Report - www--wellsfargo--com--d649329d48d6c.wsipv6.com/

Report Overview

Submitted URL
www--wellsfargo--com--d649329d48d6c.wsipv6.com/
IP
163.171.134.56
ASN
#54994 QUANTILNETWORKS
Submitted
2023-08-05 10:30:34
Access
public
Website Title
Wells Fargo Bank | Financial Services & Online Banking
Final URL
www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
66

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.dcocsp.cn	33518	2018-05-02	2018-11-07	2023-08-04	328 B	959 B	47.246.44.224
static.wellsfargo.com	12306	1993-04-28	2015-03-14	2023-08-04	1.9 kB	49 kB	23.36.79.26
c1.wfinterface.com	14481	2019-10-25	2020-08-20	2023-08-04	4.1 kB	417 kB	23.36.79.32
connect.secure.wellsfargo.com	11812	1993-04-28	2017-01-31	2023-08-04	4.7 kB	742 kB	23.36.79.24
rubicon.wellsfargo.com	11786	1993-04-28	2019-12-17	2023-08-04	3.4 kB	6.9 kB	23.36.79.18
pdx-col.eum-appdynamics.com	4816	2013-04-16	2018-10-26	2023-08-04	1.1 kB	1.8 kB	44.241.221.162
www--wellsfargo--com--d649329d48d6c.wsipv6.com	unknown	2021-04-25	2022-08-19	2023-07-02	37 kB	728 kB	163.171.134.56
www17.wellsfargomedia.com	76964	2009-06-25	2021-07-19	2023-08-04	16 kB	346 kB	104.110.27.78
ort.wellsfargo.com	51778	1993-04-28	2013-12-03	2023-08-04	466 B	2.1 kB	23.36.79.25

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-08-04	medium	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	Wells Fargo & Company

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (27)

	URL	Size	First Seen	Last Seen
	c1.wfinterface.com/tracking/ga/ga.js	49 kB	2023-03-07	2024-07-24
Pretty URL c1.wfinterface.com/tracking/ga/ga.js IP 23.36.79.32 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-07-24 10:33:08 Times Seen4900 Hash 8402e9ebdf9290c018b0617018227681 2d840fcd6c3008d9aca747ba0ce056b496db8e1b 0b2af045acafbdf14516bf55f310568036ace959946d16edb1acebcd58029d22 Loading...

	c1.wfinterface.com/tracking/ga/ga_conversion_async.js	36 kB	2023-03-07	2024-07-24
Pretty URL c1.wfinterface.com/tracking/ga/ga_conversion_async.js IP 23.36.79.32 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-07-24 10:33:08 Times Seen4918 Hash 0a40602db7616a31c9da4548ee920190 878e01cb0c90cb247aabc137327655a6fcffcbd5 6c771bd1c269646a76015f2f6410a40c031e5adea88f665bfe9ae15a972ab6ab Loading...

	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	199 B	2023-03-07	2024-07-22
Pretty URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/ IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:01 Last Seen2024-07-22 19:48:49 Times Seen2480 Hash e086f28166bf73bc94e3cd49222ba6b3 e672fcd875785616f34372b6dd2a8245edbd0ca6 268683f78bf540a4628d352b35364a4405e8f1693eaee6a34e081045b1f95e54 Loading...

	www--wellsfargo--com--d649329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.f0a4069fdc0c14e21993.js	174 kB	2023-07-15	2023-08-06
Pretty URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.f0a4069fdc0c14e21993.js IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-15 09:11:30 Last Seen2023-08-06 01:02:21 Times Seen882 Hash f2ae2cf4b00792fee38e84e6509f2c9c ae395db86d01bcef9ac60e4ea5a2052cea2c02a2 1688b00b03e64170c61df02ad73c82a064176cd24d13459323fef810f1d9d2f7 Loading...

	static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js	45 kB	2023-03-07	2024-07-22
Pretty URL static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js IP 23.36.79.26 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-07-22 19:48:50 Times Seen4892 Hash 5f310e2e2a558d76b916e137aee73462 c7ff0190c9c2c414321211f3863e9e27f32b713e 385196f0fce7cea80c2c99d971780ecb73df9dea6e5b2d95d19df3aa849c7b1f Loading...

	c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153	117 kB	2023-03-08	2023-09-21
Pretty URL c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153 IP 23.36.79.9 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:36:56 Last Seen2023-09-21 03:50:16 Times Seen11701 Hash 91c536ff4d2c8db1822702f866e60b08 3370d3721e28923f099da1985f718a88015975aa d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a Loading...

	connect.secure.wellsfargo.com/jenny/nd	54 kB	2023-08-05	2023-08-05
Pretty URL connect.secure.wellsfargo.com/jenny/nd IP 23.36.79.24 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-05 12:14:38 Last Seen2023-08-05 12:35:41 Times Seen6 Hash fabd69acad9198d99b681a1c76b97a61 95d0306f68de42da077d330d8bea8ce0a347d52c b7218dd742456f2a2a46ef91b8d193f2c8f53bce46deafefbf7fc46df1007089 Loading...

	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	305 B	2023-03-12	2024-07-22
Pretty URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/ IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 07:01:47 Last Seen2024-07-22 19:48:49 Times Seen2200 Hash f6b4b2136c3a8cba62483bb8a9643eff 5ae0ebddf1912d81d2362682b58703e15101c1e1 23b0a56caea664378f4d742162dbb7063e9d47ff3e053506956fc46e2482d28f Loading...

	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	252 B	2023-03-07	2024-07-22
Pretty URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/ IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:01 Last Seen2024-07-22 19:48:49 Times Seen2511 Hash 4f6526fc5cfbf8f77c674e5cb40c36d6 94bb860d263ab388eea733a7a0e7fc00717d0637 06249a30772721e1f681be4a0d74c05a58b36a266c273eafdbe86ebcca83aabc Loading...

	connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js	1.2 kB	2023-07-18	2023-08-12
Pretty URL connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js IP 23.36.79.24 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-18 07:01:35 Last Seen2023-08-12 23:39:50 Times Seen782 Hash b2228cc3352ba79966a8c37c4282d9e3 7b644cecfc88646cdf6fb5c296ab14326f6d1fc0 50c204ad5821cd89363082627e5ec0fe8cf9abc7a258a6c45b2b9b7375de1475 Loading...

	c1.wfinterface.com/tracking/gb/detector-dom.min.js	460 kB	2023-03-12	2023-11-04
Pretty URL c1.wfinterface.com/tracking/gb/detector-dom.min.js IP 23.36.79.32 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 19:18:07 Last Seen2023-11-04 12:20:57 Times Seen4580 Hash c71e354b6a3fbb7e60e42b5cd392761e b0abcc1cda4144fb29550225f7c3dd0342d11fbf c5efd80b0945674f1ffbb895395fb45f44b6030a3d2c6380b03202e667c51923 Loading...

	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	387 B	2023-08-05	2023-08-05
Pretty URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/ IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-05 12:30:37 Last Seen2023-08-05 12:30:37 Times Seen1 Hash 3d282212e2cb29140160827de3c001fe 78283b93840d16aeda4f71e0bf22ed58a5429c86 f7507dffec4d32f393e55c02e11cdd00bb40c690c64b605ce4086426d0fad80b Loading...

	static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js	45 kB	2023-03-25	2023-09-10
Pretty URL static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js IP 23.36.79.26 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-25 23:10:42 Last Seen2023-09-10 23:50:30 Times Seen4720 Hash 308e427d5e59a148900bf524ecd5829a 73baa209d84f2d15c88606b28280d2121efd878c c15cbdeb4d6f20c36afa165203fc74d9ee00c6d77954971b0e1ba2e5ec222b07 Loading...

	c1.wfinterface.com/tracking/ga/ec.js	2.8 kB	2023-03-07	2024-05-06
Pretty URL c1.wfinterface.com/tracking/ga/ec.js IP 23.36.79.32 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-05-06 16:06:29 Times Seen4663 Hash 0ae62a83927125e9b9dfa97f89af9d3f efb68f49f2b9b6b5567bf26a17015ede289e429d 618688d9849fef712931832c71e01be145d1791d6da917a702ab86a74ce66089 Loading...

	static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js	2.0 kB	2023-03-07	2024-07-22
Pretty URL static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js IP 23.36.79.26 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-07-22 19:48:50 Times Seen4806 Hash e7cf4c458b327ab7ed31e0936ccd404f 970bf05073f91ad6b8f21521f7c9886f71f2af1d 52b687a685d2239142be0db5335c5710951ba8c2b39a44431a40f156b4d9312d Loading...

	connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js	271 kB	2023-08-05	2023-08-05
Pretty URL connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js IP 23.36.79.24 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-05 12:30:37 Last Seen2023-08-05 12:30:37 Times Seen2 Hash 10e4c9b8cb6d1b9b01139293788df5e9 40b0f9473b0f0ba1eaf4eacbdf0433efbda73aea f3dd8735950dd65aa073b7fadd451a227c3856425042c3f5fdb4a09b0980544c Loading...

	connect.secure.wellsfargo.com/auth/static/prefs/atadun.js	1.2 kB	2023-03-07	2024-07-16
Pretty URL connect.secure.wellsfargo.com/auth/static/prefs/atadun.js IP 23.36.79.24 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-07-16 10:35:58 Times Seen4772 Hash 566dda94252f1860a7a28665c715b530 6aa0455dc8ea41441b1f3a733985758dc40af736 43dd833f33570535401d009e6b6f9cde54bdac4e210fc6c89cfdcfcbaa9fc903 Loading...

	www--wellsfargo--com--d649329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.041c8faa44edf732dd5f.js	52 kB	2023-07-15	2024-05-06
Pretty URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.041c8faa44edf732dd5f.js IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-15 09:11:30 Last Seen2024-05-06 16:06:28 Times Seen446 Hash b55160e5885aeb3cc8d801e9f6aa3117 1a472ab15c5878cc3183461c586522aada0caf17 80db464a4e85da69741b145e0840d3b202d38aa161bb5c9eaef307225a7a8e07 Loading...

