441b1f3a733985758dc40af736 43dd833f33570535401d009e6b6f9cde54bdac4e210fc6c89cfdcfcbaa9fc903 Loading...

	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/	167 B	2023-03-07	2023-03-29
Pretty URL www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/ IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2023-03-29 21:35:42 Times Seen10 Hash 61a4caf53316d3210230c31c1883b3a3 2afb0e8b8d5f5501975e82f66d7ff35a9af4dad4 2715df517f54ac7a7e5d8ef102321aabfc88c1ee619cff4fcb5909a90aeb14cd Loading...

	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js	543 kB	2023-03-14	2023-05-23
Pretty URL www--wellsfargo--com--5g49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 07:50:26 Last Seen2023-05-23 04:08:34 Times Seen2177 Hash 2ebe1f343eef1598263831c72bee5d92 3a9a8ba970e54572bfbb11d12039a52157557e39 e2afa6367d38dde83b3c734b10a6235bf0124d908663db531efbcecaab12e61d Loading...

	www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/	295 B	2023-03-07	2023-03-26
Pretty URL www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/ IP 163.171.132.220 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2023-03-26 13:02:55 Times Seen9 Hash 8f551706a91b8a4740f176a6271a2a3e 768e0f59a50d81e388651e0efcd26659c7424231 655f7384728ebc88dcc672fe093d5fab1ed28f9ca1b5a6004ea9c74edbf5a912 Loading...

	c1.wfinterface.com/tracking/gb/detector-dom.min.js	440 kB	2023-03-08	2023-04-13
Pretty URL c1.wfinterface.com/tracking/gb/detector-dom.min.js IP 23.36.79.32 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:19:07 Last Seen2023-04-13 08:50:50 Times Seen267 Hash d980391562cb88335867228eb62355e0 ee7af0c08ee43ff66f6bba09c08852f7b3859a42 313c07f6e4facc5730db27563c4aeaad1a86126333d448e47c7b29adb1f806fd Loading...

HTTP Transactions (139)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ec332b81a27117ce9c16b67a5a8e4fac
b6d2afa2c859d000ad830d3d8d73f57bac6ffce2
1dc32c78e4e850303813338fd4e9616a41c8c05d1063748a1e76a92c397a5e8f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DC32C78E4E850303813338FD4E9616A41C8C05D1063748A1E76A92C397A5E8F"
Last-Modified: Mon, 20 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16011
Expires: Tue, 21 Mar 2023 14:48:21 GMT
Date: Tue, 21 Mar 2023 10:21:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
00e304a3fc0c2f01af0e94fcefe0ca40
833969e75e5e13e823c8d97ee59a9821eb157ee3
c2b7f7ae4861f2dd16867de54c7e47d95582de77887f523841d9683a369d20a7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2B7F7AE4861F2DD16867DE54C7E47D95582DE77887F523841D9683A369D20A7"
Last-Modified: Sun, 19 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4005
Expires: Tue, 21 Mar 2023 11:28:15 GMT
Date: Tue, 21 Mar 2023 10:21:30 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
4ad6984a756720fbfff47b37a75513a2
355e35258114452af8b9638985ed9d8ef3bf0aca
43181fccb10652c68cae86e5e32b4e8f426fb5ad49d8125cb99e072cff573cf5

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 21 Mar 2023 09:27:24 GMT
content-type: application/json
age: 3246
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4e6141892ec4705c6a0134f3157b969d
4169fdea42b0fa9cb565e14b8e8fdb293575c78e
905537ef3e3a4a9030391b44bd6ac6bb5d7c9ec752b1821d683dfbf483096163

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "905537EF3E3A4A9030391B44BD6AC6BB5D7C9EC752B1821D683DFBF483096163"
Last-Modified: Sun, 19 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14124
Expires: Tue, 21 Mar 2023 14:16:54 GMT
Date: Tue, 21 Mar 2023 10:21:30 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 06CU65Sk0if9ZyF8qHyNwo9ZZ3u6iu3mOfPUKhml4bktammGi4HoCRZ003bWyrYyUa0imYmzQ8k=
x-amz-request-id: 7A84K6YV29SJNZQ0
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 21 Mar 2023 09:59:04 GMT
age: 1346
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 21 Mar 2023 10:21:31 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.dcocsp.cn/

47.246.44.228

200 OK

471 B

URL HTTP/1.1
ocsp.dcocsp.cn/
IP
47.246.44.228:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
471 B (471 bytes)
Hash
d7a91ccbe12f8cda80180fdefd4b5db6
07e6f964b83f4f0ce5a0699d3e2f6e99bd35eae9
7673c5d7fa6fe0cd37167a6def6114969a605537771a1d90944909b438b45387

HTTP Headers

POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Tue, 21 Mar 2023 10:07:40 GMT
Last-Modified: Mon, 20 Mar 2023 13:24:47 GMT
ETag: "64185e9f-1d7"
Expires: Wed, 22 Mar 2023 13:24:47 GMT
Accept-Ranges: bytes
Ali-Swift-Global-Savetime: 1679393260
Via: cache21.l2de2[0,0,304-0,H], cache15.l2de2[1,0], cache3.se1[0,0,200-0,H], cache3.se1[1,0]
Age: 831
X-Cache: HIT TCP_MEM_HIT dirn:2:364095559
X-Swift-SaveTime: Tue, 21 Mar 2023 10:16:55 GMT
X-Swift-CacheTime: 3045
Timing-Allow-Origin: *
EagleId: 2ff62c9716793940912768085e

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Retry-After, Content-Length, Alert, Cache-Control, Expires, Content-Type, Backoff, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 21 Mar 2023 10:17:22 GMT
age: 249
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/

163.171.132.220

200 OK

17 kB

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1566), with CRLF line terminators
Size
17 kB (17137 bytes)
Hash
632e1fcd722fb98d2ae95a0f4d4f8ad3
e9dd32f7c2cdd79b3da23ed69b413e68db87ccc9
858533a941c4bae666b4acb47bb685fc4ce3c2be50b023da35cf896aa61a0a37

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

GET /es/biz/ HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:31 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 17137
Connection: keep-alive
Expires: -1
Cache-Control: no-cache, no-store, max-age=0
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'none'; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-b1e69092-b008-4b02-b83f-a63b00600da4' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Content-Language: en-US
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Akamai-Transformed: 9 20629 0 pmb=mTOE,1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:07e78727-9c8d-4159-81a9-c23877e25b58; Expires=Tue, 21-Mar-2023 10:22:01 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:0|g:07e78727-9c8d-4159-81a9-c23877e25b58|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Tue, 21-Mar-2023 10:22:01 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Tue, 21-Mar-2023 10:22:01 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:491115; Expires=Tue, 21-Mar-2023 10:22:01 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:491115|e:128; Expires=Tue, 21-Mar-2023 10:22:01 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=CA1373EFAD52A4FE77E654025A9B1341; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=ES; Domain=.wellsfargo.com; Expires=Wed, 20-Mar-2024 10:21:31 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120230321032131551664133; domain=.wellsfargo.com; path=/; expires=18 Mar 2033 10:21:31 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=; path=/; Httponly; Secure
WesdAksn=A4gxsAOHAQAATc1YcwYRSi-hawzcO6xhDUI-hirJXBXh0HR9vQbbA_kbcCOpAaOrhK2cuDv8wH8AAEB3AAAAAA|1|0|63ba4449344d87e588a75a7e9aa51f5bf969e0e4; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=JQWTwRomxGa2E48+9tKz1kf8bnnH8t0zxhGR2bcIOWc%3d; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:31 GMT;Httponly; Secure
_abck=E036B03D0D975F2F94A7341EEE67B250~-1~YAAQjtAXAq6WXOaGAQAAgjKwAwn3JUlbHF4U5bj2hEyRw2uZU22zKlhljmf/WdTSmYlYI/mS4Qo2QM57Hsv5WPeVFVBhnk4fFkRUFpVEo/7TeXSf3wpxkhdNjrhqw4zayPl0PA3pC1pk2gyQEAVcmXwLarGbeSpgMnDmLtEgP2zvOFUzNZKPS3jKx7NZlc+HyLq1m/tLFn+a6Db2QplKMo1YLGriF37La8gFv3CrTa6mgNOM1uyQh3LiV7Q123cfQxaDk+dIybRCFqROy3MXZQC1a5NPyzRDiv254wFtoQiJTZUKQmi7pQkUObK/nmr1JgIQ0YksxBJ4Y4thzJd21jZp7Hh2eSGJk//r78glFINeLu07zE8e6qiGtNqzMJMPHA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 20 Mar 2024 10:21:31 GMT; Max-Age=31536000; Secure
bm_sz=1CCBBEA92A2F3C0D39311D6BDAB26C83~YAAQjtAXAq+WXOaGAQAAgjKwAxPhU3RbGdafnD4DE8EkmLpgMkYWzlwUxfBV3J6sgCBFH3CQi63uR2emU937JY12LiWpNzbbZYnZ/j2P5C0vBQUMVVByMctZSmzffrBqICUnVMUwncjtyc5IZKyYJ+eWNEEZWOeOlCOTRpUE4cQYnSNyrqDz1/42u466NoGWdlR2/Wptc2UfDw5Mbw3tdcEd/L4/s5mX10Z8ePpR+TLcYM+cGGQUfoPThRT7OpRg1ChAkdhytkmRMn+M8nFmNlXSayDKoPgVptIM9El7uQQwhcy7KD9a~3616825~3749954; Domain=.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 14:21:31 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf173:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852b_kf175_30331-47780

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4c195a3fc0c2abb831630cef1dcfa770
eda338de3063640556177b9db364c33193d7f6dc
c22eb0537cd79666b82fe61dd77fe9b0b3c059a4c65d405412acfc2c6800b444

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C22EB0537CD79666B82FE61DD77FE9B0B3C059A4C65D405412ACFC2C6800B444"
Last-Modified: Sun, 19 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9648
Expires: Tue, 21 Mar 2023 13:02:19 GMT
Date: Tue, 21 Mar 2023 10:21:31 GMT
Connection: keep-alive

www17.wellsfargomedia.com/assets/es/images/rwd/wf_logo_220x23.png

104.110.27.78

200 OK

1.7 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/es/images/rwd/wf_logo_220x23.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.7 kB (1710 bytes)
Hash
c5f6eb132665afa77e8ac7a1a707e951
70d65ab0dcfaace4c1d8bbb772af4fd7c6f66c80
0d7727e08780a04f9c86fca16ed264664eea2b161744cfb70836880bf04fc1ac

HTTP Headers

GET /assets/es/images/rwd/wf_logo_220x23.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61c392e6-10c2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 1710
content-type: image/webp
cache-control: private, no-transform, max-age=1858270
expires: Tue, 11 Apr 2023 22:32:41 GMT
date: Tue, 21 Mar 2023 10:21:31 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_gettyimages-691573493_1700x700.jpg

104.110.27.78

200 OK

25 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_gettyimages-691573493_1700x700.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x423, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
25 kB (24624 bytes)
Hash
73d5e0b0076f087b0878d8d90308b115
6af270bc7003c54dcff68b2b283c43799bc85abc
490dbbb001e913bcb03b5b1099174db6ff6ff1fe8396f2ab44e63c29899f1168

HTTP Headers

GET /assets/images/contextual/responsive/hpprimary/wfi_ph_gettyimages-691573493_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61fc441a-17f0e"
last-modified: Thu, 14 Jul 2022 02:03:05 GMT
server: Akamai Image Manager
content-length: 24624
content-type: image/webp
cache-control: private, no-transform, max-age=1893226
expires: Wed, 12 Apr 2023 08:15:17 GMT
date: Tue, 21 Mar 2023 10:21:31 GMT
X-Firefox-Spdy: h2

ocsp.digicert.com/

192.229.221.95

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
192.229.221.95:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
cfb2db5a4d398be6fa43bf001e8402b7
72e9defdc58dc2f38e2d290db3f93ade59d2bac8
58b63b8be73f9263ccc1fd11801d6cd1448d677fa7262f8bb2dbf2c5a977813f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4102
Cache-Control: max-age=163465
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 10:21:31 GMT
Etag: "641950ae-1d7"
Expires: Thu, 23 Mar 2023 07:45:56 GMT
Last-Modified: Tue, 21 Mar 2023 06:37:34 GMT
Server: ECAcc (ska/F776)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

192.229.221.95

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
192.229.221.95:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
cfb2db5a4d398be6fa43bf001e8402b7
72e9defdc58dc2f38e2d290db3f93ade59d2bac8
58b63b8be73f9263ccc1fd11801d6cd1448d677fa7262f8bb2dbf2c5a977813f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1608
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 10:21:31 GMT
Last-Modified: Tue, 21 Mar 2023 09:54:43 GMT
Server: ECAcc (ska/F7A3)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

192.229.221.95

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
192.229.221.95:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
cfb2db5a4d398be6fa43bf001e8402b7
72e9defdc58dc2f38e2d290db3f93ade59d2bac8
58b63b8be73f9263ccc1fd11801d6cd1448d677fa7262f8bb2dbf2c5a977813f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5595
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 10:21:31 GMT
Last-Modified: Tue, 21 Mar 2023 08:48:16 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 471

static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js

23.36.79.26

200 OK

901 B

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
IP
23.36.79.26:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (1952), with no line terminators
Size
901 B (901 bytes)
Hash
5dcc7c101ced74367609685d577093f6
f0d8214335e3c33b634048b992afd536f5bd3e43
10aab16ccfb5374425dc6ee64453a7fe6d7b6dfa47ab65779f42c7db740da1ef

HTTP Headers

GET /assets/js/wfui/appdynamics/appdEUMConfig.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 20 Jan 2022 02:38:25 GMT
Vary: Accept-Encoding
ETag: W/"61e8cb21-7a0"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 901
Date: Tue, 21 Mar 2023 10:21:31 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=hqXSV20ECVL1dB5mj1znew%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js

163.171.132.220

200 OK

19 kB

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
Unicode text, UTF-8 text, with very long lines (33131), with NEL line terminators
Size
19 kB (19118 bytes)
Hash
3f9cbf08987857328ddeecd5c0841c98
6529bc4031ffe8c23feef79dcead7d3790c52b02
b6b40f8adb3910e658c5f61de4b636c0dbefafc4ce761e3544a9b38fb41cc7aa

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /ui/javascript/homepage-ui/homepage_iaoffer.js HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Cookie: ADRUM_BTa=R:0|g:07e78727-9c8d-4159-81a9-c23877e25b58|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:491115|e:128; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:31 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 19118
Connection: keep-alive
Expires: Tue, 21 Mar 2023 00:53:58 GMT
Last-Modified: Fri, 24 Feb 2023 23:19:38 GMT
ETag: "63f9460a-e71d"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Age: 1
X-Via: 1.1 VM-CDG-01uY9168:5 (Cdn Cache Server V2.0), 1.1 kf175:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852b_kf175_30312-64587

static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js

23.36.79.26

200 OK

16 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
IP
23.36.79.26:0
ASN
#20940 Akamai International B.V.

File type
Unicode text, UTF-8 text, with very long lines (45298)
Size
16 kB (15731 bytes)
Hash
c5c30c6f4bfffa360cea9e4596911099
74fd08d2536e249015a63df76527663937211369
29279bc4b9c6fae6f797bec6ab1cbef61b08cfe23b27741175f546c1eaa8c9a5

HTTP Headers

GET /assets/js/wfui/container/wfui-container-bottom.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 07 Mar 2023 21:05:06 GMT
Vary: Accept-Encoding
ETag: W/"6407a702-b125"
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15731
Date: Tue, 21 Mar 2023 10:21:31 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=HW6Ndko78Ga0OCf4Fucc1w%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/assets/js/wfui/container/wfui-container-top.js

23.36.79.26

200 OK

22 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/container/wfui-container-top.js
IP
23.36.79.26:0
ASN
#20940 Akamai International B.V.

File type
Unicode text, UTF-8 text, with very long lines (62498)
Size
22 kB (21883 bytes)
Hash
72f517ad4d628e341b6508d8803023fc
04eeec53953df7a797045396bc3ec0b729196786
51ea24364c63ce967dc48245c353d37ff158afcac947a33871367761d8e67366

HTTP Headers

GET /assets/js/wfui/container/wfui-container-top.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 08 Mar 2023 21:10:13 GMT
Vary: Accept-Encoding
ETag: W/"6408f9b5-f472"
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 21883
Date: Tue, 21 Mar 2023 10:21:31 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=d7cfI%2f9SQBThFZm0h4Z3HA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/ui/css/publicsite-ui/ps-global.css

163.171.132.220

200 OK

26 kB

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/ui/css/publicsite-ui/ps-global.css
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
ASCII text, with very long lines (65536), with no line terminators
Size
26 kB (26355 bytes)
Hash
9bce7055a04948a06581491ab3d0b72c
287cdb7a09225ef1b77bf4f4a18cce13305e88aa
dc7d633a9165b360e3006a668276222a1ba7e5bf3b909a89d0b55d4aa4714252

HTTP Headers

GET /ui/css/publicsite-ui/ps-global.css HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Cookie: ADRUM_BTa=R:0|g:07e78727-9c8d-4159-81a9-c23877e25b58|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:491115|e:128; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:31 GMT
Content-Type: text/css
Content-Length: 26355
Connection: keep-alive
Expires: Tue, 21 Mar 2023 10:51:31 GMT
Last-Modified: Fri, 24 Feb 2023 23:19:46 GMT
ETag: "63f94612-32d85"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VMdgflkfFRA2wp48:1 (Cdn Cache Server V2.0), 1.1 kf173:9 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852b_kf175_30366-50

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/ui/javascript/publicsite-ui/ps-global.js

163.171.132.220

200 OK

54 kB

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/ui/javascript/publicsite-ui/ps-global.js
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
Unicode text, UTF-8 text, with very long lines (65441)
Size
54 kB (53985 bytes)
Hash
fd5ce668a550a53a843ad5cbc7edaf9c
745d04f5bd98ef9c8f8ff8ac6c0f7b4866c8ccad
f36c57f9c9ee08729e100cd21555a97b783b746ec787bdfaf0e8580da9936f78

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /ui/javascript/publicsite-ui/ps-global.js HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Cookie: ADRUM_BTa=R:0|g:07e78727-9c8d-4159-81a9-c23877e25b58|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:491115|e:128; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:31 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 53985
Connection: keep-alive
Expires: Tue, 21 Mar 2023 10:51:31 GMT
Last-Modified: Fri, 24 Feb 2023 23:19:46 GMT
ETag: W/"63f94612-2b72f"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VMdgflkfFRA2wp48:6 (Cdn Cache Server V2.0), 1.1 kf175:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852b_kf175_30501-44637

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/Yo0J8f8Rx/tSR7mQL/AA/aOwawk2mmaz7/TVIrUAROBg/ZGBO/Y3ZAYl8

163.171.132.220

200 OK

77 kB

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/Yo0J8f8Rx/tSR7mQL/AA/aOwawk2mmaz7/TVIrUAROBg/ZGBO/Y3ZAYl8
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
data
Size
77 kB (77202 bytes)
Hash
a44bb3ac4e9d940fc74bcf584b11f61f
90da08f5955f70f0e4ec4b1b996a69f0ec6226e5
bf7f0fd0af3029a948628d15cd2494338a4e40678712677be6269e042104ffaf

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /Yo0J8f8Rx/tSR7mQL/AA/aOwawk2mmaz7/TVIrUAROBg/ZGBO/Y3ZAYl8 HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Cookie: ADRUM_BTa=R:0|g:07e78727-9c8d-4159-81a9-c23877e25b58|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:491115|e:128; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:31 GMT
Content-Type: application/javascript
Content-Length: 77202
Connection: keep-alive
Stored-Attribute-Sha-Checksum: f83f52a3ef01a4360a0e01885cd652ba71d4fd946ffa69f745cc1afcfe428d60
Last-Modified: Wed, 01 Mar 2023 16:38:10 GMT
ETag: "25d60855d8ebee1f1b5f138f7ed5003d81ad4b67f05e591c270a2ce360c66069"
Content-Encoding: gzip
Cache-Control: max-age=21600
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=jMfXGOcqbEANGRkALP8bTw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=1676AFA17584A4D87E2CA77C80D5BCB3~-1~YAAQlNAXAinBleKGAQAARDOwAwlxxWngyqlprc3Mi9aGKfquKUm/BRu/zrBEtx0F4YDsqD2l3Qkl5QEvwGur+scSYa1MPl4LdyKXVT8BL6i/PZxb39z+QKygKDVrbPFPpcoB1qlKfkNxzU0KQ48Taw+ZG2oeW+WB/f6HxFAIHUy/JOLEW0WeRPktDaJRSGlVtei2OhwQEl7HetBE9oT4SAn/i6ESjhorm5LX2onfIMdHkFVpRqJRQgJ5baTAj1xKHN+ystnfedUt2FMEMJnJ/fjXTw1fFRGqnF2xVRGwsh/uC7tucuwvhPX5my2eyLnErlDQC4rGk0V3WpZxWtqYEK7+AuRDKVNqogfLEKddYEjY5MfwYkAzt00YfYSftMZO6Q==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 20 Mar 2024 10:21:31 GMT; Max-Age=31536000; Secure
bm_sz=9865B58DC302EA1E1029A9C0F6E20D81~YAAQlNAXAirBleKGAQAARDOwAxPsAWT6cbqvW+7Jm4P2AgRAEg3OnAK/zFZAugy8tsYrMnxcquK7G0/TWhBwwrhxNAzA6mxGQbmfl1SKBY4N60o+pRpNkDDsEg0GRNuxNoHXgKDEp2uiwfe8ViJ1hybVs4T33aUxIxC9gnP2AhkbdlDyJ9duQ6ETnzpMG/TdRYoh16+6PbBLw32Gqv475whBPWxd+yy7Yicjz8HrRdbTzcBpFpIOpsW1RwumnpqWEFEKvhYlr9eStMFjRVYtMz/F3oBdSf0gAXaHnOFdPsf4aiNWc148~3616825~3749954; Domain=.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 14:21:31 GMT; Max-Age=14400
X-Via: 1.1 kf175:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852b_kf175_30730-28980