	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	126 B	2023-03-07	2024-07-22
Pretty URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/ IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:01 Last Seen2024-07-22 19:48:49 Times Seen2482 Hash f1b0375ca8995f583d4f31df97c9e172 d901e5604947f5b57d3bda7a78e92cdcef0439ec a6117a82be9fcdf7e808ce5f2a8b37a4b0dc1dd7052feb6088fc72f32503343d Loading...

	www--wellsfargo--com--d649329d48d6c.wsipv6.com/mxS10a_HjJ8dh/FrAo/iOwD1lFgfU/iY5OcfDrSV/L1c7Ag/TkM3YBM7/Yng	197 kB	2023-07-31	2024-07-24
Pretty URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/mxS10a_HjJ8dh/FrAo/iOwD1lFgfU/iY5OcfDrSV/L1c7Ag/TkM3YBM7/Yng IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-31 12:19:10 Last Seen2024-07-24 10:39:05 Times Seen1380 Hash 48142dedc74cb9e4f20d364073815994 eaa5c96f8f44fae35616dc6af03c98121d2d3fcd 814d02d8c99bd2f6fa5aa759a9e367b12c50e4201d1c5a8dbb793da6f30c3ac5 Loading...

	www--wellsfargo--com--d649329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js	555 kB	2023-05-24	2023-08-19
Pretty URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-24 05:12:02 Last Seen2023-08-19 12:22:18 Times Seen2430 Hash 86b0428bd52fbfeaf6fc736f21b79f1e 357a952f524df35ccf680ecc30ed8764444266bb fe4623c9de643567800b8518f0a5163d4d6d634f87d93ab792b221834592d5ab Loading...

	static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js	48 kB	2023-03-07	2024-07-22
Pretty URL static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js IP 23.36.79.26 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-07-22 19:48:50 Times Seen4907 Hash aeccb854b0a76aa9f478e466c8011b29 625d31cbeb8978cf2419f58d14bba92a42dbb45c 7f0d10bc282c3d7b0eb4d7527303490f8d3b86a1c65e293c2d9f0793006441e6 Loading...

	www--wellsfargo--com--d649329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single	11 kB	2023-08-05	2023-08-05
Pretty URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-05 12:30:37 Last Seen2023-08-05 12:30:37 Times Seen2 Hash 1ef6ac990964157bcce052a01126b1d5 4cd8e88646d48965030cb1f7e80e653601a7e075 334e2b259e6f66f683cb2f326eba42ac04247624e85174ad13050b28782d0ff3 Loading...

	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	691 B	2023-03-07	2024-07-22
Pretty URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/ IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:02 Last Seen2024-07-22 19:48:49 Times Seen2450 Hash 48aed8d68c7d2fffc25f5635f592d555 910339ea378c481f21efced8b39c292816bc2fbd 54900b733cd406a3d2232358c17db394d9c2b5118167fbdf4f769a105635a6e2 Loading...

	www--wellsfargo--com--d649329d48d6c.wsipv6.com/	109 B	2023-03-07	2024-07-22
Pretty URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/ IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:01 Last Seen2024-07-22 19:48:50 Times Seen2188 Hash 5e484877c8a3178a846a7d21b7fe5209 d7b7ac3ca178c038b5cf3b9157b99d818d540efb 3121a4640f3196f3df84a9d4f5f68703d478c024ec18f4a22c70825ad8cfab33 Loading...

	www--wellsfargo--com--d649329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AEAwP8WJAQAAHWHlZMz1ntCYREQcWVLQYGMFJG2iXY9Cs9mnLMYXlS1hdabj&X-G2Q3kxs3--z=q	265 kB	2023-08-05	2023-08-05
Pretty URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AEAwP8WJAQAAHWHlZMz1ntCYREQcWVLQYGMFJG2iXY9Cs9mnLMYXlS1hdabj&X-G2Q3kxs3--z=q IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-05 12:30:37 Last Seen2023-08-05 12:35:41 Times Seen4 Hash 3826ad0a7fbfcc24f49f4adc99026b9e 35b2f1afe255388f6061405cbc1a5a8eab0909b7 6826efa76117acf6efe3ef4424b88aa7b1b3e4e277cbadcadc90fdca7ba18837 Loading...

	c1.wfinterface.com/tracking/hp/utag.js	208 kB	2023-07-15	2023-11-04
Pretty URL c1.wfinterface.com/tracking/hp/utag.js IP 23.36.79.32 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-15 09:11:30 Last Seen2023-11-04 00:29:38 Times Seen447 Hash 0ce9f640b922eafe06e24dc585804518 71d990fe1ca914fca5a8e166eb5e843314cabf60 25444adddb06abe6e0a022ff27f9a3ae4f4ade7cd2afa74fc912d462ab07ecd3 Loading...

HTTP Transactions (92)

URL IP Response Size

ocsp.dcocsp.cn/

47.246.44.224

471 B

URL
ocsp.dcocsp.cn/
IP
47.246.44.224:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
471 B (471 bytes)
Hash
64cc40ac66c75d8547247a82383d6e67
1278a35ec4ab9b8a095872cf282768cddf9507b2
8aa93f6a0e5f93033fa38d1843415dfac7afbb27459048c01a9bcc9f398474e9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Sat, 05 Aug 2023 10:14:13 GMT
Ali-Swift-Global-Savetime: 1691230453
Via: cache21.l2de2[0,0,200-0,H], cache23.l2de2[1,0], cache1.se1[27,26,200-0,M], cache1.se1[29,0]
Age: 962
X-Cache: MISS TCP_REFRESH_MISS dirn:4:172624521
X-Swift-SaveTime: Sat, 05 Aug 2023 10:30:15 GMT
X-Swift-CacheTime: 2638
Timing-Allow-Origin: *
EagleId: 2ff62c9516912314152115723e

www--wellsfargo--com--d649329d48d6c.wsipv6.com/

163.171.134.56

200 OK

19 kB

URL User Request GET HTTP/1.1
www--wellsfargo--com--d649329d48d6c.wsipv6.com/
IP
163.171.134.56:443
ASN
#54994 QUANTILNETWORKS

Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (731), with CRLF line terminators
Size
19 kB (19038 bytes)
Hash
a1717ce2a06967a7783dd3adfb3fa543
c4d551346c15ba4c82561fa1a05dceed3d801b02
c4deb87b5962d62323fbd614b4f05fcb824f25b676718fbc0f5e4650b6a1f2f8

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

GET / HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:15 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 19038
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nuance.com https://resources.digital-cloud-prem.medallia.com; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://*.mworld.com https://*.postrelease.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nuance.com; script-src 'nonce-b5b1fddf-6354-4fa1-aaaa-238947a42a8d' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nuance.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Language: en-US
X-Akamai-Transformed: 9 18977 0 pmb=mTOE,1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:07e5a724-f270-4c3e-a6c0-a0dd8faf9c90; Expires=Sat, 05 Aug 2023 10:30:45 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:0|g:07e5a724-f270-4c3e-a6c0-a0dd8faf9c90|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sat, 05 Aug 2023 10:30:45 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sat, 05 Aug 2023 10:30:45 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894; Expires=Sat, 05 Aug 2023 10:30:45 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:70; Expires=Sat, 05 Aug 2023 10:30:45 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=11202308050330152029896804; domain=.wellsfargo.com; path=/; expires=2 Aug 2033 10:30:15 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; path=/; Httponly; Secure
DCID=F+zsNTrL288UDtBj70Qv%2f%2fVmKqXUmPYOWAJrspubQa2B2I5fwWGV4Trb6GU%2fScjP; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:15 GMT;Httponly; Secure
_abck=ECA7734FBE185F50D88317BECF43B3B9~-1~YAAQTpbvUI+i3LuJAQAAPG0/xQpJdzmyk56ufsx0hp40z8BZ8Eo85TWzVOLyq0ol07IyHbtWoNKEuVhrKUBSiJpEm1PKHzFgIJPEL2q96KQRbtQg1UffP/aVt4l1XIZ4TKP8Svo/11B0/dWMIKEIEImjJrjfJ2yzHc2EuaayIpHOX8rvGqJiuozs/+Q8et/PCrp7S0lfC1z2jTLk3pn+cTBjb01ZhHDM6AsmSzMkLQGrqdJCpVA8jjJiXV3FWPdu7WumiFlDOep8r9Y2D7eCKpOduvz+Ostux9hflTsE12SC6ohGtUdCfe2mM0nTjRXWaG/VSEg2E7WjyJs/sxOrmpmjw6NkH4FBDERmIcOPQL9tWeCtiULXVWM3X+Ow854y~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:15 GMT; Max-Age=31536000; Secure
bm_sz=976EF048978E61C1419E4D9608612817~YAAQTpbvUJCi3LuJAQAAPG0/xRQzvRR12pirpI1JuZECOqKJrVx3Qbj5L0Tm9Bhor5B2mP4Bw+osdlUlK9ItBxBv3uEQn2PJjZhMjLT1g3lp+HaKaMVXGieQ8CUyGuKFSz254kAQRAnbfVtLeAVbkIp1PT7893/f1wK8YSIFyHolgGDCvytcCs/lmpw+2mFVRyOemq9pCBtZVyQC6dectI1dhgkZCXGW+ROANggti2mDLp2gGjY8j3vAwSugp3HpuQd+VDU+j/HkSy1SioRfROzl9JhjyTR+5+4AboQApFRih6t2N/YV~3422004~4468784; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:15 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b7_VM-ARN-01cnE31_28198-18165

static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js

23.36.79.26

901 B

URL
static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
IP
23.36.79.26:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (1952), with no line terminators
Size
901 B (901 bytes)
Hash
e7cf4c458b327ab7ed31e0936ccd404f
970bf05073f91ad6b8f21521f7c9886f71f2af1d
52b687a685d2239142be0db5335c5710951ba8c2b39a44431a40f156b4d9312d

HTTP Headers

GET /assets/js/wfui/appdynamics/appdEUMConfig.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 20 Jan 2022 02:38:25 GMT
Vary: Accept-Encoding
ETag: W/"61e8cb21-7a0"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 901
Date: Sat, 05 Aug 2023 10:30:15 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=4VjAlOWuEepvqDwywgs5iw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg

104.110.27.78

26 kB

URL
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
ISO Media, AVIF Image\012- data
Size
26 kB (25648 bytes)
Hash
1f8dadb2c78b667abbb3e1869fb823fd
7ac507de2102b9198b6590d339ed4ebbe5a4db27
c19b0b9b383a1efa5a50fe1c6e48fa46e03512e47666e17cfab1c7bb77c182ef

HTTP Headers

GET /assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "62057fd1-14ef3"
last-modified: Thu, 20 Apr 2023 01:31:58 GMT
server: Akamai Image Manager
x-serial: 1294
x-check-cacheable: YES
content-length: 25648
content-type: image/avif
cache-control: private, no-transform, max-age=313186
expires: Wed, 09 Aug 2023 01:30:01 GMT
date: Sat, 05 Aug 2023 10:30:15 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/choice-privileges-card-79x50.png

104.110.27.78

1.4 kB

URL
www17.wellsfargomedia.com/assets/images/rwd/choice-privileges-card-79x50.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
ISO Media, AVIF Image\012- data
Size
1.4 kB (1441 bytes)
Hash
723ea3757b670b62e78a271262f7a226
0eaa5d0a1bde4446a39f3d9c60a2719581c38837
ce9903039a68a570fa3787c621e9ea79efd40f4b24afd194c4025d085d48abed

HTTP Headers

GET /assets/images/rwd/choice-privileges-card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "64396a1c-1f52"
last-modified: Thu, 20 Apr 2023 01:30:29 GMT
server: Akamai Image Manager
content-length: 1441
content-type: image/avif
cache-control: private, no-transform, max-age=309302
expires: Wed, 09 Aug 2023 00:25:17 GMT
date: Sat, 05 Aug 2023 10:30:15 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png

104.110.27.78

1.7 kB

URL
www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.7 kB (1712 bytes)
Hash
c939da49d435a33b6da79639dd7b449e
b5c908f157d240c4b78f1e7a6c0808aa898c9c23
60088561eb43fca42fc2f9c996af43347355642872eabfa97a943d2f28ee474d

HTTP Headers

GET /assets/images/rwd/wf_logo_220x23.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61bcfcce-10c2"
last-modified: Thu, 20 Apr 2023 01:30:26 GMT
server: Akamai Image Manager
x-serial: 853
x-check-cacheable: YES
content-length: 1712
content-type: image/webp
cache-control: private, no-transform, max-age=313135
expires: Wed, 09 Aug 2023 01:29:10 GMT
date: Sat, 05 Aug 2023 10:30:15 GMT
X-Firefox-Spdy: h2

www--wellsfargo--com--d649329d48d6c.wsipv6.com/mxS10a_HjJ8dh/FrAo/iOwD1lFgfU/iY5OcfDrSV/L1c7Ag/TkM3YBM7/Yng

163.171.134.56

74 kB

URL
www--wellsfargo--com--d649329d48d6c.wsipv6.com/mxS10a_HjJ8dh/FrAo/iOwD1lFgfU/iY5OcfDrSV/L1c7Ag/TkM3YBM7/Yng
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
74 kB (74070 bytes)
Hash
48142dedc74cb9e4f20d364073815994
eaa5c96f8f44fae35616dc6af03c98121d2d3fcd
814d02d8c99bd2f6fa5aa759a9e367b12c50e4201d1c5a8dbb793da6f30c3ac5

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

GET /mxS10a_HjJ8dh/FrAo/iOwD1lFgfU/iY5OcfDrSV/L1c7Ag/TkM3YBM7/Yng HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:07e5a724-f270-4c3e-a6c0-a0dd8faf9c90|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:15 GMT
Content-Type: application/javascript
Content-Length: 74070
Connection: keep-alive
Stored-Attribute-Sha-Checksum: 814d02d8c99bd2f6fa5aa759a9e367b12c50e4201d1c5a8dbb793da6f30c3ac5
Last-Modified: Tue, 27 Jun 2023 17:14:29 GMT
ETag: "dbf881c7602f8671d977bb348201c8e830df8ab5fdd7795850bd762a38857ef8"
Content-Encoding: gzip
Cache-Control: max-age=21600
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=6v04AUWxxNCYM+UeGb7O6Q%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=05CD2CBC562BEBE2ECE14A78D4FCA37D~-1~YAAQTpbvUJOi3LuJAQAAY24/xQr2t//lm8ANiwtjwdpKVe7oUUMwVyJIjOzdwjvCJgNk46By50EJ/nsnHnvy4IRY8tZol3HJ/CrkP92qtnYxzEyXD6tJqz4TbgEljBd7f6PnQRENNQ4apqyVq1qAVfX80qUGAEmqrRTKVe/Eevh/f0x0GpqiLS+YzQ6O+J7YDLHyP/7nOwStdIJ3nGfQfw9bqSll+Teu3g7ef8v/Y3zYka1oE6YtNHzRPig5+F4bkwNsB+T4RviKfmfRp+5mGfZ7y4dfNWPX/jaNlerX0BZUgU0apJcy7uLKUKdRPmSqu4IX7F8GEo0EPuRxKcXUQ+ihz9jJDgr9hGmtfbtf3jgHV5WWylEomR4fIrBXNsXt~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:15 GMT; Max-Age=31536000; Secure
bm_sz=CBC23135F26C013FE1EE17A038BECB12~YAAQTpbvUJSi3LuJAQAAY24/xRR3w3W++jjxwCT6efjswoV+GPMFx1rmwYf68ZTnNP90eLmeIy/4Y111GXrUxKR0m2tu2JDLQq26KxVQZObe1cXUdX+xtJALhQ0s6u7lPv+m4Z1Zr8FclUvEKCNkHVchv4TYtl9yeAacUW6qtKxIfHaSrQCQDhn1cninhbUKPWzGAml2bhRqEUg85gjMzFpvhb/NI3x0tt7HU4Yn8xD1WJCTxCFoD97NtZ2RDJeAt3QEWXAnOZI+5TcxS6VnVNMIOWlrhApJb5tC9NgOw/f8Ilsl3W5I~3422004~4468784; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:15 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b7_VM-ARN-01cnE31_27980-22138

www--wellsfargo--com--d649329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.b96c0ba7c6b812a5f95f.css

163.171.134.56

200 OK

24 kB

URL GET HTTP/1.1
www--wellsfargo--com--d649329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.b96c0ba7c6b812a5f95f.css
IP
163.171.134.56:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
24 kB (23822 bytes)
Hash
8883c399a7c9534762502912a3eb9adb
b93c27c4041cda428a4cf494f13fb4b423fa1a15
97caf056980a6ba130a246874637fd83818d7301248a3444e59ca5d3fa32bae3

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

GET /ui/css/homepage-ui/ps-homepage.b96c0ba7c6b812a5f95f.css HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:07e5a724-f270-4c3e-a6c0-a0dd8faf9c90|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:15 GMT
Content-Type: text/css
Content-Length: 23822
Connection: keep-alive
Expires: Sat, 05 Aug 2023 11:00:15 GMT
Last-Modified: Thu, 15 Jun 2023 14:52:58 GMT
ETag: "648b25ca-2aa1f"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-FRA-01Pl0187:1 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b7_VM-ARN-01XDr43_24912-10731

www--wellsfargo--com--d649329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single

163.171.134.56

4.3 kB

URL
www--wellsfargo--com--d649329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (9269)
Size
4.3 kB (4284 bytes)
Hash
1ef6ac990964157bcce052a01126b1d5
4cd8e88646d48965030cb1f7e80e653601a7e075
334e2b259e6f66f683cb2f326eba42ac04247624e85174ad13050b28782d0ff3

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

GET /auth/login/static/js/general_alt.js?single HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:07e5a724-f270-4c3e-a6c0-a0dd8faf9c90|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:15 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 4284
Connection: keep-alive
Content-Encoding: gzip
Expires: Sat, 05 Aug 2023 10:30:15 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A15uP8WJAQAAxUxmhjOVXx8t3yliN3dQ9xqFwfV3G1ELbe8UT5RuFW4qD2nuAaOrhiucuNk0wH8AADQwAAAAAA|1|0|70c331ffd9b800233b2973d45faa43bf42da679b; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=WEgHD6vaqMf26A54swqfnC0GI4YMiiqOCG9NEEwzC0iu8+tKiK818y637PTkn4k4; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:15 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b7_VM-ARN-01cnE31_28198-18196

www--wellsfargo--com--d649329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.041c8faa44edf732dd5f.js

163.171.134.56

200 OK

17 kB

URL GET HTTP/1.1
www--wellsfargo--com--d649329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.041c8faa44edf732dd5f.js
IP
163.171.134.56:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (40828), with NEL line terminators
Size
17 kB (17289 bytes)
Hash
7558dd36a5a3d8d44bb1a04601ae6560
c703af3f738020a778d4c67bde5181147e8d2b10
1975e599ce211ec13716b9ba70636a011421d0aa38052be6a00302f6b9e15586

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

GET /ui/javascript/homepage-ui/homepage_iaoffer.041c8faa44edf732dd5f.js HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:07e5a724-f270-4c3e-a6c0-a0dd8faf9c90|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:16 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 17289
Connection: keep-alive
Expires: Sat, 05 Aug 2023 11:00:16 GMT
Last-Modified: Thu, 15 Jun 2023 14:52:58 GMT
ETag: "648b25ca-cc01"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-FRA-01Pl0187:1 (Cdn Cache Server V2.0), 1.1 VM-ARN-01XDr43:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b7_VM-ARN-01XDr43_24756-18436

static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js

23.36.79.26

16 kB

URL
static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
IP
23.36.79.26:0
ASN
#20940 Akamai International B.V.