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single

163.171.132.220

200 OK

4.3 kB

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
ASCII text, with very long lines (9269)
Size
4.3 kB (4284 bytes)
Hash
511cc9f3b29e455b3f830f3479d03799
d3678aa2e34ec286c95b2098a5e2db397c6e9a7e
ebe0b5bfac58ceff08f6471e7eb670c567fb3d9f32b264e0c91762e563bfb59f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /auth/login/static/js/general_alt.js?single HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Cookie: ADRUM_BTa=R:0|g:07e78727-9c8d-4159-81a9-c23877e25b58|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:491115|e:128; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:31 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 4284
Connection: keep-alive
Content-Encoding: gzip
Expires: Tue, 21 Mar 2023 10:21:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A34zsAOHAQAAgpILhzI053Vn4Tihntk_FtUOJOwWuoe4rEPpqfmFGQVEpvXqAaOrhK-cuDv8wH8AAEB3AAAAAA|1|0|770343a0fbbefa373ea999fc49205ce43937b42b; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=D0BXu%2fo+OXIHUYi5AWWO79+PldS5NocVhg9jeNjnM8A%3d; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:31 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852b_kf175_30331-47785

push.services.mozilla.com/

52.26.112.186

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.26.112.186:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 7DNtudaEXaHd9FxOGLFslQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: UlJxM8n9qaGxFPlzmYh2vdtcUE0=

www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png

104.110.27.78

200 OK

49 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 1187 x 406, 8-bit colormap, non-interlaced\012- data
Size
49 kB (48569 bytes)
Hash
4576998e5446061faba47c4c609823e0
3beff60a8beab6ef65403e7bc02f996509c737a2
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39

HTTP Headers

GET /assets/images/sprite/responsive-sprite-v7.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 48569
last-modified: Thu, 21 Jul 2022 20:05:23 GMT
etag: "62d9b183-bdb9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=12766581
expires: Wed, 16 Aug 2023 04:37:53 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2

104.110.27.78

200 OK

22 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Size
22 kB (22424 bytes)
Hash
0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc

HTTP Headers

GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=6307250
expires: Fri, 02 Jun 2023 10:22:22 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2

104.110.27.78

200 OK

23 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Size
23 kB (22600 bytes)
Hash
83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba

HTTP Headers

GET /assets/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5848"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=6307254
expires: Fri, 02 Jun 2023 10:22:26 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2

104.110.27.78

200 OK

22 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Size
22 kB (22172 bytes)
Hash
f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704

HTTP Headers

GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=6150427
expires: Wed, 31 May 2023 14:48:39 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2

104.110.27.78

200 OK

22 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107\012- data
Size
22 kB (21636 bytes)
Hash
1a2740c8df445989e4ee5f5396b6474c
a3f8545619fdd5b2a481952cd9e2c7b169bb43a6
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc

HTTP Headers

GET /assets/fonts/wellsfargosans-lt.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 21636
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5484"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=6307239
expires: Fri, 02 Jun 2023 10:22:11 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/_bm/get_params?type=get-akid

163.171.132.220

200 OK

42 B

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/_bm/get_params?type=get-akid
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
42 B (42 bytes)
Hash
e72230d561e9677bdfc4d8d927eb516e
46a65ad05d5b8112d95f1c2f63cd7ae061499213
7e2f4943c7801f46f87092339fc264628813ba6cc6513c79afd879ff9d8535b9

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /_bm/get_params?type=get-akid HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Cookie: ADRUM_BTa=R:0|g:07e78727-9c8d-4159-81a9-c23877e25b58|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:491115|e:128; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:32 GMT
Content-Type: application/json
Content-Length: 42
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=7JtGVg9bQt3aTrN0cuPS1A%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=DFAB5C425BD2200E1237B5E819ED5C3B~-1~YAAQlNAXAj7BleKGAQAAkjSwAwlPNcaJ8M1JOmyl+Ua4hY7IAZCuubShTteFo0nbTDUZU7RTFCl7c3aUfsiNV8jR31jBVmfm4MEJinKxqRI3mVj+sSbIO2CqNQXzgwm5+zOnZfgb1oWvQ2ZNSFBkACNN9VRwEQ5yoPNtJw4KExQ3j3uMdDhIkklL42BV0h57AlpapW/wvUx5z1ayj/xfZSatI1qk33i2hmt+AGxCQKZDaSzDlSZmZDmcQagOMoNhhXug+cC1+mTLV/w89e0DMXaHdePfwBRLXLUh1dS9L8FWJkAej3evkTtVTIkGFlHZpw2vB8w3j4Yb+Km1zIhQ0g7+RQJEP4PYfPY56ZlYEo7Sm3HCoqaeE1o+E5UY9T+CQw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 20 Mar 2024 10:21:32 GMT; Max-Age=31536000; Secure
bm_sz=4A045443DBBC4DE70BCBB307019FEB7F~YAAQlNAXAj/BleKGAQAAkjSwAxOCF7Cj4xGxAn7Iyyu/REbldInx9//oTttE+QlhI5b9HH5iS6B80bkjlremQOOEwLgCJziwjcjoYU6xGOkKqHBo61y/XBKCXzG2jsRWnWnaiQolo9X8tDI/7Yda+Ut/0RXPYsLPoLYbzuCQgJm0gqbhuelnUGCElG1hWAGyGHAQqBm45hbtXkEqV1ThAETst/Aejo3y/H8ppVz6zxXfUpOEKb6qRaam36yVLQIvRerCqxqJ9uJwC6ivZqRXEVPFS6PEtF43uoYpXchMf58N0i4VAapf~3224630~3224884; Domain=.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 14:21:32 GMT; Max-Age=14400
X-Via: 1.1 kf182:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852c_kf175_30331-47792

c1.wfinterface.com/tracking/hp/utag.js

23.36.79.32

200 OK

55 kB

URL HTTP/1.1
c1.wfinterface.com/tracking/hp/utag.js
IP
23.36.79.32:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (14989)
Size
55 kB (54869 bytes)
Hash
325fd5c1e9f3b04b500aa0a5214d9219
8adc6878a065c03ca375c03e509b1124e2d737db
a55e9e2d4fd5dbf0eb3a9437ce9fc2bcdd94e12693be87fcc0546aff39c4be98

HTTP Headers

GET /tracking/hp/utag.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Mon, 13 Feb 2023 21:04:14 GMT
Vary: Accept-Encoding
ETag: W/"63eaa5ce-32385"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 54869
Date: Tue, 21 Mar 2023 10:21:32 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=X8mA0eVIVJo9f2HFFBeuUA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&cb=1679394091499&event=PageLoad&pid=tcm:703-225258-64&ptid=tcm:703-223694-128&pageUrl=https%3A%2F%2Fwww.wellsfargo.com%2Fes%2Fbiz%2F&clist=702-228795-16~91-2829-32|84-224686-16~91-2049-32|703-6793-16~91-223645-32|283-192509-16~91-223645-32|283-148263-16~91-223645-32|283-38072-16~91-223645-32|84-226264-16~91-223649-32|84-233306-16~91-223645-32|84-226382-16~91-223645-32|283-226516-16~91-223647-32|283-244189-16~91-236597-32|283-226480-16~91-226306-32|283-224785-16~91-223660-32|283-235016-16~91-223671-32|283-238621-16~91-228642-32|283-226262-16~91-223669-32|283-225008-16~91-223650-32|283-247102-16~91-244420-32|283-225025-16~91-223650-32|283-225026-16~91-223650-32|283-225027-16~91-223673-32|283-226514-16~91-223668-32|283-226635-16~91-223675-32

163.171.132.220

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&cb=1679394091499&event=PageLoad&pid=tcm:703-225258-64&ptid=tcm:703-223694-128&pageUrl=https%3A%2F%2Fwww.wellsfargo.com%2Fes%2Fbiz%2F&clist=702-228795-16~91-2829-32|84-224686-16~91-2049-32|703-6793-16~91-223645-32|283-192509-16~91-223645-32|283-148263-16~91-223645-32|283-38072-16~91-223645-32|84-226264-16~91-223649-32|84-233306-16~91-223645-32|84-226382-16~91-223645-32|283-226516-16~91-223647-32|283-244189-16~91-236597-32|283-226480-16~91-226306-32|283-224785-16~91-223660-32|283-235016-16~91-223671-32|283-238621-16~91-228642-32|283-226262-16~91-223669-32|283-225008-16~91-223650-32|283-247102-16~91-244420-32|283-225025-16~91-223650-32|283-225026-16~91-223650-32|283-225027-16~91-223673-32|283-226514-16~91-223668-32|283-226635-16~91-223675-32
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /assets/images/global/s.gif?log=1&cb=1679394091499&event=PageLoad&pid=tcm:703-225258-64&ptid=tcm:703-223694-128&pageUrl=https%3A%2F%2Fwww.wellsfargo.com%2Fes%2Fbiz%2F&clist=702-228795-16~91-2829-32|84-224686-16~91-2049-32|703-6793-16~91-223645-32|283-192509-16~91-223645-32|283-148263-16~91-223645-32|283-38072-16~91-223645-32|84-226264-16~91-223649-32|84-233306-16~91-223645-32|84-226382-16~91-223645-32|283-226516-16~91-223647-32|283-244189-16~91-236597-32|283-226480-16~91-226306-32|283-224785-16~91-223660-32|283-235016-16~91-223671-32|283-238621-16~91-228642-32|283-226262-16~91-223669-32|283-225008-16~91-223650-32|283-247102-16~91-244420-32|283-225025-16~91-223650-32|283-225026-16~91-223650-32|283-225027-16~91-223673-32|283-226514-16~91-223668-32|283-226635-16~91-223675-32 HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Cookie: ADRUM_BTa=R:0|g:07e78727-9c8d-4159-81a9-c23877e25b58|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:491115|e:128; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:32 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 20 Mar 2023 10:21:32 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=4BX5IBYQrP+%2fW0r4wbzBKhuTBpIWJhe1LFY7Og+vg9gF+TmmQOjZuE99xtqquV5M; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:32 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852c_kf175_30730-28983

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/Yo0J8f8Rx/tSR7mQL/AA/aOwawk2mmaz7/TVIrUAROBg/ZGBO/Y3ZAYl8

163.171.132.220

201 Created

18 B

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/Yo0J8f8Rx/tSR7mQL/AA/aOwawk2mmaz7/TVIrUAROBg/ZGBO/Y3ZAYl8
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo
fortinet	Phishing

HTTP Headers

POST /Yo0J8f8Rx/tSR7mQL/AA/aOwawk2mmaz7/TVIrUAROBg/ZGBO/Y3ZAYl8 HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2686
Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Cookie: ADRUM_BTa=R:0|g:07e78727-9c8d-4159-81a9-c23877e25b58|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:491115|e:128; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 201 Created
Date: Tue, 21 Mar 2023 10:21:32 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=rqvlpNe1TwFiiscIqFDpVA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=rqvlpNe1TwFiiscIqFDpVA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=A07EC67019BF909461BDA1A27E880179~-1~YAAQlNAXAkfBleKGAQAAyzSwAwmOoCRWQFdJHk4w22PcuLJO6YRxKugosMwfHhMkzJCFvj15A1IWKaoHWOlfKIA4KH7yuyitiFStwtfyrkhWmOsEX6e4tKmUC+kNzE8tbnECAlR6lwxZFgbu81vjAr68Auci9p5I3NgvY8oCLLM2IjKJGfC6uh540R4ZUhpUB9tcUXHDBBHi8Jiv1g9nhdaaHinHN55Bo+kDXUpdPaWUlbfjNkTckOklr3DMblhWYD1XY5fqRRqJjFquBkNI4HxApEEaLIYmbVHGp/oQBugMaRE0Jp69oZ9AIca6XT+YXb/uZnE34MNTNtAvqsYi9V9v9WMh8VIPXdF0i7b3Z1Z6ff+p4JrOk48W+4kggopyXw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 20 Mar 2024 10:21:32 GMT; Max-Age=31536000; Secure
bm_sz=FFC0622F8DA9399209D5AE9BDB24F37C~YAAQlNAXAkjBleKGAQAAyzSwAxPbrBzu9nuLwoH13iEx5EiEXUy97Kj9//13AiDCqx5fmQtLI9tsb9kfj1z10bsszrJgihwzELSH9o7Y2xBOUT+yrG3ME/fjFs9/ULhGkYwcb+crrXKvXHonbYD/NRGYsuAwWMvODpZItX5LZy0SErTdZ+U/qxxA9S3nryUKyCpinm0BOODJR9RKRxVqfbNgwW2poMBjKGI2Q7ywar81TVNK6Hk6QFvSeyt99kK5ZNhAFf9LkVloCraHouXzvscC9mwHDPxBHN8wcPXMqOBKcYYQ2CFC~3224630~3224884; Domain=.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 14:21:32 GMT; Max-Age=14400
X-Via: 1.1 kf175:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852c_kf175_30331-47794

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/as/target/offers/conversations

163.171.132.220

200 OK

660 B

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/as/target/offers/conversations
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with very long lines (1269), with no line terminators
Size
660 B (660 bytes)
Hash
eddd800fe706806e131e873e36b03e26
1d50686f551bb6e445e6173664b5a657de2de661
279560f7692cd7497812036cba2a7fb454111f3d6a92a4851bedefc3f0be6740

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /as/target/offers/conversations HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 103
Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Cookie: ADRUM_BTa=R:0|g:07e78727-9c8d-4159-81a9-c23877e25b58|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:491115|e:128; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:32 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 660
Connection: keep-alive
Content-Security-Policy: default-src 'none'; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-0ba9aa52-c918-4a0c-a2bf-f87ea76ae7ee' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:07e78727-9c8d-4159-81a9-c23877e25b58|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:491115|e:128; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:34|g:74b7a0cf-3adb-417f-86c0-a79f562a48ae; Expires=Tue, 21-Mar-2023 10:22:02 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:34|g:74b7a0cf-3adb-417f-86c0-a79f562a48ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Tue, 21-Mar-2023 10:22:02 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Tue, 21-Mar-2023 10:22:02 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:34|i:206917; Expires=Tue, 21-Mar-2023 10:22:02 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:34|i:206917|e:31; Expires=Tue, 21-Mar-2023 10:22:02 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=FA344A988AA1614FA47075B9E914971A; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Wed, 20-Mar-2024 10:21:32 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120230321032132992104232; domain=.wellsfargo.com; path=/; expires=18 Mar 2033 10:21:32 GMT; secure=true; SameSite=Lax; HttpOnly
DCID=kuUU8Idfbs6IYAodqS9rBRdM9DGVr4OShcO4S01ROfI%3d; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:32 GMT;Httponly; Secure
_abck=97C08D343CCF397B6B73E80F0C97CF68~-1~YAAQjtAXAtWWXOaGAQAA5jSwAwlmTKJh8FYk40F4aKV05r2nUYvJ80fhVeZkboCMUP5X0z6pBydtLpzGsqwdJwxOPeRPysPQVPVlm/zlY2Ep7aWXepVZ7CUCU0DzC0b0V43MsKNgfKtoO/qFCV1evt8BZmcOG+8wN7zsmAnKyLdDTLBBJOC42FBZB11EvEpHVxw+oYhtKpcon0jd7OLAFY5gnp9NzY21qTN7hBKcZiJiPhNgdHOwmeoHkFsI5Z8SzX395WfVl3wRuNPY308fxM3bRRazfwP/oboX9Y6fkC7BpzzcSHj+s0X9HxM3QQ4U8u24/+tbd2k3Rik3MvzhzBZl873hLutYs+DYrVtzfb/3ldDwyfee+22Q0VMVyGSM0Q==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 20 Mar 2024 10:21:32 GMT; Max-Age=31536000; Secure
bm_sz=719A0BBA5BE6CC523C708E08A26E9673~YAAQjtAXAtaWXOaGAQAA5jSwAxP19PujcQvA3OqjhLIrhc5yM0PbzXWuS8BkFNclqlwN8W5xTs6XH09rFPVxqLtNhDYeTOMeoadrEZCd/Ue9lZ1oUxJI4hIjAUls8MTGg1N0x3CECb0A/HbGjA8TvjLa69KETFJQkfKIfelLh0hdKd8qLJrjwNlYgs2knLFOfFjM8b+xLZwQ4KH0EAaddMrfx1HbMQFM+lXuF2vhSIva1c8NiTF3aYx4H3s9Lx+tC1K17VC5cL0b0oiHMD7PlQFTa0CDbjQSVMH3uHVK3A2r0ORmQLGY~3224630~3224884; Domain=.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 14:21:32 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf182:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852c_kf175_30312-64594

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AAB9nAOHAQAAB9TKwf_S-ORyDhC01SQKbTXglwky89CtsxwDqqoqRKJXrSLi&X-G2Q3kxs3--z=q

163.171.132.220

200 OK

149 kB

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AAB9nAOHAQAAB9TKwf_S-ORyDhC01SQKbTXglwky89CtsxwDqqoqRKJXrSLi&X-G2Q3kxs3--z=q
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
ASCII text, with very long lines (65536), with no line terminators
Size
149 kB (148875 bytes)
Hash
ee4a4e5a359d8501052bff14ed3d6922
88b0721b7a8a089065714174037d24cfc8234b00
deda10425a4ef4ed5978acaed81e4e7204603dc95007dfe3123f2d79ee05fea4

HTTP Headers

GET /auth/login/static/js/general_alt.js?async&seed=AAB9nAOHAQAAB9TKwf_S-ORyDhC01SQKbTXglwky89CtsxwDqqoqRKJXrSLi&X-G2Q3kxs3--z=q HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Cookie: ADRUM_BTa=R:0|g:07e78727-9c8d-4159-81a9-c23877e25b58|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:491115|e:128; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:32 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Tue, 21 Mar 2023 10:21:32 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A0E0sAOHAQAAR_c1c6XRt5whj0RyaYOMs8ijsg44Dje9RhhF9mdYkFbYSY-hAaOrhK-cuDv8wH8AAEB3AAAAAA|1|0|2b10dfc3a8e043b0d82dffceeb552ea587479f45; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=hQ3s58+uK9QrrbaFhMtDQgtcEv11uBsnrZc1v6g4bdBm8zgRy7wSKpMPnM7bXbrk; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:32 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852c_kf175_30501-44639

www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico

104.110.27.78

200 OK

9.2 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
9.2 kB (9198 bytes)
Hash
cd112f1acb59ef6e59e09c0effd8ce2a
bc104cd92adc32a8f695300d2b0cc69c2776f6af
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c

HTTP Headers

GET /assets/images/icons/ico/favicon.ico HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/x-icon
content-length: 9198
last-modified: Fri, 17 Dec 2021 21:10:38 GMT
etag: "61bcfcce-23ee"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=26829
expires: Tue, 21 Mar 2023 17:48:41 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png

104.110.27.78

200 OK

1.0 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
ISO Media, AVIF Image\012- data
Size
1.0 kB (1012 bytes)
Hash
4febe8c61db195a61e1bf6366a2dba1e
6b66fc1349bd2d08b0d9046a2f0c33d1b2925534
964596930b998b90463258b346ce36d991a0f28e7054770a1decfff35a9cda0c

HTTP Headers

GET /assets/images/icons/icon-hires_192x192.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6116f9a6-dcf"
last-modified: Tue, 17 Jan 2023 06:26:40 GMT
server: Akamai Image Manager
content-length: 1012
content-type: image/avif
cache-control: private, no-transform, max-age=1803532
expires: Tue, 11 Apr 2023 07:20:24 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
X-Firefox-Spdy: h2