File type
Unicode text, UTF-8 text, with very long lines (45298)
Size
16 kB (15731 bytes)
Hash
308e427d5e59a148900bf524ecd5829a
73baa209d84f2d15c88606b28280d2121efd878c
c15cbdeb4d6f20c36afa165203fc74d9ee00c6d77954971b0e1ba2e5ec222b07

HTTP Headers

GET /assets/js/wfui/container/wfui-container-bottom.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 07 Mar 2023 21:05:06 GMT
Vary: Accept-Encoding
ETag: W/"6407a702-b125"
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15731
Date: Sat, 05 Aug 2023 10:30:16 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=b81MGYmQKIjZuA7yWX%2fa4w%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--d649329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.f0a4069fdc0c14e21993.js

163.171.134.56

53 kB

URL
www--wellsfargo--com--d649329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.f0a4069fdc0c14e21993.js
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65439)
Size
53 kB (52760 bytes)
Hash
f2ae2cf4b00792fee38e84e6509f2c9c
ae395db86d01bcef9ac60e4ea5a2052cea2c02a2
1688b00b03e64170c61df02ad73c82a064176cd24d13459323fef810f1d9d2f7

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

GET /ui/javascript/homepage-ui/ps-homepage.f0a4069fdc0c14e21993.js HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:07e5a724-f270-4c3e-a6c0-a0dd8faf9c90|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:16 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 52760
Connection: keep-alive
Expires: Sat, 05 Aug 2023 11:00:16 GMT
Last-Modified: Thu, 15 Jun 2023 14:52:58 GMT
ETag: "648b25ca-2a7da"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-FRA-01Pl0187:1 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:2 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b7_VM-ARN-01cnE31_27983-37434

www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png

104.110.27.78

200 OK

49 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
IP
104.110.27.78:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
PNG image data, 1187 x 406, 8-bit colormap, non-interlaced\012- data
Size
49 kB (48569 bytes)
Hash
4576998e5446061faba47c4c609823e0
3beff60a8beab6ef65403e7bc02f996509c737a2
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39

HTTP Headers

GET /assets/images/sprite/responsive-sprite-v7.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 48569
last-modified: Thu, 21 Jul 2022 20:05:23 GMT
etag: "62d9b183-bdb9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=10256111
expires: Sat, 02 Dec 2023 03:25:27 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2

104.110.27.78

22 kB

URL
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Size
22 kB (22424 bytes)
Hash
0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc

HTTP Headers

GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=10259993
expires: Sat, 02 Dec 2023 04:30:09 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2

104.110.27.78

23 kB

URL
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Size
23 kB (22600 bytes)
Hash
83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba

HTTP Headers

GET /assets/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5848"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=10152281
expires: Thu, 30 Nov 2023 22:34:57 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2

104.110.27.78

200 OK

22 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP
104.110.27.78:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Size
22 kB (22172 bytes)
Hash
f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704

HTTP Headers

GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=10260875
expires: Sat, 02 Dec 2023 04:44:51 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2

104.110.27.78

22 kB

URL
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107\012- data
Size
22 kB (21636 bytes)
Hash
1a2740c8df445989e4ee5f5396b6474c
a3f8545619fdd5b2a481952cd9e2c7b169bb43a6
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc

HTTP Headers

GET /assets/fonts/wellsfargosans-lt.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 21636
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5484"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=10152285
expires: Thu, 30 Nov 2023 22:35:01 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www--wellsfargo--com--d649329d48d6c.wsipv6.com/mxS10a_HjJ8dh/FrAo/iOwD1lFgfU/iY5OcfDrSV/L1c7Ag/TkM3YBM7/Yng

163.171.134.56

18 B

URL
www--wellsfargo--com--d649329d48d6c.wsipv6.com/mxS10a_HjJ8dh/FrAo/iOwD1lFgfU/iY5OcfDrSV/L1c7Ag/TkM3YBM7/Yng
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

POST /mxS10a_HjJ8dh/FrAo/iOwD1lFgfU/iY5OcfDrSV/L1c7Ag/TkM3YBM7/Yng HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2759
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:07e5a724-f270-4c3e-a6c0-a0dd8faf9c90|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 201 Created
Date: Sat, 05 Aug 2023 10:30:16 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=94O3cGs9eXNi5UHnpBVNtg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=94O3cGs9eXNi5UHnpBVNtg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=39C577247CA8FA7941EB56884D8AE4F3~-1~YAAQVZbvUL4xnLyJAQAAGHA/xQpTuax03AmWtmheM1ZK1xzWHj59k0AYRAe6yK6QTk5xjfBSkv9xuGNrmEjrgGC5DnpNi+lE5hvPYwwfgRp/YMOjUq31mLP+PfpNiQyS0zMIuDUOYHiMAs6dcQR72quniHxvbzWj3WtFIRoCC8VtwreYDpsIyV50lfdUbULXNuzqK9sZncjo18cxgYIA+JmS3u/6vfBeGAj2BM7ULTq5QnHqaZvNe52huVDl2OMHyYFqiKRxEnL6Tj4yAQqzaLWWWebc832fEgkqVvBxnX3AxUFtAfQy9EVDJx72kzRQbbR8YfSB7cpmb6zjfrcAzDFG5OPOuPeGz9c/qginByaRljweD03PNvzTN9NBpbEf~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:16 GMT; Max-Age=31536000; Secure
bm_sz=0CD8B6FF1A4F8C14350979D50F38857F~YAAQVZbvUL8xnLyJAQAAGHA/xRSA4IY8ppfeSoFisV8TBJmZQUp48bHG9HTAU1wbMikUsDE79S9zGlDYycPuIRSRaNs9mfko93YdEydOAd/PmwqAtIpvuupy7flbuw3FVoERR7Xu7wIN0AZE3N5ftNN66vh055qvRxNHZkRO66bHrjml1Nora07UaNBt3HoXZZPzI0bWewkRt5E+Aq3DP8K/MVlCX3BQhBgBY0Kf+0LPYIB6DdEKd+QIDR/u3prebxl6scYTPPdB+TVug0AWgYPo8P1j1Eh+K8wqE4xBG9NsTNw08JtN~3618886~3224112; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:16 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b8_VM-ARN-01cnE31_28198-18204

www--wellsfargo--com--d649329d48d6c.wsipv6.com/target/offers/conversations

163.171.134.56

2.3 kB

URL
www--wellsfargo--com--d649329d48d6c.wsipv6.com/target/offers/conversations
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (11063), with no line terminators
Size
2.3 kB (2283 bytes)
Hash
0dbd56d6aada75e6ea9b343f4fce736a
48ff333eb56383c46b7e80d392a4f0eead1e33a9
9224f71c05d98e0b142a4256c303aa263c76a2d28b0398bca79aeefb56a679d9

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

POST /target/offers/conversations HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 105
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:07e5a724-f270-4c3e-a6c0-a0dd8faf9c90|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:16 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 2283
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nuance.com https://resources.digital-cloud-prem.medallia.com; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://*.mworld.com https://*.postrelease.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nuance.com; script-src 'nonce-7eff4c3c-cdbc-4d13-b184-ef1cdcb6dc29' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nuance.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:07e5a724-f270-4c3e-a6c0-a0dd8faf9c90|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:70; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0; Expires=Sat, 05 Aug 2023 10:30:46 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sat, 05 Aug 2023 10:30:46 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sat, 05 Aug 2023 10:30:46 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893; Expires=Sat, 05 Aug 2023 10:30:46 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:100; Expires=Sat, 05 Aug 2023 10:30:46 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=11202308050330161659443586; domain=.wellsfargo.com; path=/; expires=2 Aug 2033 10:30:16 GMT; secure=true; SameSite=Lax; HttpOnly
wcmcookiehp=460EE98463AB44B9E788AB056460E9DF; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
DCID=ioxODnmqeXm4pqAzJDqWo8eLnsa7dVIXR94%2fGuvtlhVUIBxZEb+gPQ4v5%2fsCXHw0; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:16 GMT;Httponly; Secure
_abck=D08162FBE66C428605EC0D5B0F6FAC9E~-1~YAAQTpbvUJWi3LuJAQAAXnA/xQoxo22w+Z/9Lowpdwch+x19oGMQeJ9uasJ1/07DiADwCPoKsEWkdU7m4ADB+GQOFnrMdaRiQ7wAqpEuZ9B68d72mDeH5LU79UliqJNkH9GThfl19cjWS1nxFod9T1nU/DVFyE0ZeJJd0yDvMm1dZWX64CRFGG0UztMOwjtHIEAB/oXtPP9qbZP1XZz12Y47y1l2KiLSmwuiHS0dOCqKf9draHb4cIieSl0PQDFJMTFjU4gv/V/9hU/EyaIOdol1QzAzLL/ahODZZgO1/Wqz7Kvjk8hHI0TQMnJvTAejYpxWfqjKRMJVzPraKSbTkuSQtDFrRgR6hfQHDkJBrD7pNQQaNrw176hflcqT9HL7~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:16 GMT; Max-Age=31536000; Secure
bm_sz=DC4A268E5BEED36C38945FC69973062D~YAAQTpbvUJai3LuJAQAAXnA/xRSM92wU+Z6I/blPiG+1+52hfSKBlqwscg1yh9dOlcUWUEWXWF7qbKnBoaEGpJJAfqesJC5MQjjttGK4OGju177G+6f6/ek7t78HkLr7jp50XxOn3x2ST4NlJZh54GL9RzhJtmV5IFMiwvM5iQvA3A/3M0WrRgbrOYHowgututupeIHbBfR46J1lG0JCAXrQa9ja9Djo2m3rv82/yW69r3oK+9ssshIZwCeTjxCvTNT4NJHrs2tc3lihGH7jnuC5O7TRG8DuVmtyaDwooGonL34fsd/8~3618886~3224112; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:16 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b8_VM-ARN-01XDr43_24912-10732

www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_o_enjoy300_1700x700.jpg

104.110.27.78

200 OK

1.6 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_o_enjoy300_1700x700.jpg
IP
104.110.27.78:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ISO Media, AVIF Image\012- data
Size
1.6 kB (1646 bytes)
Hash
f4ea54d2de3587734104a7fe6ac34593
abb69048123b667ad90dcba04da4f08a4a4aeeb7
e802f40411f32bc8331100de87c647c70071bbd2e29a44befcd52e48c6020205

HTTP Headers

GET /assets/images/contextual/responsive/hpprimary/wfi_ph_o_enjoy300_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63f63d12-aabe"
last-modified: Thu, 20 Apr 2023 01:43:32 GMT
server: Akamai Image Manager
content-length: 1646
content-type: image/avif
cache-control: private, no-transform, max-age=314004
expires: Wed, 09 Aug 2023 01:43:40 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1305630454_616x353.jpg

104.110.27.78

18 kB

URL
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1305630454_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
ISO Media, AVIF Image\012- data
Size
18 kB (18075 bytes)
Hash
4d74f6d202bf00523871f6380d9da158
511af47b1ce2a77f5c27cf3addfd80f289bb76ba
8932b18f9d89396f9292d507904d01306b97c8ae75165c93005b04aa7d9853ce

HTTP Headers

GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1305630454_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "635162e8-d177"
last-modified: Thu, 20 Apr 2023 01:30:30 GMT
server: Akamai Image Manager
content-length: 18075
content-type: image/avif
cache-control: private, no-transform, max-age=2464289
expires: Sat, 02 Sep 2023 23:01:45 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_135975483_616x353.jpg

104.110.27.78

39 kB

URL
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_135975483_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
ISO Media, AVIF Image\012- data
Size
39 kB (39415 bytes)
Hash
5d115cb30ce945de0d431748aa0b6073
e1af15a87872a93c56598fe21c82c252a7c82345
8f0441ba6cd327f630ce1653262816ae3fb9abf2db73b70c50be3e66c51dfd8f

HTTP Headers

GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_135975483_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63505859-e2ce"
last-modified: Thu, 20 Apr 2023 01:30:34 GMT
server: Akamai Image Manager
content-length: 39415
content-type: image/avif
cache-control: private, no-transform, max-age=299931
expires: Tue, 08 Aug 2023 21:49:07 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_piggy-bank_color-gradient_64x64.png

104.110.27.78

200 OK

1.4 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_piggy-bank_color-gradient_64x64.png
IP
104.110.27.78:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ISO Media, AVIF Image\012- data
Size
1.4 kB (1420 bytes)
Hash
965f76605b195f4ccfe05353f99ec406
7cc5b65bebc32a1835e778bf984d202fe472bd30
7bb20bbccd8f33fc25b907e8fcbefb0d73b1a9ae7076f8e688fc633f09690de6

HTTP Headers

GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_piggy-bank_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "64501bd4-10f8"
last-modified: Tue, 16 May 2023 13:54:43 GMT
server: Akamai Image Manager
content-length: 1420
content-type: image/avif
cache-control: private, no-transform, max-age=2423308
expires: Sat, 02 Sep 2023 11:38:44 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg

104.110.27.78

25 kB

URL
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
ISO Media, AVIF Image\012- data
Size
25 kB (24880 bytes)
Hash
bf978a151ba3f10a7412e8cd5fbdb863
2af8e9c16c4f1e96ba1e86beee63521c802c2cce
ac555d446e447b4c8cf2bf2dd377d53c3b21faf83da3259dc8839c782eba1d9e

HTTP Headers

GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6350580a-d82f"
last-modified: Thu, 20 Apr 2023 01:30:23 GMT
server: Akamai Image Manager
x-serial: 1019
x-check-cacheable: YES
content-length: 24880
content-type: image/avif
cache-control: private, no-transform, max-age=2345562
expires: Fri, 01 Sep 2023 14:02:58 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png

104.110.27.78

1.1 kB

URL
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
ISO Media, AVIF Image\012- data
Size
1.1 kB (1131 bytes)
Hash
89a0759ff4f79071f11a1f90bffd9337
2d734cb1eda293788a673c1fae36b2c1d7e92bae
2223c16db671322ea90112c50128563ee80413e33769d718bd92b99da094712c

HTTP Headers

GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "633eedd3-e69"
last-modified: Thu, 20 Apr 2023 01:30:30 GMT
server: Akamai Image Manager
content-length: 1131
content-type: image/avif
cache-control: private, no-transform, max-age=313188
expires: Wed, 09 Aug 2023 01:30:04 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/creditcard_color_gradient_64x64x.png

104.110.27.78

526 B

URL
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/creditcard_color_gradient_64x64x.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
526 B (526 bytes)
Hash
ca743053bce3493b932876555f9bacc5
89fb52f6517d4f2fa07fe71c33eeb2aa1676bcb7
9dc0e3746d9af9d06d8d135150885a3154037b7c4afb65a8118cf4df083a1c29

HTTP Headers

GET /assets/images/contextual/responsive/smlprimary/creditcard_color_gradient_64x64x.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "62572c9d-1250"
last-modified: Thu, 20 Apr 2023 01:31:15 GMT
server: Akamai Image Manager
content-length: 526
content-type: image/webp
cache-control: private, no-transform, max-age=305281
expires: Tue, 08 Aug 2023 23:18:17 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/autograph_20k_hplp_1600x700.jpg

104.110.27.78

6.8 kB

URL
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/autograph_20k_hplp_1600x700.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
ISO Media, AVIF Image\012- data
Size
6.8 kB (6818 bytes)
Hash
ff9a335cbdabb82c5c45e599aaede02f
d9d9caa1e81ca61408e4804a48ac1c37f23a6c18
f3327507c7327c8a0b7e2777392cb742d54561b12e8850da60e75bee26c2292d

HTTP Headers

GET /assets/images/contextual/responsive/lpromo/autograph_20k_hplp_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63acaeb0-18517"
last-modified: Thu, 20 Apr 2023 01:30:24 GMT
server: Akamai Image Manager
content-length: 6818
content-type: image/avif
cache-control: private, no-transform, max-age=313063
expires: Wed, 09 Aug 2023 01:27:59 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png

104.110.27.78

463 B

URL
www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
ISO Media, AVIF Image\012- data
Size
463 B (463 bytes)
Hash
4ba6a57b8c9f52ede1b958bd4b63700b
22a693eb43a2a76ab994782bc50cc262f986a240
c13a85df86fed8e3d77b952a59a1736743127f1422873b47b4d0a59092c62de2

HTTP Headers

GET /assets/images/homepage/position-1-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-9f2c"
last-modified: Thu, 20 Apr 2023 01:30:38 GMT
server: Akamai Image Manager
content-length: 463
content-type: image/avif
cache-control: private, no-transform, max-age=313210
expires: Wed, 09 Aug 2023 01:30:26 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png

104.110.27.78

831 B

URL
www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
ISO Media, AVIF Image\012- data
Size
831 B (831 bytes)
Hash
026f5e731899c436dbbec268e870905a
160ed7b7fe9a30e81aae6f1136db6ce939113a7e
2a242450947c5c9d9496cd2d4acb67d50b269f5ce36070c3b98c4f88db3307db

HTTP Headers

GET /assets/images/homepage/position-2-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-cf3e"
last-modified: Thu, 20 Apr 2023 01:33:02 GMT
server: Akamai Image Manager
x-serial: 1447
x-check-cacheable: YES
content-length: 831
content-type: image/avif
cache-control: private, no-transform, max-age=313219
expires: Wed, 09 Aug 2023 01:30:35 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png

104.110.27.78

405 B

URL
www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
ISO Media, AVIF Image\012- data
Size
405 B (405 bytes)
Hash
08e3eec615bb3f7d07a95e1e79f96189
c05ef7184eedcb31aee442ad8c474ff306b1d473
89026cd6ac7b7314c1a5b075471d09a9b672ac011254541c9d2b521b90c6cb3e

HTTP Headers

GET /assets/images/homepage/position-3-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-7b35"
last-modified: Thu, 20 Apr 2023 01:33:39 GMT
server: Akamai Image Manager
content-length: 405
content-type: image/avif
cache-control: private, no-transform, max-age=313417
expires: Wed, 09 Aug 2023 01:33:53 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2

www--wellsfargo--com--d649329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AEAwP8WJAQAAHWHlZMz1ntCYREQcWVLQYGMFJG2iXY9Cs9mnLMYXlS1hdabj&X-G2Q3kxs3--z=q

163.171.134.56

149 kB

URL
www--wellsfargo--com--d649329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AEAwP8WJAQAAHWHlZMz1ntCYREQcWVLQYGMFJG2iXY9Cs9mnLMYXlS1hdabj&X-G2Q3kxs3--z=q
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
149 kB (149015 bytes)
Hash
3826ad0a7fbfcc24f49f4adc99026b9e
35b2f1afe255388f6061405cbc1a5a8eab0909b7
6826efa76117acf6efe3ef4424b88aa7b1b3e4e277cbadcadc90fdca7ba18837

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

GET /auth/login/static/js/general_alt.js?async&seed=AEAwP8WJAQAAHWHlZMz1ntCYREQcWVLQYGMFJG2iXY9Cs9mnLMYXlS1hdabj&X-G2Q3kxs3--z=q HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:07e5a724-f270-4c3e-a6c0-a0dd8faf9c90|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:16 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Sat, 05 Aug 2023 10:30:16 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A4NvP8WJAQAAyU_YJNc7jt-AjvUB6SZ7B-cLlTKGsWqqQd8Wuj84dmu1Ker0AaOrhiucuNk0wH8AADQwAAAAAA|1|0|dc535f9d0de22fc358a9af88743745c03ae9eb21; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=y2UEZC1GMtLEzYJCUZtHNlYRkYKJrotCBzpjQK2SSZcKqHRN%2fapLy2QRnhUYb7JS; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:16 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b8_VM-ARN-01cnE31_27980-22141

www--wellsfargo--com--d649329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js

163.171.134.56

313 kB

URL
www--wellsfargo--com--d649329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65357)
Size
313 kB (313270 bytes)
Hash
86b0428bd52fbfeaf6fc736f21b79f1e
357a952f524df35ccf680ecc30ed8764444266bb
fe4623c9de643567800b8518f0a5163d4d6d634f87d93ab792b221834592d5ab

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

GET /auth/login/static/js/general_alt.js?1js HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:07e5a724-f270-4c3e-a6c0-a0dd8faf9c90|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:16 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Sat, 05 Aug 2023 10:30:16 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: DCID=%2fNAzJ9AYHbdMKETr9wrHXbWyrbWd%2fKPe0OfG6jNgUTI%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:16 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b8_VM-ARN-01cnE31_27983-37438

c1.wfinterface.com/tracking/hp/utag.js

23.36.79.32

200 OK

55 kB

URL GET HTTP/1.1
c1.wfinterface.com/tracking/hp/utag.js
IP
23.36.79.32:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (11638)
Size
55 kB (55332 bytes)
Hash
d08a65b05061f1255f422b7221f06b1c
78c6dc01eb858c5b652eeb161a398dfef3efad14
28c8b8933a093b6bc2df9d132810b339b54b35c7025452c0982df6d91ad58dc6