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js

163.171.132.220

200 OK

308 kB

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
ASCII text, with very long lines (65357)
Size
308 kB (308145 bytes)
Hash
09692edc541783c3d9e1fffdd645c70e
a0dc9751050cc567a7f7f7732116e16a1117989f
1fded794298268e8997cff93efa597bb60d71528d3e8ca4af840a7dd38a64e11

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /auth/login/static/js/general_alt.js?1js HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Cookie: ADRUM_BTa=R:0|g:07e78727-9c8d-4159-81a9-c23877e25b58|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:491115|e:128; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:32 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Tue, 21 Mar 2023 10:21:32 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: DCID=Qu3rkykt4VYM046OnUAAZ1okEFP2ZXjog6gJnH4yC%2ffY+VXEYGGZuIpXFx0c7nNm; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:32 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852c_kf175_30366-51

www17.wellsfargomedia.com/assets/images/rwd/icons/marketing_belt_icons/icn_marketing_belt_checking_64x64.png

104.110.27.78

200 OK

1.0 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/icons/marketing_belt_icons/icn_marketing_belt_checking_64x64.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
ISO Media, AVIF Image\012- data
Size
1.0 kB (1041 bytes)
Hash
687712193c942b67bb57377576a56d0f
86148c04aba6a18960ab985d7a90e11c17dc3b36
59bd7dd508d7560483b79bfd3db688a487c70620d5d8994d646695c837cbf6a7

HTTP Headers

GET /assets/images/rwd/icons/marketing_belt_icons/icn_marketing_belt_checking_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63cb7c48-957"
last-modified: Mon, 13 Feb 2023 08:26:35 GMT
server: Akamai Image Manager
content-length: 1041
content-type: image/avif
cache-control: private, no-transform, max-age=1807734
expires: Tue, 11 Apr 2023 08:30:26 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/cyber_1700x700.jpg

104.110.27.78

200 OK

22 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/cyber_1700x700.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x423, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
22 kB (21760 bytes)
Hash
cadf7def5368f8ab7907884394fe8f97
3bb30552e9ea05489085603c20f8bf41c0dfc6b5
4d875bd85c1eec04e7ce696786fb41228cb81be3dcec951f8870b59662fc0ef5

HTTP Headers

GET /assets/images/contextual/responsive/hpprimary/cyber_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "633de465-15094"
last-modified: Thu, 06 Oct 2022 14:36:47 GMT
server: Akamai Image Manager
content-length: 21760
content-type: image/webp
cache-control: private, no-transform, max-age=2164029
expires: Sat, 15 Apr 2023 11:28:41 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png

104.110.27.78

200 OK

2.3 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.3 kB (2330 bytes)
Hash
cd43a2d200f1b8eec84495408eb299f0
2eb173b0af9b49b634e0645a96931f5fdf6e3ab3
659ec8c02bafa9c286c39731fb1d2d382a7a8dd2ee8cc4132146558dbe27b6a8

HTTP Headers

GET /assets/images/homepage/position-1-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61619278-9f2c"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 858
x-check-cacheable: YES
content-length: 2330
content-type: image/webp
cache-control: private, no-transform, max-age=1803553
expires: Tue, 11 Apr 2023 07:20:45 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png

104.110.27.78

200 OK

2.3 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.3 kB (2340 bytes)
Hash
2f9e97870725142046712437d067b97f
bf8db685193835edea05ac95e5671b24e0f49467
50ce7b0d954443e5fd62e3cd003bc7124bda0b30dd58d6a66485c72be96959c0

HTTP Headers

GET /assets/images/homepage/position-2-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61619278-cf3e"
last-modified: Thu, 14 Jul 2022 02:02:39 GMT
server: Akamai Image Manager
content-length: 2340
content-type: image/webp
cache-control: private, no-transform, max-age=1720566
expires: Mon, 10 Apr 2023 08:17:38 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png

104.110.27.78

200 OK

2.1 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.1 kB (2092 bytes)
Hash
bf02d082705f06162b2e73f68602e79e
219dbb45081fa5d8663bad2f96e9066e7f17aa6e
10c22e3b130204065c1a61e7995a9defe21f0408801e8b442035a03f8d16ad64

HTTP Headers

GET /assets/images/homepage/position-3-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61619278-7b35"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
x-serial: 416
x-check-cacheable: YES
content-length: 2092
content-type: image/webp
cache-control: private, no-transform, max-age=1804139
expires: Tue, 11 Apr 2023 07:30:31 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/homepage/position-4-bg-gradient.png

104.110.27.78

200 OK

2.6 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/homepage/position-4-bg-gradient.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.6 kB (2594 bytes)
Hash
1626a2f9535a10e8d076cab3de0df78f
4c2c4d82a3d4b49457a8a17a345c07c9617202fd
3fbf3b0d590832220370ac5dd608fa737315363f163967c6671d228bd3161084

HTTP Headers

GET /assets/images/homepage/position-4-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61619278-ea13"
last-modified: Thu, 14 Jul 2022 02:02:46 GMT
server: Akamai Image Manager
x-serial: 1250
x-check-cacheable: YES
content-length: 2594
content-type: image/webp
cache-control: private, no-transform, max-age=1903295
expires: Wed, 12 Apr 2023 11:03:07 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/photography/product/small-business/card/fatnav/cc-business-platinum_79x49.png

104.110.27.78

200 OK

1.4 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/photography/product/small-business/card/fatnav/cc-business-platinum_79x49.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.4 kB (1436 bytes)
Hash
0880265bd118920fd1ca18eabb29c528
49602ee1485b1f4055635d42c568546e13aa8c90
37dd0a3404af3c62777281c147d144378dd6809620e531e58a17423abc057c38

HTTP Headers

GET /assets/images/rwd/photography/product/small-business/card/fatnav/cc-business-platinum_79x49.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6335f9d5-1a8f"
last-modified: Mon, 03 Oct 2022 02:02:07 GMT
server: Akamai Image Manager
x-serial: 1888
x-check-cacheable: YES
content-length: 1436
content-type: image/webp
cache-control: private, no-transform, max-age=1573474
expires: Sat, 08 Apr 2023 15:26:06 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/photography/product/small-business/card/fatnav/cc-business-elite_79x49.png

104.110.27.78

200 OK

1.4 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/photography/product/small-business/card/fatnav/cc-business-elite_79x49.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.4 kB (1350 bytes)
Hash
cc3d77556283919af04e0641e3e37250
1e96a649e7cb434597082cc204b050127e36e8f8
21c8d2fc781f13fb45ae4208b353c983d49d41c3505e94e29b5c1d5c31e19c68

HTTP Headers

GET /assets/images/rwd/photography/product/small-business/card/fatnav/cc-business-elite_79x49.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6335f9d8-1bfd"
last-modified: Sun, 18 Dec 2022 17:40:21 GMT
server: Akamai Image Manager
x-serial: 1005
x-check-cacheable: YES
content-length: 1350
content-type: image/webp
cache-control: private, no-transform, max-age=1552901
expires: Sat, 08 Apr 2023 09:43:13 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/icons/marketing_belt_icons/icn-marketing-belt-cash-hand_64x64.png

104.110.27.78

200 OK

2.5 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/icons/marketing_belt_icons/icn-marketing-belt-cash-hand_64x64.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.5 kB (2520 bytes)
Hash
01695377e69f7063e1550746495c81f5
609ec8ee8dd28f128f0477b6147817750c9b341e
5c9d48467771247548445209a10047ced732d2da276c072f4c6c5a483405c944

HTTP Headers

GET /assets/images/rwd/icons/marketing_belt_icons/icn-marketing-belt-cash-hand_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61c275a2-103b"
last-modified: Thu, 14 Jul 2022 02:03:01 GMT
server: Akamai Image Manager
content-length: 2520
content-type: image/webp
cache-control: private, no-transform, max-age=1957762
expires: Thu, 13 Apr 2023 02:10:54 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/icons/marketing_belt_icons/icn_marekting_belt_credit_card_64x64.png

104.110.27.78

200 OK

1.2 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/icons/marketing_belt_icons/icn_marekting_belt_credit_card_64x64.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
ISO Media, AVIF Image\012- data
Size
1.2 kB (1180 bytes)
Hash
ec1901a970b1a0bf53f4361e73192bc4
9d33d520684c05c664704817b742627079407596
218645e7ef67b0cfa48151695051ac42fec1edfd3493aa91ba477cb2d09ef691

HTTP Headers

GET /assets/images/rwd/icons/marketing_belt_icons/icn_marekting_belt_credit_card_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63cb7c48-9d0"
last-modified: Tue, 14 Feb 2023 16:34:52 GMT
server: Akamai Image Manager
x-serial: 1366
x-check-cacheable: YES
content-length: 1180
content-type: image/avif
cache-control: private, no-transform, max-age=1893246
expires: Wed, 12 Apr 2023 08:15:38 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/icons/marketing_belt_icons/icn_marketing_belt_touchless_64x64.png

104.110.27.78

200 OK

1.9 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/icons/marketing_belt_icons/icn_marketing_belt_touchless_64x64.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.9 kB (1930 bytes)
Hash
2fd7f8c24576c73072097bf2e6259185
0fbda4c7e3b800aec15fea0539ad703ae61d6046
144529be2df1a6a4bbcbd82b300cd99b256fea8a768d3488f8080f4c0a908260

HTTP Headers

GET /assets/images/rwd/icons/marketing_belt_icons/icn_marketing_belt_touchless_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61c275a2-bde"
last-modified: Thu, 14 Jul 2022 02:03:01 GMT
server: Akamai Image Manager
content-length: 1930
content-type: image/webp
cache-control: private, no-transform, max-age=1522774
expires: Sat, 08 Apr 2023 01:21:06 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/matchmaker_woman_1600x700.jpg

104.110.27.78

200 OK

35 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/matchmaker_woman_1600x700.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x502, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
35 kB (34606 bytes)
Hash
539b8a50b31186a56fc5f1ab1297ea78
575c94d22bac962bf0417f00c9539f28ad6296f0
bdb5cb84e084b4f210b9d4d961ed3c47d650e48d5010d6eeeba0a06338ca5988

HTTP Headers

GET /assets/images/contextual/responsive/lpromo/matchmaker_woman_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61c4837f-1857e"
last-modified: Thu, 14 Jul 2022 02:03:06 GMT
server: Akamai Image Manager
x-serial: 322
x-check-cacheable: YES
content-length: 34606
content-type: image/webp
cache-control: private, no-transform, max-age=1893281
expires: Wed, 12 Apr 2023 08:16:13 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/man_tablet_flower_shop_616x353.jpg

104.110.27.78

200 OK

33 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/man_tablet_flower_shop_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
33 kB (33186 bytes)
Hash
65a51929096fa18d4bb06f2a29891a75
d34df0eb676d584af89dfc2b6e022b4910b90cc0
d67a289220cf94e6d81eefe14a1a911aeeff5010229d78c409fe55761f2d8108

HTTP Headers

GET /assets/images/rwd/photography/616x353/man_tablet_flower_shop_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "62a189aa-d24b"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 33186
content-type: image/webp
cache-control: private, no-transform, max-age=1825909
expires: Tue, 11 Apr 2023 13:33:21 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/2_woman_cafe_folder_616x353.jpg

104.110.27.78

200 OK

55 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/2_woman_cafe_folder_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
55 kB (54586 bytes)
Hash
a974c3d7e7eec33c0b3a6a51bc5dda5b
e3c5e2e739d51f334183573016c9e00de421bed5
ca43102cb524defb85fcf58b1236f271a8c02303e3e4e1df6351273867576cce

HTTP Headers

GET /assets/images/rwd/photography/616x353/2_woman_cafe_folder_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "62a189aa-11d15"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 54586
content-type: image/webp
cache-control: private, no-transform, max-age=1877910
expires: Wed, 12 Apr 2023 04:00:02 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/food_truck_card_insert_616x353.jpg

104.110.27.78

200 OK

26 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/food_truck_card_insert_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
26 kB (25792 bytes)
Hash
e004488f9fb67721f39390f524ad5c78
24a7cf417462d429cc72dc5ea55873c4cdeef796
1b422aeb872e1f5c9a0c4ea9db41f1022d6c38a83d7e5e806d1ca6741ab3be6a

HTTP Headers

GET /assets/images/rwd/photography/616x353/food_truck_card_insert_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "62a189a9-b2b6"
last-modified: Thu, 14 Jul 2022 02:02:38 GMT
server: Akamai Image Manager
content-length: 25792
content-type: image/webp
cache-control: private, no-transform, max-age=1854884
expires: Tue, 11 Apr 2023 21:36:16 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/Navtive_App_Phone_Personal.png

104.110.27.78

200 OK

9.3 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/Navtive_App_Phone_Personal.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
ISO Media, AVIF Image\012- data
Size
9.3 kB (9310 bytes)
Hash
410e804d3d953d170d9becc3937c87bd
6ecdc6f3be242d26d1d8994f5897178606b42e51
19dc1d60456ad2d1ea9bac9a8133b71796d0eb8e233b4ac97231f89e924a7c97

HTTP Headers

GET /assets/images/rwd/Navtive_App_Phone_Personal.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6350580b-41c5b"
last-modified: Sun, 12 Mar 2023 16:31:14 GMT
server: Akamai Image Manager
x-serial: 1234
x-check-cacheable: YES
content-length: 9310
content-type: image/avif
cache-control: private, no-transform, max-age=1836585
expires: Tue, 11 Apr 2023 16:31:17 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/woman_kitchen_tablet_616x353.jpg

104.110.27.78

200 OK

26 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/woman_kitchen_tablet_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
26 kB (25762 bytes)
Hash
ce943ec0868d0b5769548025730ebb06
31d26f01d9a1e62d683b1165bec3d6e5b5310093
be1ec3a15be24dbd2904218e9def59d04b54bdca02738ee718a55823572f179a

HTTP Headers

GET /assets/images/rwd/photography/616x353/woman_kitchen_tablet_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "62a189a8-c00f"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 25762
content-type: image/webp
cache-control: private, no-transform, max-age=1893295
expires: Wed, 12 Apr 2023 08:16:27 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/man_computer_paper_shop_616x353.jpg

104.110.27.78

200 OK

33 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/man_computer_paper_shop_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 616x353, components 3\012- data
Size
33 kB (32871 bytes)
Hash
816d65c2758ff533fa6e21801daeb1e6
08e4d8044b39ddbef43651cb29b371c450e651c1
72137441f0a479553ec1c095ac9f20ae25a6a1a631f910415ea2e18eb367f2bd

HTTP Headers

GET /assets/images/rwd/photography/616x353/man_computer_paper_shop_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "62a189aa-a3e7"
last-modified: Thu, 14 Jul 2022 02:02:38 GMT
server: Akamai Image Manager
x-serial: 510
x-check-cacheable: YES
content-length: 32871
content-type: image/jpeg
cache-control: private, no-transform, max-age=1564562
expires: Sat, 08 Apr 2023 12:57:34 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/man_woman_shoes_616x353.jpg

104.110.27.78

200 OK

25 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/man_woman_shoes_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
25 kB (25094 bytes)
Hash
11d5c849b66051138628a9cbe63132fd
7b30e03cf2ba108867c248ecdc8207bd6a4bb80c
ba5375591bbba655a050fea8fb3c9dfa7561d09a102c7b4a987999cc7b4ddb0d

HTTP Headers

GET /assets/images/rwd/photography/616x353/man_woman_shoes_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "62a189a9-d12c"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 25094
content-type: image/webp
cache-control: private, no-transform, max-age=1807986
expires: Tue, 11 Apr 2023 08:34:38 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/woman_computer_writing_mugs_616x353.jpg

104.110.27.78

200 OK

34 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/photography/616x353/woman_computer_writing_mugs_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
34 kB (33632 bytes)
Hash
58ede609c8abd3ba38aa9d0e8de3298e
b2236e0ac30a78ef74c1db03a331f2cdc78dbf34
8e7880330ef42f2dd950fea1001a6124574a5a03afc384b88a2b744b9875fbb5

HTTP Headers

GET /assets/images/rwd/photography/616x353/woman_computer_writing_mugs_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "62a189a8-e4dd"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 33632
content-type: image/webp
cache-control: private, no-transform, max-age=1796227
expires: Tue, 11 Apr 2023 05:18:39 GMT
date: Tue, 21 Mar 2023 10:21:32 GMT
X-Firefox-Spdy: h2

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/Yo0J8f8Rx/tSR7mQL/AA/aOwawk2mmaz7/TVIrUAROBg/ZGBO/Y3ZAYl8

163.171.132.220

201 Created

18 B

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/Yo0J8f8Rx/tSR7mQL/AA/aOwawk2mmaz7/TVIrUAROBg/ZGBO/Y3ZAYl8
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo
fortinet	Phishing

HTTP Headers

POST /Yo0J8f8Rx/tSR7mQL/AA/aOwawk2mmaz7/TVIrUAROBg/ZGBO/Y3ZAYl8 HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3044
Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Cookie: SameSite=None; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=; utag_main=v_id:018703b03f97001149cbcf9448e800050003e00900918$_sn:1$_se:1$_ss:1$_st:1679395894999$ses_id:1679394094999%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:34|g:74b7a0cf-3adb-417f-86c0-a79f562a48ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:34|i:206917|e:31
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 201 Created
Date: Tue, 21 Mar 2023 10:21:32 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=xgtdSyFOhiy2cCoEQWKwAw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=xgtdSyFOhiy2cCoEQWKwAw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=41EE1281E050401A66C2483882EEC876~-1~YAAQlNAXAoLBleKGAQAAjDewAwm3NYOub9HjwWZZDhwwbvY58QYpVYkcorSa0mCnzUnFwS/A33VNJktv1aXgc4qxvfKRlChpTylZn0saLqjkl2IZHUNqrpzYxZylkRdhTlbgQ8SADsWuMp102i0BavKK4Y6rBUGDogQvOVreBbhGciV4/a52SYd3CpX4dlchQww4981yCIAQ3ps+nyTc5cQixY0u33+zxHWKj2kRDU7/FnUl9s297Z1/zKGF+j/q3O/auSogmAxTs++V/OlbmKe6aNPk9xnbmBFBYCIk+Ss4LbpyjjeMK//KtzCBXt3Qg6I5UPC9kkaGkmrXRwuVHVa32gh9z6SVoqmVQvszCb/F5EeBFf2rPTvbP9g2Uf7b1A==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 20 Mar 2024 10:21:32 GMT; Max-Age=31536000; Secure
bm_sz=FD0644CFDEB115A5AA026B09AAEC3629~YAAQlNAXAoPBleKGAQAAjDewAxPjb5sgmiv0N+ippdkxAdcgWeDsvrc8+QwzVTyzcp4rIZVLxczGwWm3liAnxi2YgoyZyIqTJEtqk6YKg3/pG+KqPilUBs9Bss3bNvYjhLcbotHvphIXgSKfwKl4KbAbiMllzItUvoijmS1PYCY2LoNfDTlbiKlMuWj5gCVU2ZS8t8BGRbAuR2kyKkKIA1omouivR7uTyoLEaZO2TB2UGdzptYHUFKmMxMARyR2xnYdH7epVo3W7RHeZO5k4+t5+O2a6TqtDG/k6nLJ50JieHceQGUzq~3224630~3224884; Domain=.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 14:21:32 GMT; Max-Age=14400
X-Via: 1.1 kf175:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852c_kf175_30366-127

c1.wfinterface.com/tracking/gb/detector-dom.min.js

23.36.79.32

200 OK

132 kB

URL HTTP/1.1
c1.wfinterface.com/tracking/gb/detector-dom.min.js
IP
23.36.79.32:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65434)
Size
132 kB (131829 bytes)
Hash
73ad7a8f8ccda765b898b038f90d8274
756ac35ad2422d93a0b327dfeff7fe9200695883
60ccc38cf175aba7cbe63bf1ec6319b5c1648d9a52014dfefa6ec718476a17b7

HTTP Headers

GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:03:51 GMT
Vary: Accept-Encoding
ETag: W/"632cbfa7-6b8d3"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 131829
Date: Tue, 21 Mar 2023 10:21:33 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=2Yjj6BHI7bE85K1mrq8CLw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1

23.36.79.32

200 OK

45 kB

URL HTTP/1.1
c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
IP
23.36.79.32:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65507), with CRLF line terminators
Size
45 kB (45055 bytes)
Hash
02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4

HTTP Headers

GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Tue, 21 Mar 2023 10:21:33 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=18mqPsmEeEUPA5ZzpkkQMA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
de95776582936b8e129e876cf6d80fa8
0233251e1cf0123f1260d980d7c8ef92718723f9
49c07da2ab4ebd66bd166bf0e20dd084b38973cd40c79f85eb283d15a1ccac36

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "49C07DA2AB4EBD66BD166BF0E20DD084B38973CD40C79F85EB283D15A1CCAC36"
Last-Modified: Sun, 19 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16416
Expires: Tue, 21 Mar 2023 14:55:09 GMT
Date: Tue, 21 Mar 2023 10:21:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
de95776582936b8e129e876cf6d80fa8
0233251e1cf0123f1260d980d7c8ef92718723f9
49c07da2ab4ebd66bd166bf0e20dd084b38973cd40c79f85eb283d15a1ccac36