HTTP Headers

GET /tracking/hp/utag.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 13 Jul 2023 20:02:10 GMT
Vary: Accept-Encoding
ETag: W/"64b05842-32c18"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; font-src https: data: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Content-Encoding: gzip
Content-Length: 55332
Date: Sat, 05 Aug 2023 10:30:16 GMT
Connection: keep-alive
Set-Cookie: DCID=y5K541eWlB7cQm0q2Vov3oGATn7ppVtmNIVlYLSvb%2fESxRgrGQDVupILsevnObKv; Domain=c1.wfinterface.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:16 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico

104.110.27.78

9.2 kB

URL
www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
9.2 kB (9198 bytes)
Hash
cd112f1acb59ef6e59e09c0effd8ce2a
bc104cd92adc32a8f695300d2b0cc69c2776f6af
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c

HTTP Headers

GET /assets/images/icons/ico/favicon.ico HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/x-icon
content-length: 9198
last-modified: Fri, 17 Dec 2021 21:10:38 GMT
etag: "61bcfcce-23ee"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=62594
expires: Sun, 06 Aug 2023 03:53:30 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png

104.110.27.78

964 B

URL
www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
ISO Media, AVIF Image\012- data
Size
964 B (964 bytes)
Hash
7f9f34586bf809f8eb21ceb6b46045d7
90691768aff809a00ce2b33df7e37e34dcdbcbe0
dca86ff9007564cbcb0515ec84dfc727fd8648005a8f12eb0bf5a3278431d6e0

HTTP Headers

GET /assets/images/icons/icon-hires_192x192.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6116f9a6-dcf"
last-modified: Thu, 20 Apr 2023 01:32:50 GMT
server: Akamai Image Manager
content-length: 964
content-type: image/avif
cache-control: private, no-transform, max-age=313318
expires: Wed, 09 Aug 2023 01:32:14 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2

www--wellsfargo--com--d649329d48d6c.wsipv6.com/mxS10a_HjJ8dh/FrAo/iOwD1lFgfU/iY5OcfDrSV/L1c7Ag/TkM3YBM7/Yng

163.171.134.56

18 B

URL
www--wellsfargo--com--d649329d48d6c.wsipv6.com/mxS10a_HjJ8dh/FrAo/iOwD1lFgfU/iY5OcfDrSV/L1c7Ag/TkM3YBM7/Yng
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

POST /mxS10a_HjJ8dh/FrAo/iOwD1lFgfU/iY5OcfDrSV/L1c7Ag/TkM3YBM7/Yng HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2604
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 201 Created
Date: Sat, 05 Aug 2023 10:30:17 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=pgcYkhpyZ51xENGIpWQqFw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=pgcYkhpyZ51xENGIpWQqFw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=F91D889586725085C8B782B95DBCFB3D~-1~YAAQTpbvUJui3LuJAQAAa3M/xQq8P9MWlVjbhb2M3Drb33c4jBLlncTCPPBB/uLZop5071aUtQ5iZw4TZPkrGdZZG8qIdjYa4Xv8oNzE0I/HGKhqr5RVYjYOGqFNBlzazmJUZ4n0a8bJCmq3RO9rF4sSjUzP/ctsd55/h2ZGGbB6B6+IUvQkMXqQdReMuls/Nbyrz40O0V4x2BngHIxPjBFUP/W5JyVi893um1dTrS/T2qGeOrOKlM24h91oGdn+0o/DlkaVGYqt7QCp5P4u05ixFQMuJwj0awh4XHeFy5YSAXpIVK+QjN85f8E83K7xTYnijS/g8xV80hHJxijOdoR6WyzFhOvJMKOA3CBnpSt6GtYrBGnSBRxJyeXLovDR~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:17 GMT; Max-Age=31536000; Secure
bm_sz=AA11DE0422174815479FD3DB3D4CD372~YAAQTpbvUJyi3LuJAQAAa3M/xRRO+Whfb/0xOywcWbNqGCXpkioty7bJJ7kbHsohJiBN+qgOVRsyzbmofqjNTfOxNV/rhV8IiSsKmO0L0BDP7q5UO06CHeCeiSbzjcK8ADjr3AzzVyFaEwQ2O1rUoe/ISSQo8QIEgULBvB/iIEqOXfbNrSAyDEjU8UHlVX3qqJ2LKzaBmeBpZvrRkN5NHr/DyyWSc1rkw/ZiwFY5klisqL8BKoNEr6cRTZEnGW8HxHIxQQh6c22vxLbO2NoCBQG2BFaIEyoBZa661aq2XWV1ss0nWa0E~3225396~3158328; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:17 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b9_VM-ARN-01cnE31_27983-37449

www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png

104.110.27.78

200 OK

840 B

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
IP
104.110.27.78:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
840 B (840 bytes)
Hash
6ec98f68003e2c6714282b232614e8d1
2e159a3a6e6796d1cc201770ac015f96f905ef56
f9c237c7739705ea404e9682f13e557a1d984f2493f6f619bdfce44c9a71445d

HTTP Headers

GET /assets/images/rwd/Active-Cash-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-1d25"
last-modified: Thu, 20 Apr 2023 01:31:18 GMT
server: Akamai Image Manager
x-serial: 1153
x-check-cacheable: YES
content-length: 840
content-type: image/webp
cache-control: private, no-transform, max-age=2479927
expires: Sun, 03 Sep 2023 03:22:24 GMT
date: Sat, 05 Aug 2023 10:30:17 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg

104.110.27.78

200 OK

962 B

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
IP
104.110.27.78:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ISO Media, AVIF Image\012- data
Size
962 B (962 bytes)
Hash
699a91c4d536a60f1a4bd48622194f70
91b303fbf65778043ddd2fe6f39f4798f207f320
8c456a47b3f97fa54853761f544146ab5b5277a11603a18f080947d76e31d54a

HTTP Headers

GET /assets/images/rwd/wf_autograph_card_79x50.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-81c"
last-modified: Thu, 20 Apr 2023 01:32:43 GMT
server: Akamai Image Manager
content-length: 962
content-type: image/avif
cache-control: private, no-transform, max-age=2440065
expires: Sat, 02 Sep 2023 16:18:02 GMT
date: Sat, 05 Aug 2023 10:30:17 GMT
X-Firefox-Spdy: h2

www--wellsfargo--com--d649329d48d6c.wsipv6.com/mxS10a_HjJ8dh/FrAo/iOwD1lFgfU/iY5OcfDrSV/L1c7Ag/TkM3YBM7/Yng

163.171.134.56

18 B

URL
www--wellsfargo--com--d649329d48d6c.wsipv6.com/mxS10a_HjJ8dh/FrAo/iOwD1lFgfU/iY5OcfDrSV/L1c7Ag/TkM3YBM7/Yng
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

POST /mxS10a_HjJ8dh/FrAo/iOwD1lFgfU/iY5OcfDrSV/L1c7Ag/TkM3YBM7/Yng HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2658
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 201 Created
Date: Sat, 05 Aug 2023 10:30:17 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=YauWa9Ws76i59kMMjCylow%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=YauWa9Ws76i59kMMjCylow%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=ACEC52D86DE179C84D072F831A732CE3~-1~YAAQTpbvUKGi3LuJAQAAfXU/xQpNpV2OdkFSNAm+rrdKc9nMTfHwhjeTdV95JEEf73eT31tRB/Z1/B5XGeWf7FoPFlnGRMFRrphcmQlrOkiWkP19qCG4BmCci6YgWLefgaO0Gi3mn9SgMKkq5GaISB5ZYxSTUyjWCgH1KYMt3zU3ym6K5eUYWTHWO1nOGSKBvebIodlPG/Fi+41jqPpSdBLOvXpoT8dykH7TqZOSAy7aRgxcU6wxFj3RERRd/AJBMmEof3Vi3TTOGiEc7pU8WKuXi9lpBu6ICmxX1PMjvbUowWOdYUVTyJIIdg5K95ZaHo92zkwdLxMvnlJUo1+wkoVB0BzuxrCocYFGxaontsM5vbFu0IbMBCa3iyxlFZdK~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:17 GMT; Max-Age=31536000; Secure
bm_sz=2911944AA38ADBB2EB1DEDABBC9FD1A8~YAAQTpbvUKKi3LuJAQAAfXU/xRRRNhaGhm15myQZwm65DrlX6/VfYjPX3n3iDXrvfJvlMhbZW69zX+fwZltaZMjvfE8k+fp8E+rOeGhMnCSeJE1Wqpa28yHhezP2jS3iDFhKp8YtsKY7LIeiEitK3sDs5jBEVdl9r3Zj9fmgMcFQarOGJMQFu6MuvxV268DcrM1BzOEu97VjpiPgr+pZJiz/uz4I4j6fSeJADH5AJfzTWHgzTfWMyqd2k5XQkj0cUeyC1UQZUWRir5Wfga5nFtYRJOhF40lIjme2AfvAMJVcjWLqrA3d~3225396~3158328; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:17 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b9_VM-ARN-01cnE31_27983-37454

www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png

104.110.27.78

712 B

URL
www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
712 B (712 bytes)
Hash
89489c444f1ee92b133eb97304e31020
62ea0737595301aabcda8a6dbe95184ba9a75558
e06b14ec84ac8651fc009b444e0560a78c1919f45df8106a9c14cd708d5b804e

HTTP Headers

GET /assets/images/rwd/Reflect-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-1c20"
last-modified: Thu, 20 Apr 2023 01:30:55 GMT
server: Akamai Image Manager
x-serial: 1166
x-check-cacheable: YES
content-length: 712
content-type: image/webp
cache-control: private, no-transform, max-age=313210
expires: Wed, 09 Aug 2023 01:30:27 GMT
date: Sat, 05 Aug 2023 10:30:17 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png

104.110.27.78

1.1 kB

URL
www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
ISO Media, AVIF Image\012- data
Size
1.1 kB (1083 bytes)
Hash
21385ee55bb1e5a680bb48257446fb86
9639eb9d1c5805fa350013eaa2f11c08835459e0
cfcc50571ad947e067c5a0853534d3016eaaef2fd98ffdb9b0d4d3c1bdda0273