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "49C07DA2AB4EBD66BD166BF0E20DD084B38973CD40C79F85EB283D15A1CCAC36"
Last-Modified: Sun, 19 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16416
Expires: Tue, 21 Mar 2023 14:55:09 GMT
Date: Tue, 21 Mar 2023 10:21:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
de95776582936b8e129e876cf6d80fa8
0233251e1cf0123f1260d980d7c8ef92718723f9
49c07da2ab4ebd66bd166bf0e20dd084b38973cd40c79f85eb283d15a1ccac36

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "49C07DA2AB4EBD66BD166BF0E20DD084B38973CD40C79F85EB283D15A1CCAC36"
Last-Modified: Sun, 19 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16416
Expires: Tue, 21 Mar 2023 14:55:09 GMT
Date: Tue, 21 Mar 2023 10:21:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
de95776582936b8e129e876cf6d80fa8
0233251e1cf0123f1260d980d7c8ef92718723f9
49c07da2ab4ebd66bd166bf0e20dd084b38973cd40c79f85eb283d15a1ccac36

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "49C07DA2AB4EBD66BD166BF0E20DD084B38973CD40C79F85EB283D15A1CCAC36"
Last-Modified: Sun, 19 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16416
Expires: Tue, 21 Mar 2023 14:55:09 GMT
Date: Tue, 21 Mar 2023 10:21:33 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3db1704b-1ecd-4198-a98e-0353d4671a5c.jpeg

34.120.237.76

200 OK

8.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3db1704b-1ecd-4198-a98e-0353d4671a5c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.2 kB (8195 bytes)
Hash
2a940b362660fdee25faaa51e08c439b
85fa91b5c4e6ddc1f3cf45eb6a4a3facfc6ad68c
18b99e3e890fdc959421c895ce343b8b3ed88819c83fa0009823e8ded23458f1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3db1704b-1ecd-4198-a98e-0353d4671a5c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8195
x-amzn-requestid: c6844a50-a6b2-4ef4-ad28-f1a0fbcec14f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CDFESEDGoAMFQ8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6417821b-22fa560d4b7811c233fe07fa;Sampled=0
x-amzn-remapped-date: Sun, 19 Mar 2023 21:43:55 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: WZ5MqPZ-MEjDt3N53EIx1XrerDmUkyvK-5FUXAmI29GXlGe6AaPqEg==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 219e8f088c8c2a564bdacafe44be620a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 20 Mar 2023 22:23:21 GMT
age: 43092
etag: "85fa91b5c4e6ddc1f3cf45eb6a4a3facfc6ad68c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c02b9c1-0ea5-472c-95e9-5fcd5cf9d11d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7714 bytes)
Hash
08f2d83ce4f0d9158f2414065924955d
76d9b0d87b9ad6f6b5ec225d46eb04154cf113c5
9d11c0726d38515d1f847423ccccbb7b06b14c65e6776741d30d5f4b5bd9cc39

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c02b9c1-0ea5-472c-95e9-5fcd5cf9d11d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7714
x-amzn-requestid: 3c48be36-11d4-4e6d-a376-b73f5836ccaa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CDDUuEcXIAMFbUg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64177f51-15606b16594e67e74234c992;Sampled=0
x-amzn-remapped-date: Sun, 19 Mar 2023 21:32:01 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: na9KhnB7kMtkOdmNAGhNQWnuxxpoJf8sONM9JLoDpmgrbRIKeLDY4Q==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 446e26a256db1310ae719d818e420898.cloudfront.net (CloudFront), 1.1 google
date: Mon, 20 Mar 2023 21:55:43 GMT
age: 44750
etag: "76d9b0d87b9ad6f6b5ec225d46eb04154cf113c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F074a4e20-c43f-4c99-8ce9-d5a9c6cec458.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6861 bytes)
Hash
fd780a25511e0b884ca63b9f101e3043
5c9847347c321e27c861c3db5c07f8f447961220
58e76646f3c0867de8dd47ba2f6e3f934c9de33e950d5eeda25febf2638079c8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F074a4e20-c43f-4c99-8ce9-d5a9c6cec458.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6861
x-amzn-requestid: a01ef211-7414-4bef-adb4-9778e34747c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CDEG0G6NIAMFUpg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64178091-173e51f01625d8ff270b2d0a;Sampled=0
x-amzn-remapped-date: Sun, 19 Mar 2023 21:37:21 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: LJGtNGbGrWsQ0gSCCrnuTNdf1HkMee0xOh2HlU2UTkgpMHaO3WsjXw==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 31dfa94142c6eaf975b0e5454c00340a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 20 Mar 2023 21:39:33 GMT
age: 45720
etag: "5c9847347c321e27c861c3db5c07f8f447961220"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59eb1d88-9afd-445f-bf6b-f7edc71a4aff.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9492 bytes)
Hash
20e0cf109126f01b80e30c2d40549641
db5eb3144ed0ac478abdf10d270f43d9cc391bc8
7f6eed19068600b6276764a56214b719bf5ed441515dec178cb692f401d1fc46

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59eb1d88-9afd-445f-bf6b-f7edc71a4aff.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9492
x-amzn-requestid: 812019e6-0484-471d-ba54-235f77118772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CFAazGLQIAMFc_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64184778-7f71615e4ddf5c5c4defb735;Sampled=0
x-amzn-remapped-date: Mon, 20 Mar 2023 11:46:00 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 6MwWC8zXbVjlYGnG5KGPGVH442GyWuJGnRzKUAyZD2f9AY4dX_SfDQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 cca7d60248a961ff8fc8c5640024b652.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Mar 2023 07:13:59 GMT
age: 11254
etag: "db5eb3144ed0ac478abdf10d270f43d9cc391bc8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde16c1fb-8973-46d5-a440-8527888510e4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.1 kB (5093 bytes)
Hash
7e281be899d3a89992cd1c8493e37f77
5a5d5c6a29abd635879671dbf7607df1baa17d56
70232e33aff51589e751c478c326a4e82473c4d53f049b8b551f9dd1ba11e4ab

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde16c1fb-8973-46d5-a440-8527888510e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5093
x-amzn-requestid: 09c682a3-b2d0-4eb8-ae9a-96ddb8716077
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B9mzZFI5IAMFYiw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641551af-3651fc21214db65e70caa0cf;Sampled=0
x-amzn-remapped-date: Sat, 18 Mar 2023 05:52:47 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: ZxN1WqHdI-sRwDsLZToBBzNg0QNsngEjkRSLm3FB4hZ5bM1ag8UTLA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 a3b5bb90516201e5ddd137696b7b0f50.cloudfront.net (CloudFront), 1.1 google
date: Mon, 20 Mar 2023 22:36:23 GMT
age: 42310
etag: "5a5d5c6a29abd635879671dbf7607df1baa17d56"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2ad5022-7f23-468e-8e1f-6388d8cc9db8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.5 kB (6511 bytes)
Hash
4e5f234aedfabd736b50fef3017380f9
71672a6c3523d9999522e005091863d07ea0e94a
3314df7a93e317d509aeffc1cde69ec450ddad116a27dc197db1abce966da344

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2ad5022-7f23-468e-8e1f-6388d8cc9db8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6511
x-amzn-requestid: 82d12180-bdcb-4ce0-8588-4239ee27f236
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CGWI_E_eoAMF3sA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6418d09f-2f5df7cd5f6cee4762703d29;Sampled=0
x-amzn-remapped-date: Mon, 20 Mar 2023 21:31:11 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: yQgmYjA3RIk8IVzzOoHdYl60H1BO_IeCF_7d7AmTqjuIOxQIS2dyDw==
via: 1.1 0a2ce08fa1ec3c33302a7547d3305978.cloudfront.net (CloudFront), 1.1 1d0860167e2100a6d1cd9c0213c2b8e8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 20 Mar 2023 22:08:29 GMT
etag: "71672a6c3523d9999522e005091863d07ea0e94a"
content-type: image/jpeg
age: 43984
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

192.229.221.95

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
192.229.221.95:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
8985a972c00f9f53b82336f5eba2a27d
a3b08130ee04b846718f40c6fe5222cc38a84c92
e687a038ca84c19c9346b0c5a66d17453d343b11265843739939c08d136027fd

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5036
Cache-Control: max-age=158972
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 10:21:33 GMT
Etag: "64193b7d-1d7"
Expires: Thu, 23 Mar 2023 06:31:05 GMT
Last-Modified: Tue, 21 Mar 2023 05:07:09 GMT
Server: ECAcc (ska/F757)
X-Cache: HIT
Content-Length: 471

static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js

23.36.79.26

200 OK

14 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP
23.36.79.26:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (32088), with CRLF line terminators
Size
14 kB (14304 bytes)
Hash
3aebe41731e9656c48b87e8e8b2d1177
43369d1732f4ad8a5e7a1e9a3e133d96945afe02
6cf0cd136cefa8b4cce2da6ead22c33b83af4af3e87d7e4e9589b60f6ce4e395

HTTP Headers

GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 14304
Date: Tue, 21 Mar 2023 10:21:33 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=9CK5aycnz42xcx613xOPVA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1

23.36.79.32

200 OK

45 kB

URL HTTP/1.1
c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
IP
23.36.79.32:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65507), with CRLF line terminators
Size
45 kB (45055 bytes)
Hash
02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4

HTTP Headers

GET /tracking/ga/gtag.js?t=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Tue, 21 Mar 2023 10:21:33 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=3Tb8kN149D%2fEMrShmbFijA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1679394095761

34.241.198.189

200 OK

319 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1679394095761
IP
34.241.198.189:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Size
319 B (319 bytes)
Hash
a3d3073524618b963238c5848b1a26dc
2787a5926beccb2812b7ae63df1acd6d476551b8
1b3c23d625921c958399f3a768182467eb2c3719e3b085c01a6892388b5c5f9b

HTTP Headers

GET /id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1679394095761 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v046-02a7d0da5.edge-irl1.demdex.com 1 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=03694797967889046144497491638875735166; Max-Age=15552000; Expires=Sun, 17 Sep 2023 10:21:33 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: jcTubk3uQeY=
Content-Length: 319
Connection: keep-alive

c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153

23.36.79.32

200 OK

45 kB

URL HTTP/1.1
c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
IP
23.36.79.32:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65507), with CRLF line terminators
Size
45 kB (45055 bytes)
Hash
02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4

HTTP Headers

GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Tue, 21 Mar 2023 10:21:33 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=bkKFv0FIPj2ZNgqK+sPc4g%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569

23.36.79.32

200 OK

45 kB

URL HTTP/1.1
c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
IP
23.36.79.32:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65507), with CRLF line terminators
Size
45 kB (45055 bytes)
Hash
02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4

HTTP Headers

GET /tracking/ga/gtag.js?t=AW-984436569 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Tue, 21 Mar 2023 10:21:33 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=lEz5Cx6PKMnurkXhSG5zYg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
aa0b02047e2d86281b8c23f18f0a997c
3eb38073a6d5150c27a96b705ce0210cd7e77620
62f454fe15e193a4be1c774f8e08c19fa46a160a905a7e1ebee6b1aacc6c05bf

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:33 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 19 Mar 2023 20:38:02 GMT
Expires: Sun, 26 Mar 2023 20:38:01 GMT
Etag: "3eb38073a6d5150c27a96b705ce0210cd7e77620"
Cache-Control: max-age=468387,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ab577fa3886b500-OSL

api.rlcdn.com/api/identity/idl?pid=1317

34.120.133.55

451 Unavailable For Legal Reasons

0 B

URL HTTP/2
api.rlcdn.com/api/identity/idl?pid=1317
IP
34.120.133.55:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /api/identity/idl?pid=1317 HTTP/1.1
Host: api.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 451 Unavailable For Legal Reasons
date: Tue, 21 Mar 2023 10:21:33 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=03731456705740945174496638865481154157&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%011120230321032131551664133%011&ts=1679394096115

34.241.198.189

200 OK

320 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=03731456705740945174496638865481154157&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%011120230321032131551664133%011&ts=1679394096115
IP
34.241.198.189:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Size
320 B (320 bytes)
Hash
0816cb1689f7c16c4bd02275076716b8
15d21df95971c952936a16bf910eda5a9a2b67dc
362ce2e007fc54a73fa35bc354c8d5c2d2f0335ec4aa656ba8e358667caf52ec

HTTP Headers

GET /id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=03731456705740945174496638865481154157&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%011120230321032131551664133%011&ts=1679394096115 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v046-03a127b6a.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=27153179034205094584210733459735600168; Max-Age=15552000; Expires=Sun, 17 Sep 2023 10:21:33 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: gxpzVgHbQwo=
Content-Length: 320
Connection: keep-alive

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA

163.171.132.220

200 OK

175 B

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
175 B (175 bytes)
Hash
0dcad0ea9c20d8fa5b0bac933fd21aa3
11f7d3f888d23029d7579687c27dd1b3f8205826
c420650d58198a371ba22c3a1635541d758d7d37719dbf03d86099f4fb1062ea

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Content-Type: multipart/form-data; boundary=---------------------------343691953516004921392951332649
Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Content-Length: 171
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=; utag_main=v_id:018703b03f97001149cbcf9448e800050003e00900918$_sn:1$_se:1$_ss:1$_st:1679395894999$ses_id:1679394094999%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:34|g:74b7a0cf-3adb-417f-86c0-a79f562a48ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:34|i:206917|e:31; __ts_xfdF3__=12154717; dti_apg=%7B%22_rt%22%3A%22DTAGZ593ujXE8Cmq237r%2BtdcAdWF%2FjiG6Hg32Ef4yNE%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:33 GMT
Content-Type: application/json
Content-Length: 175
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
x-envoy-decorator-operation: ingress DeviceCategoryPost4
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=gcQ4P6fnDDMDUc5fzYeiaqcQlcnPNsp8z5wad47YNewudjLaWH+E59qWXtoJsRC%2f; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:33 GMT;Httponly; Secure
_abck=6CCDDA8FF70B117DBC91094792420C0E~-1~YAAQlNAXApjBleKGAQAAejmwAwla05CulEbn13HM8Z+q8Q6EgAlUGCGbm+z/fSLokI0Afe36i9N9vlx1E8qSijqsloZmo3Qeie87xkV9v0qNGMtysnH2mtJlQDa9dkwafuZF9gyaxAyX3UB2McKhy8Z8aBYnZMZTl/xR9IrLc0yOrFZGdHPpJ1pe7HFDl+GqtgvZysVzJPuX6NBgLwtg4VxP9yqFPvpGB7WxTS8ifIpc3hd9oqb5i1Nc5jnK2WWyln5KjYlZqLVEHgPe/+eJzJilRs9MetYs+t040gCy7H36f4Qnz4cdfLYFcvu1UfDk8+Huz3xWPhzxLiUuQFqDzJFLHiRhL0CPauE9mIPjHRxk+OBl1LYbNZ+SE04Uze3pUw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 20 Mar 2024 10:21:33 GMT; Max-Age=31536000; Secure
bm_sz=EB520D410E369AFBB56D81E1013E80ED~YAAQlNAXApnBleKGAQAAejmwAxMsIwoywDH7tpjKFns+z1B1eh/Iv8hJcUEid6mPEFMs16p0sJMuwsVzdVMNyeR47Tmil3YE49P9dlOAq3eTumqVq2Ypr4xrfsb3qo27rRJc5SqW8GloRPfRjjhtQVzEhppX6FCnmM8nrmfx4W/zbvzKkcLlNU7C2SQQI323BI1Lv0if8oTb3i8uviRs0frPEdXyMD/9iEdUD4aINksOoWlq+PLWU5ZmVKmbSWlNiXQyqt6kCc+t0VUBZ8mOfS4/w4g2WwVp4BkYzBHnDha6RhMsgYly~4539193~3683888; Domain=.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 14:21:33 GMT; Max-Age=14400
X-Via: 1.1 kf175:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852d_kf175_30366-132

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/Yo0J8f8Rx/tSR7mQL/AA/aOwawk2mmaz7/TVIrUAROBg/ZGBO/Y3ZAYl8

163.171.132.220

201 Created

18 B

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/Yo0J8f8Rx/tSR7mQL/AA/aOwawk2mmaz7/TVIrUAROBg/ZGBO/Y3ZAYl8
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo
fortinet	Phishing

HTTP Headers

POST /Yo0J8f8Rx/tSR7mQL/AA/aOwawk2mmaz7/TVIrUAROBg/ZGBO/Y3ZAYl8 HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
ADRUM: isAjax:true
Content-Type: text/plain;charset=UTF-8
Content-Length: 2765
Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Cookie: SameSite=None; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=; utag_main=v_id:018703b03f97001149cbcf9448e800050003e00900918$_sn:1$_se:2$_ss:0$_st:1679395896010$ses_id:1679394094999%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:34|g:74b7a0cf-3adb-417f-86c0-a79f562a48ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:34|i:206917|e:31; __ts_xfdF3__=164047879; dti_apg=%7B%22_rt%22%3A%22DTAGZ593ujXE8Cmq237r%2BtdcAdWF%2FjiG6Hg32Ef4yNE%3D%22%2C%22_s%22%3A%22RhtTYuxA%22%7D; _cls_v=09ee7b37-92a4-4424-8de7-df72dc816538; _cls_s=06983b8e-6085-4718-9276-370b6a5959a5:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C03731456705740945174496638865481154157%7CMCAAMLH-1679998896%7C6%7CMCAAMB-1679394095%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C2014362420%7CMCOPTOUT-1679401296s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 201 Created
Date: Tue, 21 Mar 2023 10:21:33 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=ZblcQFl2prl6Fya82ZDafw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=ZblcQFl2prl6Fya82ZDafw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=E17058E814E81D948827DD30C3A2BCC0~-1~YAAQlNAXAqDBleKGAQAAxjmwAwm33Ix3oiu9bH1X4r0qPR5ChzyeOFvpP6BjXbUBdsdGsnIWATDt76S3sXzV8WfblfgGmPzpNy+yk/qw3/iQH6gR0LpJnG7I3LlkkefCp843+c/yt6Y0mPPw15i6R1xKFjxjKUCBelrAQxj2FLVlCI/BwW6Dl7VvkQpDDezqussVDg4bVi63/89kbz7Ecvjv27YCQbjsH4p76uXUVKBCvUbFgnx5EbaE4MvtImI6Ecj7yH7vgAhs/hNxkzL1rEtiGbkdL6w/0j5L/+l4uaHwVDfvV6qnxGf8vbRrqMgjbrmLdJgt7kYVwpLMVyUQv8XKB2WDO/VEVVTSl0g93pglLD4dgND0OMo839JSWslcLw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 20 Mar 2024 10:21:33 GMT; Max-Age=31536000; Secure
bm_sz=61996E1569933EEB85D11FB2BFB8201F~YAAQlNAXAqHBleKGAQAAxjmwAxOB+bYA7K0d/OMcBa4t4iCBi2r5ue0KRIHCHKqShX3rVtiNY4sYte83isL6Q2DDAZRFyjDPNpQbXdYK6EcrFI6hDvgSAQVU7r9W69mFBOYvIkewyLlcW+/ZzDE8yI89fAdoJa1buQwZbxzMOEB1AicocI3YKf+Sd1RS2vwt/dQxo/9BOCHp5T+Yut2AiqrRr0NID7C13ZsCjhWdVnLACvonUKIbc0DcXzuMjNjduGd3s46Ox9dxqGMy/5os3PT/eB1NmgPZze/24yVNeOZpGdANhGvk~4539193~3683888; Domain=.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 14:21:33 GMT; Max-Age=14400
X-Via: 1.1 kf175:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852d_kf175_30366-135

rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=06983b8e-6085-4718-9276-370b6a5959a5%3A0&_cls_v=09ee7b37-92a4-4424-8de7-df72dc816538&pv=2&f_cls_s=true

95.101.10.104

200 OK

1.2 kB

URL HTTP/1.1
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=06983b8e-6085-4718-9276-370b6a5959a5%3A0&_cls_v=09ee7b37-92a4-4424-8de7-df72dc816538&pv=2&f_cls_s=true
IP
95.101.10.104:0
ASN
#20940 Akamai International B.V.

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (5109), with no line terminators
Size
1.2 kB (1190 bytes)
Hash
449d1530e6ac63fc138e4809ef73af03
e53dbf43617ed50cb3f42080dce48beb9786699e
2ea4b00b972ec737cd73f23a9c938f8cb92e4c09ca07079cf61b6b6aea4132a0

HTTP Headers

GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=06983b8e-6085-4718-9276-370b6a5959a5%3A0&_cls_v=09ee7b37-92a4-4424-8de7-df72dc816538&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1190
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Tue, 21 Mar 2023 10:21:33 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=de760e43; Secure; SameSite=None;HttpOnly;Secure
_cls_s=06983b8e-6085-4718-9276-370b6a5959a5:0; Secure; SameSite=None;HttpOnly;Secure
_cls_v=09ee7b37-92a4-4424-8de7-df72dc816538; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!nEiRbk92MxCWD3vpnNE5eVRfS7HzY6JnhG+odj6EmpV9NSGc//N7bcheYiu5Q0TqFF8VNQSt9U/MYg==; path=/; Httponly; Secure
DCID=Y3H+DR7ZiGNNtTw35kvgw3FqRkCc2LUtgx3LqzYN2pS6G7xVivt+q6hcOSNYemTK; Domain=rubicon.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:33 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

c1.wfinterface.com/tracking/ga/ga.js

23.36.79.32

200 OK

20 kB

URL HTTP/1.1
c1.wfinterface.com/tracking/ga/ga.js
IP
23.36.79.32:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (49163)
Size
20 kB (19477 bytes)
Hash
d76c07f3794667edfb1c8ac0df3aac66
23e1915175dad06223c692b49c7b3c2aad1a5820
e0a246ff71144016a26e53493b8275a3a02b9386c690a169801840072851136b

HTTP Headers

GET /tracking/ga/ga.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-c025"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 19477
Date: Tue, 21 Mar 2023 10:21:33 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=LJAafhsf9yojBZiODPb+DQ%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

c1.wfinterface.com/tracking/ga/ga_conversion_async.js

23.36.79.32

200 OK

14 kB

URL HTTP/1.1
c1.wfinterface.com/tracking/ga/ga_conversion_async.js
IP
23.36.79.32:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (35846)
Size
14 kB (13593 bytes)
Hash
42c817a7b5f9583b2bc70f742dc950c9
ff75711716f8605860abe551b0235f7194e4348e
881b430ac699f32b3b5234582494d1f4fc0d22be1e6ac797847d66bc5ebc250f

HTTP Headers

GET /tracking/ga/ga_conversion_async.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-8c31"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 13593
Date: Tue, 21 Mar 2023 10:21:33 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=f08p+QA5SqHZ3F9LIxxSHg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1679394095771

52.16.86.44

200 OK

318 B

URL HTTP/1.1
wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1679394095771
IP
52.16.86.44:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (587), with no line terminators
Size
318 B (318 bytes)
Hash
ca534363c323964e864505b110ccf4ed
767ead11fbca9d7a9dfbc61e0d57dc3958b06095
f73d4cac601bd20a3d560ac5727ac67dce5651ab3d53b46822fcad24516af875

HTTP Headers

POST /event?d_dil_ver=9.5&_ts=1679394095771 HTTP/1.1
Host: wellsfargobankna.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 375
Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v046-04caab9e7.edge-irl1.demdex.com 5 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=03694797967889046144497491638875735166; Max-Age=15552000; Expires=Sun, 17 Sep 2023 10:21:33 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: Y7MMndz6RWM=
Content-Length: 318
Connection: keep-alive

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
aa0b02047e2d86281b8c23f18f0a997c
3eb38073a6d5150c27a96b705ce0210cd7e77620
62f454fe15e193a4be1c774f8e08c19fa46a160a905a7e1ebee6b1aacc6c05bf

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:33 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 19 Mar 2023 20:38:02 GMT
Expires: Sun, 26 Mar 2023 20:38:01 GMT
Etag: "3eb38073a6d5150c27a96b705ce0210cd7e77620"
Cache-Control: max-age=468387,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ab577fbfb37b500-OSL

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
38d8047ca2045200f0cac13041a1d88f
37b06f9978e5de50a3769981c9408cffaf5c3185
adbbcfb19926e3c6373d5f207c53b8b825bd5f72ac2208cdf1b800de41f4463e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 10:21:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

2549153.fls.doubleclick.net/activityi;src=2549153;type=bisf90;cat=all_a0;ord=9802008583044;gtm=2od8g0;auiddc=197803954.1679394096;u1=1120230321032131551664133;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F?

142.250.74.38

200 OK

316 B

URL HTTP/2
2549153.fls.doubleclick.net/activityi;src=2549153;type=bisf90;cat=all_a0;ord=9802008583044;gtm=2od8g0;auiddc=197803954.1679394096;u1=1120230321032131551664133;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F?
IP
142.250.74.38:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (555), with no line terminators
Size
316 B (316 bytes)
Hash
c57c9f1aaf3358676f43da639f42c4f4
e4ee375867cede1d994525c149b3ef5c7a46b001
3672e3694b735b5457de4c26adf3666b40c8374e742fb6c0cd6b4e27ee1edeff

HTTP Headers

GET /activityi;src=2549153;type=bisf90;cat=all_a0;ord=9802008583044;gtm=2od8g0;auiddc=197803954.1679394096;u1=1120230321032131551664133;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F? HTTP/1.1
Host: 2549153.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 21 Mar 2023 10:21:33 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 316
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 21-Mar-2023 10:36:33 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js

23.36.79.26

200 OK

16 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
IP
23.36.79.26:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (599)
Size
16 kB (15970 bytes)
Hash
18a9dcc7cee831010cf1647c8e39088a
731f39c30835414c6e165dd4687bf4071fe0eb10
1dc439a17ef08f995584c4869ccc397120b2502b57ba40240887df28e347be9b

HTTP Headers

GET /assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 Mar 2021 23:46:24 GMT
Vary: Accept-Encoding
ETag: W/"60401fd0-bbed"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15970
Date: Tue, 21 Mar 2023 10:21:33 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=eV12F3GxuCDOXJ5MwXDRAQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
38d8047ca2045200f0cac13041a1d88f
37b06f9978e5de50a3769981c9408cffaf5c3185
adbbcfb19926e3c6373d5f207c53b8b825bd5f72ac2208cdf1b800de41f4463e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 10:21:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8252dadd968ec1f294252ff1328a1f08
8612446f27ae9ce296270c969845a784dcc7569b
84717d4c360be2750d3e28827fa865c9616395cd3463ac03245b57baa8887e35

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 10:21:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=285743579&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&ul=en-us&de=UTF-8&dt=Servicios%20bancarios%2C%20pr%C3%A9stamos%20e%20informaci%C3%B3n%20para%20peque%C3%B1as%20empresas%20%7C%20Wells%20Fargo&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUALBAAAAC~&jid=496274494&gjid=2113490946&cid=681992819.1679394096&tid=UA-107148943-1&_gid=670673865.1679394096&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120230321032131551664133&cd12=BROWSER&cd22=hp&cd23=4.49.0&gtm=2ou8g0&cd35=681992819.1679394096&z=969428188

142.250.74.78

200 OK

2 B

URL HTTP/2
www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=285743579&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&ul=en-us&de=UTF-8&dt=Servicios%20bancarios%2C%20pr%C3%A9stamos%20e%20informaci%C3%B3n%20para%20peque%C3%B1as%20empresas%20%7C%20Wells%20Fargo&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUALBAAAAC~&jid=496274494&gjid=2113490946&cid=681992819.1679394096&tid=UA-107148943-1&_gid=670673865.1679394096&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120230321032131551664133&cd12=BROWSER&cd22=hp&cd23=4.49.0&gtm=2ou8g0&cd35=681992819.1679394096&z=969428188
IP
142.250.74.78:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
cc7a1e792bca8ccb1946b7a07f6dbc03
11a2757082428311f587b7664fa9840376137f80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

HTTP Headers

POST /j/collect?v=1&_v=j92&aip=1&a=285743579&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&ul=en-us&de=UTF-8&dt=Servicios%20bancarios%2C%20pr%C3%A9stamos%20e%20informaci%C3%B3n%20para%20peque%C3%B1as%20empresas%20%7C%20Wells%20Fargo&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUALBAAAAC~&jid=496274494&gjid=2113490946&cid=681992819.1679394096&tid=UA-107148943-1&_gid=670673865.1679394096&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120230321032131551664133&cd12=BROWSER&cd22=hp&cd23=4.49.0&gtm=2ou8g0&cd35=681992819.1679394096&z=969428188 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
date: Tue, 21 Mar 2023 10:21:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

c1.wfinterface.com/tracking/ga/ec.js

23.36.79.32

200 OK

1.3 kB

URL HTTP/1.1
c1.wfinterface.com/tracking/ga/ec.js
IP
23.36.79.32:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (2771)
Size
1.3 kB (1313 bytes)
Hash
8a1d22ba0de1104dcdc02a582b407ed2
e4d90fd13a73c7379c46b197ded523a5d33c69b9
4a44a1a7efd65360f31e0b1842ad06b7fedc7c0373c69c0077c696cd49cc35de

HTTP Headers

GET /tracking/ga/ec.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-aed"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1313
Date: Tue, 21 Mar 2023 10:21:33 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=zGZDXZG0Uf84m9%2fLIl2IVQ%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

ocsp.digicert.com/

192.229.221.95

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
192.229.221.95:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
da6d49700956955f935a804c3ec7597f
0061bd1115e5d683362260d21d2356607515049b
b32d325c285802e9ba3bbc0a39818f19d6470c8b6ca2e050532517f2417123ff

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6376
Cache-Control: max-age=110975
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 10:21:33 GMT
Etag: "64187ac4-1d7"
Expires: Wed, 22 Mar 2023 17:11:08 GMT
Last-Modified: Mon, 20 Mar 2023 15:24:52 GMT
Server: ECAcc (ska/F775)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8252dadd968ec1f294252ff1328a1f08
8612446f27ae9ce296270c969845a784dcc7569b
84717d4c360be2750d3e28827fa865c9616395cd3463ac03245b57baa8887e35

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 10:21:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

192.229.221.95

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
192.229.221.95:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
da6d49700956955f935a804c3ec7597f
0061bd1115e5d683362260d21d2356607515049b
b32d325c285802e9ba3bbc0a39818f19d6470c8b6ca2e050532517f2417123ff

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6402
Cache-Control: max-age=111001
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 10:21:33 GMT
Etag: "64187ac4-1d7"
Expires: Wed, 22 Mar 2023 17:11:34 GMT
Last-Modified: Mon, 20 Mar 2023 15:24:52 GMT
Server: ECAcc (ska/F776)
X-Cache: HIT
Content-Length: 471

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096436&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP

163.171.132.220

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096436&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096436&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=; utag_main=v_id:018703b03f97001149cbcf9448e800050003e00900918$_sn:1$_se:2$_ss:0$_st:1679395896010$ses_id:1679394094999%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:34|g:74b7a0cf-3adb-417f-86c0-a79f562a48ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:34|i:206917|e:31; __ts_xfdF3__=311125621; dti_apg=%7B%22_rt%22%3A%22DTAGZ593ujXE8Cmq237r%2BtdcAdWF%2FjiG6Hg32Ef4yNE%3D%22%2C%22_s%22%3A%22RhtTYuxA%22%2C%22c%22%3A%22a21IY3dRRUlBc0RMWTlQOQ%3D%3Dmd3F4FZXkwpdsOdkKW-D3dDmdsMQtkX_wD4tPu8nHVf2P3YfNdXNj6CQ1BdhgZ0qn6D27P5IYVsV24AnteheggPgenENX_VdMAM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=09ee7b37-92a4-4424-8de7-df72dc816538; _cls_s=06983b8e-6085-4718-9276-370b6a5959a5:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C03731456705740945174496638865481154157%7CMCAAMLH-1679998896%7C6%7CMCAAMB-1679998896%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C2014362420%7CMCOPTOUT-1679401296s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _gcl_au=1.1.197803954.1679394096
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:33 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 20 Mar 2023 10:21:33 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=cj4UOHlI2YuZ8jB6DTHyjAoSgE%2fvjMdHGqPxj+RyePavoOVkVahfCaTyZ9OUGZks; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:33 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852d_kf175_30366-139

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
43229f902489cc88a3b8f77dea901852
28e63d8d5a952b9e568cad6feda0e211e1fbfdda
245bfd30b6d87d590e50452fd8672d82d9d441242b4603fcc007e70b6a56685b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 10:21:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=681992819.1679394096&jid=496274494&gjid=2113490946&_gid=670673865.1679394096&_u=4GBACUAKBAAAAC~&z=1081548312

209.85.233.157

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=681992819.1679394096&jid=496274494&gjid=2113490946&_gid=670673865.1679394096&_u=4GBACUAKBAAAAC~&z=1081548312
IP
209.85.233.157:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=681992819.1679394096&jid=496274494&gjid=2113490946&_gid=670673865.1679394096&_u=4GBACUAKBAAAAC~&z=1081548312 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 21 Mar 2023 10:21:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
43229f902489cc88a3b8f77dea901852
28e63d8d5a952b9e568cad6feda0e211e1fbfdda
245bfd30b6d87d590e50452fd8672d82d9d441242b4603fcc007e70b6a56685b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 10:21:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096482&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A283-226516-16%7Etcm%3A91-223647-32

163.171.132.220

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096482&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A283-226516-16%7Etcm%3A91-223647-32
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096482&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A283-226516-16%7Etcm%3A91-223647-32 HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=; utag_main=v_id:018703b03f97001149cbcf9448e800050003e00900918$_sn:1$_se:2$_ss:0$_st:1679395896010$ses_id:1679394094999%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:34|g:74b7a0cf-3adb-417f-86c0-a79f562a48ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:34|i:206917|e:31; __ts_xfdF3__=311125621; dti_apg=%7B%22_rt%22%3A%22DTAGZ593ujXE8Cmq237r%2BtdcAdWF%2FjiG6Hg32Ef4yNE%3D%22%2C%22_s%22%3A%22RhtTYuxA%22%2C%22c%22%3A%22a21IY3dRRUlBc0RMWTlQOQ%3D%3Dmd3F4FZXkwpdsOdkKW-D3dDmdsMQtkX_wD4tPu8nHVf2P3YfNdXNj6CQ1BdhgZ0qn6D27P5IYVsV24AnteheggPgenENX_VdMAM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=09ee7b37-92a4-4424-8de7-df72dc816538; _cls_s=06983b8e-6085-4718-9276-370b6a5959a5:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C03731456705740945174496638865481154157%7CMCAAMLH-1679998896%7C6%7CMCAAMB-1679998896%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C2014362420%7CMCOPTOUT-1679401296s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _gcl_au=1.1.197803954.1679394096; _ga=GA1.2.681992819.1679394096; _gid=GA1.2.670673865.1679394096; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:34 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 20 Mar 2023 10:21:33 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=OGTXoGPO1djoooFifNg1tC4u5fnZXi8beg338M9NL+M%3d; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:33 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852d_kf175_30501-44669

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096503&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-226451%7Etcm%3A84-1029-2

163.171.132.220

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096503&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-226451%7Etcm%3A84-1029-2
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096503&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-226451%7Etcm%3A84-1029-2 HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=; utag_main=v_id:018703b03f97001149cbcf9448e800050003e00900918$_sn:1$_se:2$_ss:0$_st:1679395896010$ses_id:1679394094999%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:34|g:74b7a0cf-3adb-417f-86c0-a79f562a48ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:34|i:206917|e:31; __ts_xfdF3__=311125621; dti_apg=%7B%22_rt%22%3A%22DTAGZ593ujXE8Cmq237r%2BtdcAdWF%2FjiG6Hg32Ef4yNE%3D%22%2C%22_s%22%3A%22RhtTYuxA%22%2C%22c%22%3A%22a21IY3dRRUlBc0RMWTlQOQ%3D%3Dmd3F4FZXkwpdsOdkKW-D3dDmdsMQtkX_wD4tPu8nHVf2P3YfNdXNj6CQ1BdhgZ0qn6D27P5IYVsV24AnteheggPgenENX_VdMAM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=09ee7b37-92a4-4424-8de7-df72dc816538; _cls_s=06983b8e-6085-4718-9276-370b6a5959a5:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C03731456705740945174496638865481154157%7CMCAAMLH-1679998896%7C6%7CMCAAMB-1679998896%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C2014362420%7CMCOPTOUT-1679401296s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _gcl_au=1.1.197803954.1679394096; _ga=GA1.2.681992819.1679394096; _gid=GA1.2.670673865.1679394096; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:34 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 20 Mar 2023 10:21:33 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=4X9zXI7VW%2fCYFLiXvWFwDLXIflhv37dNCDYpqXO+ddo%3d; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:33 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852d_kf175_30312-64642

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096497&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A283-226480-16%7Etcm%3A91-226306-32

163.171.132.220

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096497&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A283-226480-16%7Etcm%3A91-226306-32
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096497&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A283-226480-16%7Etcm%3A91-226306-32 HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=; utag_main=v_id:018703b03f97001149cbcf9448e800050003e00900918$_sn:1$_se:2$_ss:0$_st:1679395896010$ses_id:1679394094999%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:34|g:74b7a0cf-3adb-417f-86c0-a79f562a48ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:34|i:206917|e:31; __ts_xfdF3__=311125621; dti_apg=%7B%22_rt%22%3A%22DTAGZ593ujXE8Cmq237r%2BtdcAdWF%2FjiG6Hg32Ef4yNE%3D%22%2C%22_s%22%3A%22RhtTYuxA%22%2C%22c%22%3A%22a21IY3dRRUlBc0RMWTlQOQ%3D%3Dmd3F4FZXkwpdsOdkKW-D3dDmdsMQtkX_wD4tPu8nHVf2P3YfNdXNj6CQ1BdhgZ0qn6D27P5IYVsV24AnteheggPgenENX_VdMAM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=09ee7b37-92a4-4424-8de7-df72dc816538; _cls_s=06983b8e-6085-4718-9276-370b6a5959a5:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C03731456705740945174496638865481154157%7CMCAAMLH-1679998896%7C6%7CMCAAMB-1679998896%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C2014362420%7CMCOPTOUT-1679401296s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _gcl_au=1.1.197803954.1679394096; _ga=GA1.2.681992819.1679394096; _gid=GA1.2.670673865.1679394096; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:34 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 20 Mar 2023 10:21:33 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=IePpNkv5+vZMo87Mw4MN5CLel2C6REOYeCbj55QyUpmiTpiGpLCfddSmTKlOfwAT; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:33 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852d_kf175_30730-29036

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bfa45bb31acdcad04104ab759ca396b0
f8290df5a249f0dd192fec38584618205b2d4bc7
97b4f123c07d8ccbbb7f6757f55e2b2b055ea296a29f52a729efdc996e9c8592

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 10:21:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096510&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-254032-16%7Etcm%3A91-223657-32

163.171.132.220

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096510&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-254032-16%7Etcm%3A91-223657-32
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096510&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-254032-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=; utag_main=v_id:018703b03f97001149cbcf9448e800050003e00900918$_sn:1$_se:2$_ss:0$_st:1679395896010$ses_id:1679394094999%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:34|g:74b7a0cf-3adb-417f-86c0-a79f562a48ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:34|i:206917|e:31; __ts_xfdF3__=311125621; dti_apg=%7B%22_rt%22%3A%22DTAGZ593ujXE8Cmq237r%2BtdcAdWF%2FjiG6Hg32Ef4yNE%3D%22%2C%22_s%22%3A%22RhtTYuxA%22%2C%22c%22%3A%22a21IY3dRRUlBc0RMWTlQOQ%3D%3Dmd3F4FZXkwpdsOdkKW-D3dDmdsMQtkX_wD4tPu8nHVf2P3YfNdXNj6CQ1BdhgZ0qn6D27P5IYVsV24AnteheggPgenENX_VdMAM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=09ee7b37-92a4-4424-8de7-df72dc816538; _cls_s=06983b8e-6085-4718-9276-370b6a5959a5:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C03731456705740945174496638865481154157%7CMCAAMLH-1679998896%7C6%7CMCAAMB-1679998896%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C2014362420%7CMCOPTOUT-1679401296s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _gcl_au=1.1.197803954.1679394096; _ga=GA1.2.681992819.1679394096; _gid=GA1.2.670673865.1679394096; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:34 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 20 Mar 2023 10:21:33 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=ekd%2fo+HgScHCKU5w4mJyvMfW4dpb6hZlZqvtwO7pX1yJFpEzYY2nwdkI%2fnGw1mOk; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:33 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852d_kf175_30331-47817

adservice.google.com/ddm/fls/i/src=2549153;type=bisf90;cat=all_a0;ord=9802008583044;gtm=2od8g0;auiddc=197803954.1679394096;u1=1120230321032131551664133;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F

142.250.74.130

200 OK

318 B

URL HTTP/2
adservice.google.com/ddm/fls/i/src=2549153;type=bisf90;cat=all_a0;ord=9802008583044;gtm=2od8g0;auiddc=197803954.1679394096;u1=1120230321032131551664133;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F
IP
142.250.74.130:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (554), with no line terminators
Size
318 B (318 bytes)
Hash
c49985eb4f5a4e49718bcd8a773daa06
1846f35bdf28464113751a964864e5a8b8f59a34
48fbe774079ebb984f0e90feea5800234da37f19ebf4ae0c2f8928fea39e0ce3