HTTP Headers

GET /assets/images/rwd/bilt_card_79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fc445-1be6"
last-modified: Thu, 20 Apr 2023 01:31:08 GMT
server: Akamai Image Manager
content-length: 1083
content-type: image/avif
cache-control: private, no-transform, max-age=312940
expires: Wed, 09 Aug 2023 01:25:57 GMT
date: Sat, 05 Aug 2023 10:30:17 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png

104.110.27.78

1.7 kB

URL
www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
ISO Media, AVIF Image\012- data
Size
1.7 kB (1662 bytes)
Hash
e218a28576f6620622d48155284b5551
d189e371b0ce3dac93f0b9e660c426d932da9274
f990b81e77666bac79e3f1f9399b7763ca7eb64b1d70acea21cbe954413cc0c3

HTTP Headers

GET /assets/images/rwd/first_time_experience-account_summary.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "618287e9-14da"
last-modified: Thu, 20 Apr 2023 01:30:31 GMT
server: Akamai Image Manager
content-length: 1662
content-type: image/avif
cache-control: private, no-transform, max-age=313214
expires: Wed, 09 Aug 2023 01:30:31 GMT
date: Sat, 05 Aug 2023 10:30:17 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png

104.110.27.78

200 OK

7.4 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
IP
104.110.27.78:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ISO Media, AVIF Image\012- data
Size
7.4 kB (7363 bytes)
Hash
c885a0955f4f35b25bceca71830f266d
4bbdc15de0149dee5e6feae4fb32a520a983a1ca
5c18c7230c1e013e39d16af91a84fdedd4a6cb5874e26729f0883978c4ba229e

HTTP Headers

GET /assets/images/rwd/Native_App_Phone_Personal_v8.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6328cc17-9829"
last-modified: Thu, 20 Apr 2023 01:39:11 GMT
server: Akamai Image Manager
x-serial: 7
x-check-cacheable: YES
content-length: 7363
content-type: image/avif
cache-control: private, no-transform, max-age=2440045
expires: Sat, 02 Sep 2023 16:17:42 GMT
date: Sat, 05 Aug 2023 10:30:17 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/women-in-greenhouse_616x353.png

104.110.27.78

31 kB

URL
www17.wellsfargomedia.com/assets/images/rwd/women-in-greenhouse_616x353.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
ISO Media, AVIF Image\012- data
Size
31 kB (30860 bytes)
Hash
6e75964fb01ae452f65c9fa41cd3326e
1a0909cc3f5290bb291f4d35abdc4df63767ef9e
417df9b440b214aa81b429a205291afb424c1ae8a3c9143dd22e17befaada5e2

HTTP Headers

GET /assets/images/rwd/women-in-greenhouse_616x353.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6410d4f7-b51b"
last-modified: Thu, 20 Apr 2023 01:30:32 GMT
server: Akamai Image Manager
x-serial: 1698
x-check-cacheable: YES
content-length: 30860
content-type: image/avif
cache-control: private, no-transform, max-age=313248
expires: Wed, 09 Aug 2023 01:31:05 GMT
date: Sat, 05 Aug 2023 10:30:17 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg

104.110.27.78

200 OK

20 kB

URL GET HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
IP
104.110.27.78:443
ASN
#16625 AKAMAI-AS

Requested by
https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT

File type
ISO Media, AVIF Image\012- data
Size
20 kB (19628 bytes)
Hash
87490ccdfd428eee95e906fbce88432a
e1c384061e5aaf77bcf202341510db8cdc2ae350
936c825f599809216670e9444d31e555e587b6f9943a89681cfef3621c5b0843

HTTP Headers

GET /assets/images/rwd/volunteers_cars_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "618017dd-cd21"
last-modified: Thu, 20 Apr 2023 01:30:41 GMT
server: Akamai Image Manager
content-length: 19628
content-type: image/avif
cache-control: private, no-transform, max-age=2439549
expires: Sat, 02 Sep 2023 16:09:26 GMT
date: Sat, 05 Aug 2023 10:30:17 GMT
X-Firefox-Spdy: h2

connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js

23.36.79.24

571 B

URL
connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
C source, ASCII text
Size
571 B (571 bytes)
Hash
b2228cc3352ba79966a8c37c4282d9e3
7b644cecfc88646cdf6fb5c296ab14326f6d1fc0
50c204ad5821cd89363082627e5ec0fe8cf9abc7a258a6c45b2b9b7375de1475

HTTP Headers

GET /accounts/static/7M/accounts/short/accounts-cache.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Mon, 10 Jul 2023 06:48:02 GMT
Vary: Accept-Encoding
ETag: W/"64aba9a2-497"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 571
Date: Sat, 05 Aug 2023 10:30:17 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=b4if8BFcGA1XJIPgYy2xf0iQQgVlEHszha1YxrGAXAWAxxS8q1sFJZV31b+fDifG; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:17 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1

23.36.79.9

45 kB

URL
c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
IP
23.36.79.9:0
ASN
#20940 Akamai International B.V.

Certificate
IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65507), with CRLF line terminators
Size
45 kB (45055 bytes)
Hash
91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a

HTTP Headers

GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sat, 05 Aug 2023 10:30:17 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=gZGiqA+9+HpX6df8eW5Ddg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js

23.36.79.26

14 kB

URL
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP
23.36.79.26:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (32088), with CRLF line terminators
Size
14 kB (14304 bytes)
Hash
5f310e2e2a558d76b916e137aee73462
c7ff0190c9c2c414321211f3863e9e27f32b713e
385196f0fce7cea80c2c99d971780ecb73df9dea6e5b2d95d19df3aa849c7b1f

HTTP Headers

GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 14304
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=EFkm4+f2+mwxgkClHiBHZQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.503a8b321edcff4ec267.chunk.css

23.36.79.24

24 kB

URL
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.503a8b321edcff4ec267.chunk.css
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
24 kB (24064 bytes)
Hash
1cf7c1fc34f02c074f01f13b7d71068a
5a415eaf557beb9b8d31f621f80b827ccbe348ba
109d0bc8ba558e23e5f8bcb156514f3f1ff1cec0236d030723eed74bde935961

HTTP Headers

GET /accounts/static/7M/accounts/public/stylesheets/main.503a8b321edcff4ec267.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 24064
Last-Modified: Fri, 19 May 2023 11:16:12 GMT
Vary: Accept-Encoding
ETag: "64675a7c-5e00"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=xT4aTVTsDXe+HbAbcYugWw%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416470&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32

163.171.134.56

200 OK

43 B

URL GET HTTP/1.1
www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416470&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32
IP
163.171.134.56:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416470&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 04 Aug 2023 10:30:18 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=PNEhBss2i8pekjViUeu8J%2fAQ8cxY6M5uVkx3gAFeFUc89KFyXl8RxjUu90J4Cfsj; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b9_VM-ARN-01XDr43_24756-18452

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.977fce5e9afe92d4ccbb.chunk.css

23.36.79.24

36 kB

URL
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.977fce5e9afe92d4ccbb.chunk.css
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
36 kB (36211 bytes)
Hash
44728bf82124e7d978288b51d29f7247
127bdc80872b827ffd5f4f14219460948feecc5b
e8ab621591e8c7b4b8ed81e5613f0c13d45090c595347fe094f2a7c13ed98b42

HTTP Headers

GET /accounts/static/7M/accounts/public/stylesheets/wfui.977fce5e9afe92d4ccbb.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 36211
Last-Modified: Mon, 10 Jul 2023 06:48:02 GMT
Vary: Accept-Encoding
ETag: "64aba9a2-8d73"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=pvczS%2fYVDylaw4WMaAZNAA%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153

23.36.79.9

45 kB

URL
c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
IP
23.36.79.9:0
ASN
#20940 Akamai International B.V.

Certificate
IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65507), with CRLF line terminators
Size
45 kB (45055 bytes)
Hash
91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a

HTTP Headers

GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=9PdlJr9ky0%2fFzVdx9Vgkww%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416467&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8

163.171.134.56

43 B

URL
www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416467&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416467&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8 HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 04 Aug 2023 10:30:18 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=+7jSjletV%2f1XCrMmglUnRTVs1GZtw3QtNgKeiu%2f9wToU5VlrUKxty7WKOXt33iEc; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b9_VM-ARN-01cnE31_28198-18230

c1.wfinterface.com/tracking/gb/detector-dom.min.js

23.36.79.32

138 kB

URL
c1.wfinterface.com/tracking/gb/detector-dom.min.js
IP
23.36.79.32:0
ASN
#20940 Akamai International B.V.

Certificate
IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65434)
Size
138 kB (138549 bytes)
Hash
c71e354b6a3fbb7e60e42b5cd392761e
b0abcc1cda4144fb29550225f7c3dd0342d11fbf
c5efd80b0945674f1ffbb895395fb45f44b6030a3d2c6380b03202e667c51923

HTTP Headers

GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 28 Mar 2023 20:08:12 GMT
Vary: Accept-Encoding
ETag: W/"6423492c-7049c"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 138549
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=mvgOZ2caFJtDecOxa16fkw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416464&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32

163.171.134.56

43 B

URL
www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416464&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416464&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32 HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 04 Aug 2023 10:30:18 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=ORYRjuxE0uHmPgk9WKNTq8rb2%2fRQXmy82tH8wwMCH3pDAbLSNhXaemO45WDbWwMB; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b9_VM-ARN-01XDr43_24912-10751

www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416427&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP

163.171.134.56

43 B

URL
www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416427&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416427&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 04 Aug 2023 10:30:18 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=BXdGq4OrxHKRu7LiscJn7eNKp0DA%2fUUhU5d+um2gjSi%2fJ1XcQJlS01hok6+QUArT; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b9_VM-ARN-01cnE31_27983-37455

www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416474&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_chk_digitalcashbonusrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32

163.171.134.56

43 B

URL
www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416474&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_chk_digitalcashbonusrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416474&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_chk_digitalcashbonusrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 04 Aug 2023 10:30:18 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=ADnm7H9yd6rkxqMlXWeUFvkrL8v9WXeZwImhznhNo6xkH5n7a3+fiTuDUvgaFQMX; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b9_VM-ARN-01cnE31_27980-22162

c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569

23.36.79.9

45 kB

URL
c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
IP
23.36.79.9:0
ASN
#20940 Akamai International B.V.