HTTP Headers

GET /ddm/fls/i/src=2549153;type=bisf90;cat=all_a0;ord=9802008583044;gtm=2od8g0;auiddc=197803954.1679394096;u1=1120230321032131551664133;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2549153.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 21 Mar 2023 10:21:34 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 318
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096514&offerType=iaRendered&slotId=WF_BIZ_HP_PRIMARY_BNR&offerId=B_oth_sbcybersecurityrsvp_bishhipprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254032-16%7Etcm%3A91-223657-32

163.171.132.220

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096514&offerType=iaRendered&slotId=WF_BIZ_HP_PRIMARY_BNR&offerId=B_oth_sbcybersecurityrsvp_bishhipprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254032-16%7Etcm%3A91-223657-32
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096514&offerType=iaRendered&slotId=WF_BIZ_HP_PRIMARY_BNR&offerId=B_oth_sbcybersecurityrsvp_bishhipprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254032-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=; utag_main=v_id:018703b03f97001149cbcf9448e800050003e00900918$_sn:1$_se:2$_ss:0$_st:1679395896010$ses_id:1679394094999%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:34|g:74b7a0cf-3adb-417f-86c0-a79f562a48ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:34|i:206917|e:31; __ts_xfdF3__=311125621; dti_apg=%7B%22_rt%22%3A%22DTAGZ593ujXE8Cmq237r%2BtdcAdWF%2FjiG6Hg32Ef4yNE%3D%22%2C%22_s%22%3A%22RhtTYuxA%22%2C%22c%22%3A%22a21IY3dRRUlBc0RMWTlQOQ%3D%3Dmd3F4FZXkwpdsOdkKW-D3dDmdsMQtkX_wD4tPu8nHVf2P3YfNdXNj6CQ1BdhgZ0qn6D27P5IYVsV24AnteheggPgenENX_VdMAM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=09ee7b37-92a4-4424-8de7-df72dc816538; _cls_s=06983b8e-6085-4718-9276-370b6a5959a5:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C03731456705740945174496638865481154157%7CMCAAMLH-1679998896%7C6%7CMCAAMB-1679998896%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C2014362420%7CMCOPTOUT-1679401296s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _gcl_au=1.1.197803954.1679394096; _ga=GA1.2.681992819.1679394096; _gid=GA1.2.670673865.1679394096; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:34 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 20 Mar 2023 10:21:33 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=Y9uJWjg6xNq8jonfmapjDEsab5uEWTgUxgMHxbez4PI%3d; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:33 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852d_kf175_30542-46321

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bfa45bb31acdcad04104ab759ca396b0
f8290df5a249f0dd192fec38584618205b2d4bc7
97b4f123c07d8ccbbb7f6757f55e2b2b055ea296a29f52a729efdc996e9c8592

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 10:21:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096518&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A283-238607-16%7Etcm%3A91-228643-32

163.171.132.220

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096518&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A283-238607-16%7Etcm%3A91-228643-32
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096518&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A283-238607-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=; utag_main=v_id:018703b03f97001149cbcf9448e800050003e00900918$_sn:1$_se:2$_ss:0$_st:1679395896010$ses_id:1679394094999%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:34|g:74b7a0cf-3adb-417f-86c0-a79f562a48ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:34|i:206917|e:31; __ts_xfdF3__=311125621; dti_apg=%7B%22_rt%22%3A%22DTAGZ593ujXE8Cmq237r%2BtdcAdWF%2FjiG6Hg32Ef4yNE%3D%22%2C%22_s%22%3A%22RhtTYuxA%22%2C%22c%22%3A%22a21IY3dRRUlBc0RMWTlQOQ%3D%3Dmd3F4FZXkwpdsOdkKW-D3dDmdsMQtkX_wD4tPu8nHVf2P3YfNdXNj6CQ1BdhgZ0qn6D27P5IYVsV24AnteheggPgenENX_VdMAM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=09ee7b37-92a4-4424-8de7-df72dc816538; _cls_s=06983b8e-6085-4718-9276-370b6a5959a5:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C03731456705740945174496638865481154157%7CMCAAMLH-1679998896%7C6%7CMCAAMB-1679998896%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C2014362420%7CMCOPTOUT-1679401296s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _gcl_au=1.1.197803954.1679394096; _ga=GA1.2.681992819.1679394096; _gid=GA1.2.670673865.1679394096; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:34 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 20 Mar 2023 10:21:34 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=HoSeO%2fTwXziUClgLBfJ54Aq61dJKydj1URvDefwFAVg%3d; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:34 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852d_kf175_30366-143

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2f656ecf7dfa2c439943f8adc7af7af3
7e1e963c5a29b4355c05a3824b9cab61c8c8e98b
a5eacea5ab24e16191f73cab5a4554ccc2a5150db6b578c478e078f28793c51b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 10:21:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

adservice.google.no/ddm/fls/i/src=2549153;type=bisf90;cat=all_a0;ord=9802008583044;gtm=2od8g0;auiddc=197803954.1679394096;u1=1120230321032131551664133;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F

172.217.21.162

200 OK

85 B

URL HTTP/2
adservice.google.no/ddm/fls/i/src=2549153;type=bisf90;cat=all_a0;ord=9802008583044;gtm=2od8g0;auiddc=197803954.1679394096;u1=1120230321032131551664133;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F
IP
172.217.21.162:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
85 B (85 bytes)
Hash
4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb

HTTP Headers

GET /ddm/fls/i/src=2549153;type=bisf90;cat=all_a0;ord=9802008583044;gtm=2od8g0;auiddc=197803954.1679394096;u1=1120230321032131551664133;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 21 Mar 2023 10:21:34 GMT
expires: Tue, 21 Mar 2023 10:21:34 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679394096533&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=2

163.171.132.220

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679394096533&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=2
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679394096533&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=2 HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=; utag_main=v_id:018703b03f97001149cbcf9448e800050003e00900918$_sn:1$_se:2$_ss:0$_st:1679395896010$ses_id:1679394094999%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:34|g:74b7a0cf-3adb-417f-86c0-a79f562a48ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:34|i:206917|e:31; __ts_xfdF3__=311125621; dti_apg=%7B%22_rt%22%3A%22DTAGZ593ujXE8Cmq237r%2BtdcAdWF%2FjiG6Hg32Ef4yNE%3D%22%2C%22_s%22%3A%22RhtTYuxA%22%2C%22c%22%3A%22a21IY3dRRUlBc0RMWTlQOQ%3D%3Dmd3F4FZXkwpdsOdkKW-D3dDmdsMQtkX_wD4tPu8nHVf2P3YfNdXNj6CQ1BdhgZ0qn6D27P5IYVsV24AnteheggPgenENX_VdMAM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=09ee7b37-92a4-4424-8de7-df72dc816538; _cls_s=06983b8e-6085-4718-9276-370b6a5959a5:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C03731456705740945174496638865481154157%7CMCAAMLH-1679998896%7C6%7CMCAAMB-1679998896%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C2014362420%7CMCOPTOUT-1679401296s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _gcl_au=1.1.197803954.1679394096; _ga=GA1.2.681992819.1679394096; _gid=GA1.2.670673865.1679394096; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:34 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 20 Mar 2023 10:21:34 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=VMufPP6bIaifnLyIdvFbogsMOLeuFTCanT3Zd4jCjNg%3d; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:34 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852e_kf175_30730-29050

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679394096523&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=1

163.171.132.220

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679394096523&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=1
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679394096523&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=1 HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=; utag_main=v_id:018703b03f97001149cbcf9448e800050003e00900918$_sn:1$_se:2$_ss:0$_st:1679395896010$ses_id:1679394094999%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:34|g:74b7a0cf-3adb-417f-86c0-a79f562a48ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:34|i:206917|e:31; __ts_xfdF3__=311125621; dti_apg=%7B%22_rt%22%3A%22DTAGZ593ujXE8Cmq237r%2BtdcAdWF%2FjiG6Hg32Ef4yNE%3D%22%2C%22_s%22%3A%22RhtTYuxA%22%2C%22c%22%3A%22a21IY3dRRUlBc0RMWTlQOQ%3D%3Dmd3F4FZXkwpdsOdkKW-D3dDmdsMQtkX_wD4tPu8nHVf2P3YfNdXNj6CQ1BdhgZ0qn6D27P5IYVsV24AnteheggPgenENX_VdMAM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=09ee7b37-92a4-4424-8de7-df72dc816538; _cls_s=06983b8e-6085-4718-9276-370b6a5959a5:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C03731456705740945174496638865481154157%7CMCAAMLH-1679998896%7C6%7CMCAAMB-1679998896%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C2014362420%7CMCOPTOUT-1679401296s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _gcl_au=1.1.197803954.1679394096; _ga=GA1.2.681992819.1679394096; _gid=GA1.2.670673865.1679394096; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:34 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 20 Mar 2023 10:21:34 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=QB+NIcVqYE2X%2ffQy4FKjUEZvylGew5AHFff9pq7JKOFR7ks2%2fhYCxu1e86PczBh+; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:34 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852e_kf175_30501-44671

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2f656ecf7dfa2c439943f8adc7af7af3
7e1e963c5a29b4355c05a3824b9cab61c8c8e98b
a5eacea5ab24e16191f73cab5a4554ccc2a5150db6b578c478e078f28793c51b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 10:21:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096538&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A283-238609-16%7Etcm%3A91-228643-32

163.171.132.220

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096538&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A283-238609-16%7Etcm%3A91-228643-32
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096538&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A283-238609-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=; utag_main=v_id:018703b03f97001149cbcf9448e800050003e00900918$_sn:1$_se:2$_ss:0$_st:1679395896010$ses_id:1679394094999%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:34|g:74b7a0cf-3adb-417f-86c0-a79f562a48ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:34|i:206917|e:31; __ts_xfdF3__=311125621; dti_apg=%7B%22_rt%22%3A%22DTAGZ593ujXE8Cmq237r%2BtdcAdWF%2FjiG6Hg32Ef4yNE%3D%22%2C%22_s%22%3A%22RhtTYuxA%22%2C%22c%22%3A%22a21IY3dRRUlBc0RMWTlQOQ%3D%3Dmd3F4FZXkwpdsOdkKW-D3dDmdsMQtkX_wD4tPu8nHVf2P3YfNdXNj6CQ1BdhgZ0qn6D27P5IYVsV24AnteheggPgenENX_VdMAM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=09ee7b37-92a4-4424-8de7-df72dc816538; _cls_s=06983b8e-6085-4718-9276-370b6a5959a5:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C03731456705740945174496638865481154157%7CMCAAMLH-1679998896%7C6%7CMCAAMB-1679998896%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C2014362420%7CMCOPTOUT-1679401296s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _gcl_au=1.1.197803954.1679394096; _ga=GA1.2.681992819.1679394096; _gid=GA1.2.670673865.1679394096; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:34 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 20 Mar 2023 10:21:34 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=k+6HkaEtF9Utd4EmGCZqR%2fHln8xBIZamElJI2YvZtzs%3d; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:34 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852e_kf175_30331-47819

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096528&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A283-238608-16%7Etcm%3A91-228643-32

163.171.132.220

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096528&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A283-238608-16%7Etcm%3A91-228643-32
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096528&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A283-238608-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=; utag_main=v_id:018703b03f97001149cbcf9448e800050003e00900918$_sn:1$_se:2$_ss:0$_st:1679395896010$ses_id:1679394094999%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:34|g:74b7a0cf-3adb-417f-86c0-a79f562a48ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:34|i:206917|e:31; __ts_xfdF3__=311125621; dti_apg=%7B%22_rt%22%3A%22DTAGZ593ujXE8Cmq237r%2BtdcAdWF%2FjiG6Hg32Ef4yNE%3D%22%2C%22_s%22%3A%22RhtTYuxA%22%2C%22c%22%3A%22a21IY3dRRUlBc0RMWTlQOQ%3D%3Dmd3F4FZXkwpdsOdkKW-D3dDmdsMQtkX_wD4tPu8nHVf2P3YfNdXNj6CQ1BdhgZ0qn6D27P5IYVsV24AnteheggPgenENX_VdMAM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=09ee7b37-92a4-4424-8de7-df72dc816538; _cls_s=06983b8e-6085-4718-9276-370b6a5959a5:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C03731456705740945174496638865481154157%7CMCAAMLH-1679998896%7C6%7CMCAAMB-1679998896%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C2014362420%7CMCOPTOUT-1679401296s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _gcl_au=1.1.197803954.1679394096; _ga=GA1.2.681992819.1679394096; _gid=GA1.2.670673865.1679394096; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:34 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 20 Mar 2023 10:21:34 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=HACI279B84hzV2oh7RiGTwAo5+23B+t4SO2JkVc4zLBpb%2f0VzEQy+mSTIupRcufr; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:34 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852e_kf175_30312-64643

ort.wellsfargo.com/securereporting/reporting/v1/csp

95.101.10.171

200 OK

0 B

URL HTTP/1.1
ort.wellsfargo.com/securereporting/reporting/v1/csp
IP
95.101.10.171:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /securereporting/reporting/v1/csp HTTP/1.1
Host: ort.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 3522
Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Length: 0
X-Vcap-Request-Id: a2970d23-f5d0-42e4-44ef-cee52973eb3b
X-Xss-Protection: 1; mode=block
Date: Tue, 21 Mar 2023 10:21:34 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:0|g:631b5ae4-a05b-4c43-a9ac-4c86c3834e40; Max-Age=30; Expires=Tue, 21-Mar-2023 10:22:04 GMT; Path=/; Secure
ADRUM_BTa=R:0|g:631b5ae4-a05b-4c43-a9ac-4c86c3834e40|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Max-Age=30; Expires=Tue, 21-Mar-2023 10:22:04 GMT; Path=/; Secure
SameSite=None; Max-Age=30; Expires=Tue, 21-Mar-2023 10:22:04 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766; Max-Age=30; Expires=Tue, 21-Mar-2023 10:22:04 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:2; Max-Age=30; Expires=Tue, 21-Mar-2023 10:22:04 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:2|d:3; Max-Age=30; Expires=Tue, 21-Mar-2023 10:22:04 GMT; Path=/; Secure
DCID=gHRhHYwYCo%2ftx7KmC1f57MeizGPV1WwfAUm68%2fAd1i0%3d; Domain=ort.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:34 GMT;Httponly; Secure
_abck=C12D6FED20D89EDA46E0E5449C6F47C7~-1~YAAQpwplX+3iZcWGAQAAxTywAwmwkYlQeo1MyJaOLfknhiZxBJPdYd4x+qxVljRbvU6vym2X0myD7gPR0S5VjEFJ/OfdkgeO6caxOrcD4pClySDq5NEpuYoVJBexNqw17txJQIM0z02VkTypGn0MevIlFKGvMX+0x4h+sx3kNmilv3ZOEVN+bjhxs65D3Y4Jf67O78TdixHtHYLe75OkA8t5pMW8gHeGgQWz3zLYQ3QYnN6skDHOXn1zK90nSLCOg345FJIuWOpMMBPMjki16RmFcjwaOPycY51mBZ3EX0viCz5weiz4LOl8gTLy9qJQoKmYW29cOjVgg5JdkAN/L1R2IyZ6MVTXjFCF+PoRa4xjqlfu4b3CYki4mRY9jxRaSQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 20 Mar 2024 10:21:34 GMT; Max-Age=31536000; Secure
bm_sz=F2385954CC8FFC15F81BED2868CF240C~YAAQpwplX+7iZcWGAQAAxTywAxMy225AqL9gtQFpR/ZasJlBN+XdOchHbr4OCJ1f03dMjZ8Y3tmV7s8UC+IkNhs4EniiFTm3irsuQ5f+bWNyE/Qq9NasEgoMJ+yPK/QEoPTxmpubg53H0Yij8wvJ8u+XnOayVldKRkjhHQKr1LyAh43AZhmou29oMnmc+aHwmf4qMsATJoQ1bHmEDsPl5welY/P9XMdeZPCLvIh04SwqLQv/fhXBeCGOcSLzcRH4i7vlIXIZGV+nHt4Xmviedvoq7p1NvaMpjGIB2ibw/VfUwozVx692~3159346~3158583; Domain=.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 14:21:34 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679394096541&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=3

163.171.132.220

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679394096541&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=3
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679394096541&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=3 HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=; utag_main=v_id:018703b03f97001149cbcf9448e800050003e00900918$_sn:1$_se:2$_ss:0$_st:1679395896010$ses_id:1679394094999%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:34|g:74b7a0cf-3adb-417f-86c0-a79f562a48ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:34|i:206917|e:31; __ts_xfdF3__=311125621; dti_apg=%7B%22_rt%22%3A%22DTAGZ593ujXE8Cmq237r%2BtdcAdWF%2FjiG6Hg32Ef4yNE%3D%22%2C%22_s%22%3A%22RhtTYuxA%22%2C%22c%22%3A%22a21IY3dRRUlBc0RMWTlQOQ%3D%3Dmd3F4FZXkwpdsOdkKW-D3dDmdsMQtkX_wD4tPu8nHVf2P3YfNdXNj6CQ1BdhgZ0qn6D27P5IYVsV24AnteheggPgenENX_VdMAM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=09ee7b37-92a4-4424-8de7-df72dc816538; _cls_s=06983b8e-6085-4718-9276-370b6a5959a5:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C03731456705740945174496638865481154157%7CMCAAMLH-1679998896%7C6%7CMCAAMB-1679998896%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C2014362420%7CMCOPTOUT-1679401296s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _gcl_au=1.1.197803954.1679394096; _ga=GA1.2.681992819.1679394096; _gid=GA1.2.670673865.1679394096; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:34 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 20 Mar 2023 10:21:34 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=Xf8USUCmRLIXmKhN81ZEVdNcl3nP6Mk7wJeDsLNNjvKOQhvgP1cS9cumRIqpTssZ; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:34 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852e_kf175_30542-46325

connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js

95.101.10.136

200 OK

150 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
IP
95.101.10.136:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
150 kB (149840 bytes)
Hash
c202cc61d625a043023da2eb9ece2c02
6b71a446ff14b0c3303a0d051ebe1c43d68a2401
1d21cf1fab6c8a56decf0287f4d45cb25d7b55438eb331ef73bb7e8ed05a0631

HTTP Headers

GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Allow: GET, POST, OPTIONS
Access-Control-Allow-Methods: POST
X-Frame-Options: SAMEORIGIN
ETag: W/"63f57db8-168e"
Last-Modified: Wed, 22 Feb 2023 02:28:08 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Tue, 21 Mar 2023 10:21:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
WesdAksn=A9w4sAOHAQAA8h9e21iEB5r_VBZ6umGP0wut8MkZoTzCMIkFzkLXmKXTmPtaAVtaKpqcuDv8wH8AAEB3AAAAAA|1|0|be024d67a713a100aff7ddc578554795f63a2bff; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=1CoFWK+vVnzarsBB%2f4qlCzwOoCA+KW3mx6JU+JBIxGntf7gOlLG0eSDnKp5GytM+; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:33 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096545&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A283-238610-16%7Etcm%3A91-228643-32

163.171.132.220

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096545&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A283-238610-16%7Etcm%3A91-228643-32
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-225258-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&cb=1679394096545&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A283-238610-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=; utag_main=v_id:018703b03f97001149cbcf9448e800050003e00900918$_sn:1$_se:2$_ss:0$_st:1679395896010$ses_id:1679394094999%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:34|g:74b7a0cf-3adb-417f-86c0-a79f562a48ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:34|i:206917|e:31; __ts_xfdF3__=311125621; dti_apg=%7B%22_rt%22%3A%22DTAGZ593ujXE8Cmq237r%2BtdcAdWF%2FjiG6Hg32Ef4yNE%3D%22%2C%22_s%22%3A%22RhtTYuxA%22%2C%22c%22%3A%22a21IY3dRRUlBc0RMWTlQOQ%3D%3Dmd3F4FZXkwpdsOdkKW-D3dDmdsMQtkX_wD4tPu8nHVf2P3YfNdXNj6CQ1BdhgZ0qn6D27P5IYVsV24AnteheggPgenENX_VdMAM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=09ee7b37-92a4-4424-8de7-df72dc816538; _cls_s=06983b8e-6085-4718-9276-370b6a5959a5:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C03731456705740945174496638865481154157%7CMCAAMLH-1679998896%7C6%7CMCAAMB-1679998896%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C2014362420%7CMCOPTOUT-1679401296s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _gcl_au=1.1.197803954.1679394096; _ga=GA1.2.681992819.1679394096; _gid=GA1.2.670673865.1679394096; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:34 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 20 Mar 2023 10:21:34 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=3BFyHKbHkQ9fU1IRG4o0cqlgrgUZmbcxC5zhXU2lYvcSmogutX0vbMNod8BSJk6y; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:34 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852e_kf175_30366-147

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679394096551&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=4

163.171.132.220

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679394096551&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=4
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1679394096551&pageID=null&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=4 HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=; utag_main=v_id:018703b03f97001149cbcf9448e800050003e00900918$_sn:1$_se:2$_ss:0$_st:1679395896010$ses_id:1679394094999%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:34|g:74b7a0cf-3adb-417f-86c0-a79f562a48ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:34|i:206917|e:31; __ts_xfdF3__=311125621; dti_apg=%7B%22_rt%22%3A%22DTAGZ593ujXE8Cmq237r%2BtdcAdWF%2FjiG6Hg32Ef4yNE%3D%22%2C%22_s%22%3A%22RhtTYuxA%22%2C%22c%22%3A%22a21IY3dRRUlBc0RMWTlQOQ%3D%3Dmd3F4FZXkwpdsOdkKW-D3dDmdsMQtkX_wD4tPu8nHVf2P3YfNdXNj6CQ1BdhgZ0qn6D27P5IYVsV24AnteheggPgenENX_VdMAM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=09ee7b37-92a4-4424-8de7-df72dc816538; _cls_s=06983b8e-6085-4718-9276-370b6a5959a5:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C03731456705740945174496638865481154157%7CMCAAMLH-1679998896%7C6%7CMCAAMB-1679998896%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C2014362420%7CMCOPTOUT-1679401296s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _gcl_au=1.1.197803954.1679394096; _ga=GA1.2.681992819.1679394096; _gid=GA1.2.670673865.1679394096; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:34 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 20 Mar 2023 10:21:34 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=9bOUk7+H9MmtnTlN6QI+KlVi1M3iDXaTJY7d%2fjfDH7k%3d; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:34 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852e_kf175_30730-29054

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/as/target/offers/dispositions

163.171.132.220

200 OK

975 B

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with very long lines (2450), with no line terminators
Size
975 B (975 bytes)
Hash
562a89f72ddbb64ea9662dae3ce4c045
810c4220511f104734573bc30b6d8b22eeda92e8
35e320df0d32b17191fe16e9c9fc7b5fcbd55170918605ac80c96624f46ca33e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Content-Type: application/json
Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Content-Length: 276
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=; utag_main=v_id:018703b03f97001149cbcf9448e800050003e00900918$_sn:1$_se:2$_ss:0$_st:1679395896010$ses_id:1679394094999%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:34|g:74b7a0cf-3adb-417f-86c0-a79f562a48ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:34|i:206917|e:31; __ts_xfdF3__=311125621; dti_apg=%7B%22_rt%22%3A%22DTAGZ593ujXE8Cmq237r%2BtdcAdWF%2FjiG6Hg32Ef4yNE%3D%22%2C%22_s%22%3A%22RhtTYuxA%22%2C%22c%22%3A%22a21IY3dRRUlBc0RMWTlQOQ%3D%3Dmd3F4FZXkwpdsOdkKW-D3dDmdsMQtkX_wD4tPu8nHVf2P3YfNdXNj6CQ1BdhgZ0qn6D27P5IYVsV24AnteheggPgenENX_VdMAM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=09ee7b37-92a4-4424-8de7-df72dc816538; _cls_s=06983b8e-6085-4718-9276-370b6a5959a5:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C03731456705740945174496638865481154157%7CMCAAMLH-1679998896%7C6%7CMCAAMB-1679998896%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C2014362420%7CMCOPTOUT-1679401296s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _gcl_au=1.1.197803954.1679394096; _ga=GA1.2.681992819.1679394096; _gid=GA1.2.670673865.1679394096; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:34 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 975
Connection: keep-alive
Content-Security-Policy: default-src 'none'; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-74110b3d-a7a0-4e06-994b-2c1606eb94a4' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:34|g:74b7a0cf-3adb-417f-86c0-a79f562a48ae|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:34|i:206917|e:31; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:34|g:a8c89dec-7ae4-4adb-8386-687a2035f3cf; Expires=Tue, 21-Mar-2023 10:22:04 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:34|g:a8c89dec-7ae4-4adb-8386-687a2035f3cf|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Tue, 21-Mar-2023 10:22:04 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Tue, 21-Mar-2023 10:22:04 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:34|i:206917; Expires=Tue, 21-Mar-2023 10:22:04 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:34|i:206917|e:31; Expires=Tue, 21-Mar-2023 10:22:04 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=7239F8327EB9EFAB297BA7A32913CA14; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Wed, 20-Mar-2024 10:21:34 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202303210321341155108516; domain=.wellsfargo.com; path=/; expires=18 Mar 2033 10:21:34 GMT; secure=true; SameSite=Lax; HttpOnly
DCID=WCaAC3n+3MT1MvYXwhZbft10mq0T8j%2fFKZKrris8HYgBJVFDEyyIxCmZCubqYWSF; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:34 GMT;Httponly; Secure
_abck=49A6BDFE269AADD2E86ABB98CD8FD3E0~-1~YAAQlNAXAuLBleKGAQAAuD2wAwkXP9OZXXfOJ0PZta0P4Hqh8zdbW5d7q0L5/R+nO/6BN+iCs7FoPbH78a2MS/C2MRA9+a+W5sbPrPha8jVwWN4KG2XHRGkOknFFa2h4F9eOV/fTJ/ShHz3lRBRu6WcleuQQDVzI4rRbmAzMCZb/uGZREyxunEyaaTcwDdtIljNQ2I6gMGtyWYcdvdyHxO/XvMEwHHWu2zfiJ+Xc5Tw66OtrpUSi8ryX1Swi439ade1RigPXaI/JpErWimPLur5WeFmwqRjW1BYasmtDc4jIQQ8oLrZIRPivGr6cN6CqOb1QF+6Leb+P+aFLd0Q4WcaosXh+aI0JbQMVp5XMAxGep9M+6njn5MrAbb8oJ4eyhw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 20 Mar 2024 10:21:34 GMT; Max-Age=31536000; Secure
bm_sz=53E407389A0184E6968A58EF2A5AE557~YAAQlNAXAuPBleKGAQAAuD2wAxN+DdvwnOOhFloMbfuWlB/Ekcb3kpi/SeJCkdD/pBsHksmxdRP+91ZCLh6X9Szu5cykf187BbyhVrn9P9OVsACieDx7hEbOlrLJDwni9HXiXmxBl561Dqocbtw14QU6dS+mDwmIEfUQWJNVsdr02tbDYYPsL8PuAvjEz9hFvV1wz0s578qWS6gNduaV8yKHTYWjhsyag5HkvxI3l1goxLKKQqU1CFvSAwsLKZ+eyC9Le2IjKIs6N6hV8AG7EGs/jqYaR+P5uSinrX90pdveqTUGueG2~3424568~3687989; Domain=.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 14:21:34 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852e_kf175_30501-44678

connect.secure.wellsfargo.com/auth/static/prefs/atadun.js

95.101.10.136

200 OK

607 B

URL HTTP/1.1
connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
IP
95.101.10.136:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with CRLF line terminators
Size
607 B (607 bytes)
Hash
00c66df208db2e1ba86a1bf44853001c
703b030e21167b9bbb52ae54bca96921a886c2dc
ab1989dd07ba1ed256db9131647ea9cb1b3735fac736fd27fb73b4b44c6e45b9

HTTP Headers

GET /auth/static/prefs/atadun.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 22 Feb 2023 02:28:14 GMT
Vary: Accept-Encoding
ETag: W/"63f57dbe-4a0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Content-Encoding: gzip
Content-Length: 607
Date: Tue, 21 Mar 2023 10:21:34 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=y+MugUlWz0q7O+kK4ZfbsD4WAIqmsbK3ijUG4kU23Fo%2f3AUJV32OC4K+k+j+mnaJ; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:34 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip

163.171.132.220

200 OK

134 B

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
134 B (134 bytes)
Hash
584f60892d84f6a3f9af86bd27db5dd5
0526caf4ab17f55be944ffbcca4e97c5011ef38d
146f9987012e32942b8135e51f9b60cae4b162a7f3599210ade8a737d1fc37e4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /dti_apg/api/dip/v1/dip HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
ADRUM: isAjax:true
Content-Length: 2024
Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
Cookie: SameSite=None; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=; utag_main=v_id:018703b03f97001149cbcf9448e800050003e00900918$_sn:1$_se:2$_ss:0$_st:1679395896010$ses_id:1679394094999%3Bexp-session$_pn:1%3Bexp-session; __ts_xfdF3__=311125621; dti_apg=%7B%22_rt%22%3A%22DTAGZ593ujXE8Cmq237r%2BtdcAdWF%2FjiG6Hg32Ef4yNE%3D%22%2C%22_s%22%3A%22RhtTYuxA%22%2C%22c%22%3A%22a21IY3dRRUlBc0RMWTlQOQ%3D%3Dmd3F4FZXkwpdsOdkKW-D3dDmdsMQtkX_wD4tPu8nHVf2P3YfNdXNj6CQ1BdhgZ0qn6D27P5IYVsV24AnteheggPgenENX_VdMAM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=09ee7b37-92a4-4424-8de7-df72dc816538; _cls_s=06983b8e-6085-4718-9276-370b6a5959a5:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C03731456705740945174496638865481154157%7CMCAAMLH-1679998896%7C6%7CMCAAMB-1679998896%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C2014362420%7CMCOPTOUT-1679401296s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _gcl_au=1.1.197803954.1679394096; _ga=GA1.2.681992819.1679394096; _gid=GA1.2.670673865.1679394096; _gat_gtag_UA_107148943_1=1; ADRUM_BTa=R:34|g:a8c89dec-7ae4-4adb-8386-687a2035f3cf|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:34|i:206917|e:31
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:34 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 134
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
x-envoy-upstream-service-time: 16
X-Akamai-Transformed: 9 206 0 pmb=mTOE,1
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=NLHewrWVh1EldYnFphIJtEJQVhMMMX+Wp1WIEO+IWhd+8WQ%2fUkExVZsd73Ze1+nQ; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:34 GMT;Httponly; Secure
_abck=EFEF8EB76058D65EFC57774950C54261~-1~YAAQjtAXAkqXXOaGAQAAXD+wAwlCOOXUMXxncN3uEKkMGahwSWUBl8K0gRXtIxHKtHu15vM+J1eeHhQvwjdMJqHmw9HMYw3Bqwmbm/GnJRQohsJm5NOAnBDj7DF4oB4gbu5y3JwjuOzuZ+UFTF9I4mB6koPkd1iZN9R/ZS634ArefVHKHcgGtPGbu49KjayWtOvxlnIkKkOZIbAWlxvPsGwFvyp2z9ZPCeaqPof96CebLTuup4anKHGj3yTmUvmPrcxd8gAinCup8QSGTvejCW+34rz/HERDpnKFtNLSxDv7ho5qn/oRmy2ntHSBJNc4O9BFO9eNpEqrqR9NlSdi1RrI9XnPM2AAe6OtoCXoUG+7yCfQvRvq9uVuguAxOy4dTA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 20 Mar 2024 10:21:34 GMT; Max-Age=31536000; Secure
bm_sz=1D0ED854509BD641C1FCECC18EC496D4~YAAQjtAXAkuXXOaGAQAAXD+wAxP9v+QXulVVmkjU2t8liWRSdpP7F2TV28YeVu4Y3xde+HpaPyF1Wu8i/UQ4V/7WdWyu6p+vzh0c7NlLmsbBOMd3v8dB9AxxOqULn/O7FUWrHGXQ+fiz5iNddz9CBi3TTA5Wl349c27K00mrpXBRpq/ir8tJUHZKiMohtXzO86/VmY1N0yD9Nzbw5wmLuNJ3C/EYS/FwCMMeykVwMk8ZAUjzEKb+22pCNCzgFHoTXcdMpbUfBk2BXgl3YTnLpn4u7HZ0GdBHAn2cJH3LeEzWdWKtbUds~3424568~3687989; Domain=.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 14:21:34 GMT; Max-Age=14400
X-Via: 1.1 kf175:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852e_kf175_30366-155

connect.secure.wellsfargo.com/jenny/nd

95.101.10.136

200 OK

18 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/jenny/nd
IP
95.101.10.136:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (2293)
Size
18 kB (17925 bytes)
Hash
529ecbd9053f860a176703f4db289689
9dc04c3c1f03e70a0cabf8248e891965f8d22bf6
870acbfa991e5e7042ac5e7f6fcd7dcc7630de685cb0893a5d77be996ccaf363

HTTP Headers

GET /jenny/nd HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/javascript;charset=ISO-8859-1
Content-Length: 17925
Date: Tue, 21 Mar 2023 10:21:35 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:55|g:9addcaf1-fb0d-453d-8d50-ef33f1827a51; Expires=Tue, 21-Mar-2023 10:22:05 GMT; Path=/; Secure
ADRUM_BTa=R:55|g:9addcaf1-fb0d-453d-8d50-ef33f1827a51|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Tue, 21-Mar-2023 10:22:05 GMT; Path=/; Secure
SameSite=None; Expires=Tue, 21-Mar-2023 10:22:05 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812; Expires=Tue, 21-Mar-2023 10:22:05 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812|e:3; Expires=Tue, 21-Mar-2023 10:22:05 GMT; Path=/; Secure
ISD_AB_COOKIE=B; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=n5IjQ2orJZAvn2uU3LtQOSHHoAmcC%2fkAyEG%2fHDTsufuvxbCQvykUB2cj+SQ6ZsgY; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:35 GMT;Httponly; Secure
_abck=571B2A91F86072CA95EC891D9B529410~-1~YAAQhAplXyqYKuWGAQAAIECwAwneZtZJ6+iSZ9GTjvCPtsqZieAPI03UVQiq+fEuVpsltyv6si38xuMhEwdw36IAiTic19ayXU/j7aohP6feGwae6O6Kvjg80FXP7rub1CVX6g1q1UY4z/XGFFvLXOUsUJ8pbJUYMNURRUmNaDXm7Oza/bxBIQnlEyXpkaQVfHlraLWTMFi31UlR/Axmfxh3vM5naSkP4zjdRh9dUHKpy8AVw7srZ3NcL1utNpzbFdD4trfflvnH0wi02p2/QkE0m3zIuPlxWzvWGA8oQga0rkNzgIn0Vm9vbyTjvdQudoSzMkjiGG6t0Jek5EcRrkuVXkPb0/DyJVP6mfZCKqbHhFDMgi9x6yulVzFJMCytXg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 20 Mar 2024 10:21:35 GMT; Max-Age=31536000; Secure
bm_sz=D813B8E996C36941E5AA773AFFF6D7A7~YAAQhAplXyuYKuWGAQAAIECwAxMviJqMZK2PBkwKgLdakMUDvTpAi8QumUBJhT0hPiGuUEF923pZI+Bb3LxdQZYYBBoqw8m42XffPE6i2I7wCah0QN3lsKMXNlqO6ma4owSKIbivcJ2sX3fkS4YGWAmQkhxqrdQ3hQ2UVKM7lg6GIb3ajFAFht/fxvSkDnkpz4mT3Alp++VAL7NPXrsDfYOUSOW4OvSFRh7nz9OF6b/PMwQL9v/H9iJHeOQDtOd2UulVN9sDyKJ5ju8oi4p7ijKR+GhGO9mLKGdGx2bo2KDB2CU3zopS~3291187~3228486; Domain=.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 14:21:34 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

connect.secure.wellsfargo.com/AIDO/glu.js

95.101.10.136

200 OK

37 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/AIDO/glu.js
IP
95.101.10.136:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
37 kB (37263 bytes)
Hash
6bb4e45b6edae39e46e96a6f3bd45652
af98add1820fb1687256ddb4e105bb497d2e2aac
40ecd0c54cc63e2286c6785da067d4707854e4f37ed0d319e2b6549bb6f689cc

HTTP Headers

GET /AIDO/glu.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 37263
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, OPTIONS
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Encoding: gzip
Date: Tue, 21 Mar 2023 10:21:35 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=ZXZv45+x4fQftlWaudne1salHDnrpFr7WhDwAbBa0w4LqZotdeX5a7AxzozQCCAT; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:34 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

connect.secure.wellsfargo.com/PIDO/pic.js?r=0.8247245493999903

95.101.10.136

200 OK

51 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/PIDO/pic.js?r=0.8247245493999903
IP
95.101.10.136:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
51 kB (51312 bytes)
Hash
f63e00bbffc8f4084ea1dc32edb3dd86
eb10d79f2388f00566385eaea1327e5cb2f3f470
06255db62a80cc20a8dec2942a22472bf866ccdaf1a871e434458c06af5415e9

HTTP Headers

GET /PIDO/pic.js?r=0.8247245493999903 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 51312
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Tue, 21 Mar 2023 10:21:35 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=VdFpNcEKYuQxt78fZ%2fL%2f%2fXi6P2bcatILnAhLkE8h%2fsVjtX6umi84QMvzI%2f3Kgs1E; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:34 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBYY2Q0NW1ibFIzRmdnQUt3RW5yTStWSGJaQjQ5TGtqZ3FrWHJtNHp2SVlLREVIVllxTGFNaDlIRUg0UTg3N2RuWXlIUTdqaHplU0hYY2Rnek5uUGhkZFBMZEFnUmtkZUQwYWlSZDdXMjJiYlJDN1VkbnBCL3FpaEhXQUduYmlwRzYzQ1E1SlMzcGlXc2J3U2hiM3hHN0tCSzdwdUVReER0R2Z0QTZRdXJZZ3BrSFN6cXBLOGtweDAzUkE0L2dkUUpUczgvajFhMGY5ZzZUZHJhTEVmQWlrSlV4ZkZjSlZxOUZBYjlUd2F4blJvWHozM1dnTTJ1V2VleU8wQVY1UUQ3aWMrOWJmeU15M1Qwb0ZEbjhoSWZHVkU2RkZUN0lTd2lsTTlBZGRsNFVCZDU3MzdYeEZSbGVnPT18N2FjMjk0YTNiZjA4YTUxOTVhZjI2ZWI5YTRiZTcxNmJlY2YzNTdhYjcxMTVlM2E3NGNlMzQwOGNhMzYwMzg0YmYwMTdhZTIyYTJkNmEwMGE1Yjg5MTI5YjkyMWE4NWJiNTM5MTZkYWYzMDBmZjMxODAwNDU5Njc0N2QxZWNkMTU5NDU4Nzk1Y2QxMjNhYzk5ZDA4MDJlYjYzMTZmZDFmNGUzZGQ3MDhlNzhhNTI0YjU3ODUzNzMyMzYyOThhMDRlNmU2MzI5MzQ3MGU0NjhmMWU0MDRlY2ZkOTdlZjdlYzk3MjQ0MDE0ZWQ4ZDMzYmE5YjFhMTcxMWY5YzU4NjU2MjkyNmJiNWRmNTRiOWExYjBlYTExODlkNjJiZjJjM2M1NDFjZGY4OWNiZjFiNGUxMDhkYjUyMTg0NTJlYTM0MDI3NDY2NWY2ZTgzYWNjMmY2NTUxMGJjMGExNDU2ZGIxYmFjNTBhZTY0YTBmN2ZiY2JhZDQ0MWQ4NzU2MmM1M2QxYzA0MWE3MmM4NjdiNmE1N2MxOThkN2E1Y2YwOTU2ZjUzNWUyNDQ1MmY3Y2IzMDg2N2E3ZDc1MDdkOGQxYmY4YmE5ZDM0M2MwNzk2ODU2NjU4NDI2ZTg3NDViYTA4ODVhNzg2MmQyYmRkNDc5NTY4M2FhZjkzOWQwZjJkMzBmYTB8MDBlZTBiNjJlY2FhYzg5Zg%3D%3D&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com&t=jsonp&c=zugafvnxunzkvrw_&eu=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F