Certificate
IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65507), with CRLF line terminators
Size
45 kB (45055 bytes)
Hash
91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a

HTTP Headers

GET /tracking/ga/gtag.js?t=AW-984436569 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=9e7oSiNdXQuN+UHOlb+xXQ%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.11d8ad2657d343ccd76c.js

23.36.79.24

3.8 kB

URL
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.11d8ad2657d343ccd76c.js
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (7626), with no line terminators
Size
3.8 kB (3789 bytes)
Hash
197b7a7fb6f902fc2a4eb5ff978b89b4
c3881a2744c14817af138f88d98676d18b4588c8
38e0b8e6ac4f55b41a4ff32e31c8fca12b7893c42b92b6ba5d98cff1500a82eb

HTTP Headers

GET /accounts/static/7M/accounts/public/js/runtime.11d8ad2657d343ccd76c.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Mon, 10 Jul 2023 06:48:02 GMT
Vary: Accept-Encoding
ETag: W/"64aba9a2-1dca"
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Content-Encoding: gzip
Content-Length: 3789
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=ZawF6mWFhxGHfkM0JMCtePL3C+K1pRMhirioJZmpNz0%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--d649329d48d6c.wsipv6.com/as/jsLog

163.171.134.56

200 OK

0 B

URL POST HTTP/1.1
www--wellsfargo--com--d649329d48d6c.wsipv6.com/as/jsLog
IP
163.171.134.56:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

POST /as/jsLog HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 166
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:2$_ss:0$_st:1691233216787$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTYyYYgt2y%2FG8CmqtBqni%2FRkJq3d%2BgKb50YT%2BxWlpag%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C81449951351949728815155355947144261027%7CMCOPTOUT-1691238616s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Length: 0
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com https://*.postrelease.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nuance.com; script-src 'nonce-e2c6f801-71b3-4de0-84c9-e0de1830b4e9' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Set-Cookie: ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:100; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:2fa2fc11-a2e9-4099-a05b-e468c86b0919; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:2fa2fc11-a2e9-4099-a05b-e468c86b0919|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=4B1DA17AB1069F8C8F9020E64E56AF3A; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sun, 04 Aug 2024 10:30:18 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120230805033018217160170; domain=.wellsfargo.com; path=/; expires=2 Aug 2033 10:30:18 GMT; secure=true; SameSite=Lax; HttpOnly
ADRUM_BT1=R:27|i:206915; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206915|e:57; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206915|e:57|d:1; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ISD_WCM_COOKIE=!eJrpdA+Hpufc8C3Xcg3V8rzrEPW+Gfc5rsbP/AdFVqi4jP2YliR2vR31v/0JAWpe7WeB7sGK0k6gqCM=; path=/; Httponly; Secure
DCID=UknMhXs%2fp7N5EqPxxJh7+GgTK2VyGceCvC3yj5uYFwKPCUO98JOvbCU+t85nTByt; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
_abck=C582E7EFB5971D83D6406CB37EE400A5~-1~YAAQTpbvUKai3LuJAQAAJng/xQrG1VpsvOEMesTzwPDnitUTjwxgHDTohAqY2pSfGoDW62X0lFvgWimPgPTNG6Nhs88O84RlGBHrGAW299i8DunPiXN2fh+Nh5mOrpn1iodH2wIG+x70B/lvrrHbslqVvC9SDsxn7Fe2UmbkdlDOd0ffPtjEqhrDFrLQJi7MBG9VmbWNMQqjdy+sUwhAuDiv7X9/dUPxZLxGYeMYokiqSdsBWc1Bj1WAl5IvbL0YC/k7dI9eUe59ClgwrpY9oBDE5aaDygervt85LmXzbHnAFBfbu125ms164E3qOLcrGI3zllKSVZJ5F+X4q1sjWRSgYPcL2+VyITnW8u9S1KSwB9Ghi0sPM36w0xiH0I/w~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:18 GMT; Max-Age=31536000; Secure
bm_sz=16C1E8DA400A4D4D639BF1AAF4E4AC72~YAAQTpbvUKei3LuJAQAAJng/xRRK4vxDvgPK0IGHDLrtqUGtTc7yXHxLeLgMsmwWDSM6h9UVBHu+wKrc/bU/LseHRu/qrkmbhPovOAPmKEo/71ehhieDrcaSpQs325A4DqPO6qLAqNghON3wBd8n+jiEyWpA/kXoeIoknEBF0/4xoDVZMkZ+nBmvOuxY6ryz+5DQWYxDYkfp+ODEynT3WY1fuheONSEpbxJhS2eFSeBJJqyYbRe0aFowVerFUVMLU2oNSQbhZCZGT7nzsSNX+h/r/RLpY2AjKRD2hHJchStKH9r7ztgz~3289649~3163206; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:18 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24ba_VM-ARN-01XDr43_24756-18454

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.cb957977cb3cf8924da3.chunk.js

23.36.79.24

190 kB

URL
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.cb957977cb3cf8924da3.chunk.js
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65445)
Size
190 kB (189880 bytes)
Hash
197a0531454004e6e7769c5300c746b7
30a2a33795f7aeb49211b640256357e521829e42
86d9df808b65994cb555bb1c9d9ee93e79b5598dd8fd5bdd848eea1ec5fdfc15

HTTP Headers

GET /accounts/static/7M/accounts/public/js/vendor.cb957977cb3cf8924da3.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 189880
Last-Modified: Mon, 10 Jul 2023 06:48:02 GMT
Vary: Accept-Encoding
ETag: "64aba9a2-2e5b8"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=9USElwbNfsDGeqqetQPL46rg+uTDOQSqZybrO3Tc65oivCByxyFI94cHiz+JvaiF; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.7a759df3119e0b9c531e.chunk.js

23.36.79.24

200 OK

307 kB

URL GET HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.7a759df3119e0b9c531e.chunk.js
IP
23.36.79.24:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
307 kB (307189 bytes)
Hash
eb5dab90a5f6fb32cb1044e07da243be
e0d3df44fff06faae85253afa56397e077437bfb
900c079a3158efc5792092de56fca68a5bd8fcea88a6ed2d6bd33551bba9c4a7

HTTP Headers

GET /accounts/static/7M/accounts/public/js/main.7a759df3119e0b9c531e.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 307189
Last-Modified: Mon, 10 Jul 2023 06:48:02 GMT
Vary: Accept-Encoding
ETag: "64aba9a2-4aff5"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=3DG5%2fbYLWYdf9bkzvUnPKtTA%2fm2Q86il2xV7Co2yXbAWfjWkLjSjMr6boRwFM9gc; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416477&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32

163.171.134.56

43 B

URL
www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416477&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416477&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 04 Aug 2023 10:30:18 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=Mkx%2f03GqrRNHYs6n4HpvlBN3w0zdXl96z3vnZMPGyleP1LClWImbKzuDYQsTkqiC; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24ba_VM-ARN-01cnE31_28198-18234

www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416481&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_sav_savingsprospectrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32&promoSlot=1

163.171.134.56

43 B

URL
www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416481&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_sav_savingsprospectrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32&promoSlot=1
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416481&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_sav_savingsprospectrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32&promoSlot=1 HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 04 Aug 2023 10:30:18 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=KoYX49NBNBI8VF3vW2YoStvHTx3J8sFkPyDcWmebSqR6IpPgPRJxM7LRu+4Bg1B3; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24ba_VM-ARN-01XDr43_24912-10754

www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416484&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-242364-16%7Etcm%3A91-228643-32

163.171.134.56

43 B

URL
www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416484&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-242364-16%7Etcm%3A91-228643-32
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416484&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-242364-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 04 Aug 2023 10:30:18 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=TqQLQmFkUZkkY7OJXTZm0Xd0eCmO2T3yak1rF8GmFDhhOPljfX8nJxjjz5E6+7Sc; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24ba_VM-ARN-01cnE31_27983-37458

www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416459&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32

163.171.134.56

43 B

URL
www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416459&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416459&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32 HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 04 Aug 2023 10:30:18 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=9StsPVweUO0%2fGenRdqoEb5IvQaRGBRS%2fm1e2318wvqqLSMwHwJld2ftXGrJAfHyJ; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b9_VM-ARN-01cnE31_27980-22161

c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1

23.36.79.9

45 kB

URL
c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
IP
23.36.79.9:0
ASN
#20940 Akamai International B.V.

Certificate
IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65507), with CRLF line terminators
Size
45 kB (45055 bytes)
Hash
91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a

HTTP Headers

GET /tracking/ga/gtag.js?t=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=YwluvD55iYAMfbdrXZ%2fcEw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416487&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_tk1biltcardlaunchrspv_smlpromo&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-242364-16%7Etcm%3A91-228643-32&promoSlot=2

163.171.134.56

43 B

URL
www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416487&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_tk1biltcardlaunchrspv_smlpromo&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-242364-16%7Etcm%3A91-228643-32&promoSlot=2
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416487&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_tk1biltcardlaunchrspv_smlpromo&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-242364-16%7Etcm%3A91-228643-32&promoSlot=2 HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 04 Aug 2023 10:30:18 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=oeWTSaMXc7+9uoSTVkeitAPo0fMuvlO1lmx7bj6UcthARbx9hzON89ZBDvcM3Jjg; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24ba_VM-ARN-01cnE31_27980-22165

static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js

23.36.79.26

16 kB

URL
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
IP
23.36.79.26:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (599)
Size
16 kB (15970 bytes)
Hash
aeccb854b0a76aa9f478e466c8011b29
625d31cbeb8978cf2419f58d14bba92a42dbb45c
7f0d10bc282c3d7b0eb4d7527303490f8d3b86a1c65e293c2d9f0793006441e6

HTTP Headers

GET /assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 Mar 2021 23:46:24 GMT
Vary: Accept-Encoding
ETag: W/"60401fd0-bbed"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15970
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=zGyTReUvWwuVVpEIULIcMw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416490&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32

163.171.134.56

200 OK

43 B

URL GET HTTP/1.1
www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416490&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32
IP
163.171.134.56:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416490&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 04 Aug 2023 10:30:18 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=VoJG81GjqXwu%2fjS9zIJvaorgeuy2kOct+iVPuJ3Js%2fqCw2SQwqOtT4ghdekE6buL; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24