95.101.10.136

200 OK

90 B

URL HTTP/1.1
connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBYY2Q0NW1ibFIzRmdnQUt3RW5yTStWSGJaQjQ5TGtqZ3FrWHJtNHp2SVlLREVIVllxTGFNaDlIRUg0UTg3N2RuWXlIUTdqaHplU0hYY2Rnek5uUGhkZFBMZEFnUmtkZUQwYWlSZDdXMjJiYlJDN1VkbnBCL3FpaEhXQUduYmlwRzYzQ1E1SlMzcGlXc2J3U2hiM3hHN0tCSzdwdUVReER0R2Z0QTZRdXJZZ3BrSFN6cXBLOGtweDAzUkE0L2dkUUpUczgvajFhMGY5ZzZUZHJhTEVmQWlrSlV4ZkZjSlZxOUZBYjlUd2F4blJvWHozM1dnTTJ1V2VleU8wQVY1UUQ3aWMrOWJmeU15M1Qwb0ZEbjhoSWZHVkU2RkZUN0lTd2lsTTlBZGRsNFVCZDU3MzdYeEZSbGVnPT18N2FjMjk0YTNiZjA4YTUxOTVhZjI2ZWI5YTRiZTcxNmJlY2YzNTdhYjcxMTVlM2E3NGNlMzQwOGNhMzYwMzg0YmYwMTdhZTIyYTJkNmEwMGE1Yjg5MTI5YjkyMWE4NWJiNTM5MTZkYWYzMDBmZjMxODAwNDU5Njc0N2QxZWNkMTU5NDU4Nzk1Y2QxMjNhYzk5ZDA4MDJlYjYzMTZmZDFmNGUzZGQ3MDhlNzhhNTI0YjU3ODUzNzMyMzYyOThhMDRlNmU2MzI5MzQ3MGU0NjhmMWU0MDRlY2ZkOTdlZjdlYzk3MjQ0MDE0ZWQ4ZDMzYmE5YjFhMTcxMWY5YzU4NjU2MjkyNmJiNWRmNTRiOWExYjBlYTExODlkNjJiZjJjM2M1NDFjZGY4OWNiZjFiNGUxMDhkYjUyMTg0NTJlYTM0MDI3NDY2NWY2ZTgzYWNjMmY2NTUxMGJjMGExNDU2ZGIxYmFjNTBhZTY0YTBmN2ZiY2JhZDQ0MWQ4NzU2MmM1M2QxYzA0MWE3MmM4NjdiNmE1N2MxOThkN2E1Y2YwOTU2ZjUzNWUyNDQ1MmY3Y2IzMDg2N2E3ZDc1MDdkOGQxYmY4YmE5ZDM0M2MwNzk2ODU2NjU4NDI2ZTg3NDViYTA4ODVhNzg2MmQyYmRkNDc5NTY4M2FhZjkzOWQwZjJkMzBmYTB8MDBlZTBiNjJlY2FhYzg5Zg%3D%3D&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com&t=jsonp&c=zugafvnxunzkvrw_&eu=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F
IP
95.101.10.136:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with no line terminators
Size
90 B (90 bytes)
Hash
64e9b8c4f7955f84ae71f96ae6efe6f8
1c88fc1d8b69d212c3a81e10930657c971194e46
78b518819fba1c687cef32101c8f501f7bd9a0a957a5a43088c3a26c00b1c29d

HTTP Headers

GET /AIDO/vyHb?d=ZW5jZEBYY2Q0NW1ibFIzRmdnQUt3RW5yTStWSGJaQjQ5TGtqZ3FrWHJtNHp2SVlLREVIVllxTGFNaDlIRUg0UTg3N2RuWXlIUTdqaHplU0hYY2Rnek5uUGhkZFBMZEFnUmtkZUQwYWlSZDdXMjJiYlJDN1VkbnBCL3FpaEhXQUduYmlwRzYzQ1E1SlMzcGlXc2J3U2hiM3hHN0tCSzdwdUVReER0R2Z0QTZRdXJZZ3BrSFN6cXBLOGtweDAzUkE0L2dkUUpUczgvajFhMGY5ZzZUZHJhTEVmQWlrSlV4ZkZjSlZxOUZBYjlUd2F4blJvWHozM1dnTTJ1V2VleU8wQVY1UUQ3aWMrOWJmeU15M1Qwb0ZEbjhoSWZHVkU2RkZUN0lTd2lsTTlBZGRsNFVCZDU3MzdYeEZSbGVnPT18N2FjMjk0YTNiZjA4YTUxOTVhZjI2ZWI5YTRiZTcxNmJlY2YzNTdhYjcxMTVlM2E3NGNlMzQwOGNhMzYwMzg0YmYwMTdhZTIyYTJkNmEwMGE1Yjg5MTI5YjkyMWE4NWJiNTM5MTZkYWYzMDBmZjMxODAwNDU5Njc0N2QxZWNkMTU5NDU4Nzk1Y2QxMjNhYzk5ZDA4MDJlYjYzMTZmZDFmNGUzZGQ3MDhlNzhhNTI0YjU3ODUzNzMyMzYyOThhMDRlNmU2MzI5MzQ3MGU0NjhmMWU0MDRlY2ZkOTdlZjdlYzk3MjQ0MDE0ZWQ4ZDMzYmE5YjFhMTcxMWY5YzU4NjU2MjkyNmJiNWRmNTRiOWExYjBlYTExODlkNjJiZjJjM2M1NDFjZGY4OWNiZjFiNGUxMDhkYjUyMTg0NTJlYTM0MDI3NDY2NWY2ZTgzYWNjMmY2NTUxMGJjMGExNDU2ZGIxYmFjNTBhZTY0YTBmN2ZiY2JhZDQ0MWQ4NzU2MmM1M2QxYzA0MWE3MmM4NjdiNmE1N2MxOThkN2E1Y2YwOTU2ZjUzNWUyNDQ1MmY3Y2IzMDg2N2E3ZDc1MDdkOGQxYmY4YmE5ZDM0M2MwNzk2ODU2NjU4NDI2ZTg3NDViYTA4ODVhNzg2MmQyYmRkNDc5NTY4M2FhZjkzOWQwZjJkMzBmYTB8MDBlZTBiNjJlY2FhYzg5Zg%3D%3D&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com&t=jsonp&c=zugafvnxunzkvrw_&eu=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 90
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Tue, 21 Mar 2023 10:21:35 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=vbP9qMm0P+%2fjxJYMLarycb6Y06HcHFNf8PqebFYrU0cpOgjpqFs6q+Xeg4xcuwB2; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:35 GMT;Httponly; Secure
_abck=6C0FD36EA063B8A705242D376D68386E~-1~YAAQhAplXzCYKuWGAQAAe0GwAwnquXWY+vFEPEzeK/xWWc8il/qPCeulmEGQsQMcqKcKm1C8FMuAlYW54cozTcsSlz47oaOtAAh+FjkoJK4EvDm6gJjm49Fctv0p/CYwEojMKp5zARx3ghexsxhSV8I572Lc1WlwJWwuvWYWWHMKnF7eGLY62K5FgX4oDWH42vgowZIHP7WK3W0pjDAywF2qEfD8k02wmTjizDa2ei6kUfFXBzCPEPnbdbMa7MpheIF3swfl0BuzKMXFtMXJOkCfF65bh+Ito8AXKSKrsHvVHtJ6KJQeAtNnAomeH423CT07nipMgax4IpUx0hiVFkZ2R0PNztbYe2Pc4gO+UcRQuSkUR5gXoJypfNwHhjvbpA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 20 Mar 2024 10:21:35 GMT; Max-Age=31536000; Secure
bm_sz=A42A410D8F6D0E9038C76322DD8D19E4~YAAQhAplXzGYKuWGAQAAe0GwAxOE2Oxv6eDRGCuKTQMoZVAo3eVDjCHrmzlC9FiBgeMbThUHheEhcG6lHQnPdhjUiYIuPzNeqF/tFW3zy1lf6XbZmsT63N1naj7yux4+VOeJW7BFSRUyj5Vomo53wSyAM9EEjUy1b2OtGuDCD+8dplPpvsYRgkgTXKrP0zmFuototSDzzY73coDZvRMOA/cF/jxR5/0XO3Bq9w5iQiMEXCSG5CPTbHundHAMNf9Cy+u0bSLoj+cVwco/Sw/mEF5A/p4MeuGmkC5cGPdK3aDOt57IUc3K~3293752~3683896; Domain=.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 14:21:35 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f012cdd7cf0de250dad5fe3f278cb616
cb16e7ba2d5b470c7ae19546e0b51ce5f2019af7
9e4071dcc60e43a82f4a24c60c8be0eecc25dcf39682c3bbf7d4ac50d6d1f5d2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 10:21:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8535613a8a8fd6ee9e928b3539dcfccd
75d939e05c094dda5410c98b8264d7c3270a6672
b09eaa3afbf3c651a41228d2297ff907b3f98102bce5277c7b9a1af8a1f346f3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 10:21:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1679394096448&cv=9&fst=1679394096448&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&tiba=Servicios%20bancarios%2C%20pr%C3%A9stamos%20e%20informaci%C3%B3n%20para%20peque%C3%B1as%20empresas%20%7C%20Wells%20Fargo&hn=www.google.com&async=1

142.250.74.66

302 Found

42 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1679394096448&cv=9&fst=1679394096448&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&tiba=Servicios%20bancarios%2C%20pr%C3%A9stamos%20e%20informaci%C3%B3n%20para%20peque%C3%B1as%20empresas%20%7C%20Wells%20Fargo&hn=www.google.com&async=1
IP
142.250.74.66:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/viewthroughconversion/984436569/?random=1679394096448&cv=9&fst=1679394096448&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&tiba=Servicios%20bancarios%2C%20pr%C3%A9stamos%20e%20informaci%C3%B3n%20para%20peque%C3%B1as%20empresas%20%7C%20Wells%20Fargo&hn=www.google.com&async=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 21 Mar 2023 10:21:35 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-user-list/984436569/?random=1679394096448&cv=9&fst=1679392800000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--5g49329d48d6c.wsipv6.com%2Fes%2Fbiz%2F&tiba=Servicios%20bancarios%2C%20pr%C3%A9stamos%20e%20informaci%C3%B3n%20para%20peque%C3%B1as%20empresas%20%7C%20Wells%20Fargo&async=1&is_vtc=1&random=2761970999&resp=GooglemKTybQhCsO
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 21-Mar-2023 10:36:35 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50

54.70.91.176

200 OK

68 B

URL HTTP/2
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
IP
54.70.91.176:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
68 B (68 bytes)
Hash
1c56c7fb90221afddf56da30158ad2ef
8a845fff26270c2638fd6ec75423cae4903a8f49
925eef11602c9b08e433a33ce4d5c86a5f2f8b1dd959a04b0fac5490cf688f6e

HTTP Headers

GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 21 Mar 2023 10:21:34 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f012cdd7cf0de250dad5fe3f278cb616
cb16e7ba2d5b470c7ae19546e0b51ce5f2019af7
9e4071dcc60e43a82f4a24c60c8be0eecc25dcf39682c3bbf7d4ac50d6d1f5d2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 10:21:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.6477806595341796

95.101.10.136

200 OK

137 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.6477806595341796
IP
95.101.10.136:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
137 kB (136556 bytes)
Hash
b73b7e43289f6e934fb64904ecbfba8d
3213c49bbd9d8400f9d713a57b79e8e7807e03e6
15e7c36949258892227fcbab1419e17205f7c0c2988798d6e03427ab00b93c51

HTTP Headers

GET /AIDO/mint.js?dt=login&r=0.6477806595341796 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 136556
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Tue, 21 Mar 2023 10:21:35 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=Gla49+6Hop5H3KwPkQOD54PyTCTjVCLh%2fO0Blb5XobRmqC9+Kqn0s+ryli29Nu3b; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:34 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

ort.wellsfargo.com/securereporting/reporting/v1/csp

95.101.10.171

200 OK

0 B

URL HTTP/1.1
ort.wellsfargo.com/securereporting/reporting/v1/csp
IP
95.101.10.171:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /securereporting/reporting/v1/csp HTTP/1.1
Host: ort.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 3811
Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Length: 0
X-Vcap-Request-Id: 7d4249d4-831a-4a4f-5968-0765c82efb9b
X-Xss-Protection: 1; mode=block
Date: Tue, 21 Mar 2023 10:21:35 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:0|g:47a16de5-12f6-44cb-b1ac-a617f9014cbd; Max-Age=30; Expires=Tue, 21-Mar-2023 10:22:05 GMT; Path=/; Secure
ADRUM_BTa=R:0|g:47a16de5-12f6-44cb-b1ac-a617f9014cbd|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Max-Age=30; Expires=Tue, 21-Mar-2023 10:22:05 GMT; Path=/; Secure
SameSite=None; Max-Age=30; Expires=Tue, 21-Mar-2023 10:22:05 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766; Max-Age=30; Expires=Tue, 21-Mar-2023 10:22:05 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:2; Max-Age=30; Expires=Tue, 21-Mar-2023 10:22:05 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:2|d:3; Max-Age=30; Expires=Tue, 21-Mar-2023 10:22:05 GMT; Path=/; Secure
DCID=vZ6a6urIaGj4%2f0Bk5sUEEU05XLc7uuu8nRK60HpHiTs%3d; Domain=ort.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:35 GMT;Httponly; Secure
_abck=2BFF9E13D965A93390A556330685D621~-1~YAAQpwplX/7iZcWGAQAAyUKwAwk/IifuAzUjVV2gq2Pk7R18I/ta94MUXh4eQLQYwPIGl1i46wVDHGvd7GHb6Bjocjmv+6U2F2WCVpRlD7fN9jjbS0AdHvEg86FUINncosEdKtu+5rYRVjC79/nXdA6V5+Qw4n/Z8O1QoIwp7lObe36+6BpFMfsw5I4mOpqqiHVfectkV4QMurpbzKiDKmWWIEJI/5nHAKWIOf75paTcztwrpg79wW6k86WGCdmPziPDv39DGl1dtU9qCYeHRT9sQjwISxBowDc996WcUzaMk/IenQxMktHQw6wQHmGxX/kQQ02va12AFhgZwNOsDO+LXWF2dSnun2+5zv7tLAlgfg8ZPgba/rH+f+96xrhIBA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 20 Mar 2024 10:21:35 GMT; Max-Age=31536000; Secure
bm_sz=531C39D5E71D8165BAA84EB6C36699C3~YAAQpwplX//iZcWGAQAAyUKwAxM7oCSx6NTad9lVZXwL6iuqHyJk1IcbxU6QK+7IXf9I689qq7SfSEdwv4G68NQmorCjVKzFoAjhSeEdDZm9am6NFWqqkMzgKlgXk1UMZTHWlpvN3hZaUOpKw/6YcrY0K+ZU6m/8wbuO9M2/uyl6RSgaLsJHs5RLRw4FtXKWrXW9CmFain8DrM4FiKKLguUvxJElfA2BIju1vMY6KZHbIS2NOfwQBCCwI1G8KdRqKQHOwX1uLZ9GlM2n+DTir8QXKA73irkQ5IeGYYSarRKoOECgY6am~4474166~4471091; Domain=.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 14:21:35 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--5g49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load

163.171.132.220

200 OK

265 B

URL HTTP/1.1
www--wellsfargo--com--5g49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
IP
163.171.132.220:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
265 B (265 bytes)
Hash
7210bff133f9321c03fda64cf477e071
c32635228683d6f302a0d304f0b2811a057d84f6
9cf2cdb7d04faf7bf28adcfa0727338aea5d054b69427cd39884cec824b8f702

HTTP Headers

POST /dti_apg/api/imp/v1.0/report/?m&fq=load HTTP/1.1
Host: www--wellsfargo--com--5g49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/es/biz/
content-type: text/plain;charset=UTF-8
Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Content-Length: 668
Connection: keep-alive
Cookie: SameSite=None; ISD_WCM_COOKIE=!3sOuMwLRNDM79bgGl7IZxfIs0wroUVE6e9RnAiO9yvxP2CAj6rmrTqS1t/kEQDqYbxovB+GFvl8LTOE=; utag_main=v_id:018703b03f97001149cbcf9448e800050003e00900918$_sn:1$_se:2$_ss:0$_st:1679395896010$ses_id:1679394094999%3Bexp-session$_pn:1%3Bexp-session; __ts_xfdF3__=53475738; dti_apg=%7B%22_rt%22%3A%22DTAGZ593ujXE8Cmq237r%2BtdcAdWF%2FjiG6Hg32Ef4yNE%3D%22%2C%22_s%22%3A%22RhtTYuxA%22%2C%22c%22%3A%22a21IY3dRRUlBc0RMWTlQOQ%3D%3Dmd3F4FZXkwpdsOdkKW-D3dDmdsMQtkX_wD4tPu8nHVf2P3YfNdXNj6CQ1BdhgZ0qn6D27P5IYVsV24AnteheggPgenENX_VdMAM%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AS6FGWQAAAAASvrMHRYnCw4zD0KqsbVD%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A10000%7D; _cls_v=09ee7b37-92a4-4424-8de7-df72dc816538; _cls_s=06983b8e-6085-4718-9276-370b6a5959a5:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C03731456705740945174496638865481154157%7CMCAAMLH-1679998896%7C6%7CMCAAMB-1679998896%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C2014362420%7CMCOPTOUT-1679401296s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _gcl_au=1.1.197803954.1679394096; _ga=GA1.2.681992819.1679394096; _gid=GA1.2.670673865.1679394096; _gat_gtag_UA_107148943_1=1; ADRUM_BTa=R:34|g:a8c89dec-7ae4-4adb-8386-687a2035f3cf|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:34|i:206917|e:31; _imp_di_pc_=AS6FGWQAAAAASvrMHRYnCw4zD0KqsbVD; ndsid=ndsa8iqkbv3cwz3lfi3vv9e; LSESSIONID=eyJpIjoieFwvUDcybmE3UXRGd3JYRFpGUDdNVGc9PSIsImUiOiJpdlZBdmN4ekxZdkxIWXl4VnBkQXRWbFwvQm41ek5cL21mXC9ZMnlQU2F6cWZ4WlViMUd3Q2FHN2RDdXRcL0FXY25xTVlySW5FaTM2ckVCcis4eHhwano4QjBUc1lPMEVzTDFmREtiVk9EbExrT0tnRVRacWdUSmJoMkYrRDV4cEMydkpBNTg3V2VLT3h2MFlReHcxZHBidGdBPT0ifQ%3D%3D.b1aecc5f83f4ec86.ODliNDhiMTdlYzZmMjFhZjUxOWEyMzU4MjYxZDc2Mjk1Y2E3YjA0Y2I4MjU4Mzk5OTc1NmNhZTJhMjRiOGMzOQ%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 10:21:36 GMT
Content-Type: text/plain
Content-Length: 265
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=GvfU4epmFosDoeT91ff33DzGv6Dgj8tMn%2fBznDR9J9%2fr%2fmiq7V8fvsA62CxWOCVh; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 10:36:35 GMT;Httponly; Secure
_abck=A114E58D2552C2699B7CC79A778A2D6B~-1~YAAQlNAXAlDCleKGAQAAUkSwAwmN73/kSuQ2v/KGuUc/3FftQODPpj4UQioZ65/F8ppgV9+3rVMhS2jGGNxwmtfiNeJbkkvqXU/H2C6VwcejrOcAR7YwzSLvvA/n7Qq6mI8vcVz6gHRF8AKW35o45DP/lGRw5BTpJ24Keo293ENFHxQtLEdgR41zyUPF7jUkpzWYOat4zDfJsqnEnTsn5QtV69giaPkHjO360KsH5TemZLrNDvztjufcfhXaJtSqqqrTn4smSBhM/wAeVTIkDSSO8P8f1MKfxkKP8c9Hlr6sBKCG5La/QF3JrFDPGCNRu42m26iUhqUOAf2dvGHIaCLlPY9vtWqQ1Zc7lMk8nPPvZDAogEqVQuKI3dOzWFjscA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 20 Mar 2024 10:21:36 GMT; Max-Age=31536000; Secure
bm_sz=2327759F1BC0D254F7BAA41C55D5E0BF~YAAQlNAXAlHCleKGAQAAU0SwAxPgQ0Gfy9RU5s6cFq9jnTBK1zZLyUfTL32DWdZhgucYBoKr3GdQDaHaplgQPpLK6cbBF2ZgYVYonbiUPORNOZLecE3YwOFwUfAB27TlUL9uEFmX79nL+zsfOCATHlAIfwArXxud7Eg/v7aAuoIw1zJdWkyJrWIiER19sfEeFPN1evDLMbGkFtdNwWNUWugRr05SHgd6A3M9ENDM1K1HO8xz/w8nyq1FAXfPAQQSvCumeX7cGsYvLLOTVH5kvOoGRKP324K+17wYxBRHTjgERVgZfj5D~4274480~3684164; Domain=.wellsfargo.com; Path=/; Expires=Tue, 21 Mar 2023 14:21:35 GMT; Max-Age=14399
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6419852f_kf175_30366-170

pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51

54.70.91.176

200 OK

0 B

URL HTTP/2
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
IP
54.70.91.176:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 21 Mar 2023 10:21:34 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2

pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum

54.70.91.176

200 OK

0 B

URL HTTP/2
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP
54.70.91.176:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 13981
Origin: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5g49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 21 Mar 2023 10:21:35 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:55|g:e83de524-ade4-49e6-b25b-b7abd0b1937d; Path=/; Expires=Tue, 21-Mar-2023 10:22:04 GMT; Max-Age=30
ADRUM_BTa=R:55|g:e83de524-ade4-49e6-b25b-b7abd0b1937d|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e; Path=/; Expires=Tue, 21-Mar-2023 10:22:04 GMT; Max-Age=30
SameSite=None; Path=/; Expires=Tue, 21-Mar-2023 10:22:04 GMT; Max-Age=30; Secure
ADRUM_BT1=R:55|i:559461; Path=/; Expires=Tue, 21-Mar-2023 10:22:04 GMT; Max-Age=30
ADRUM_BT1=R:55|i:559461|e:4; Path=/; Expires=Tue, 21-Mar-2023 10:22:04 GMT; Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (35)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML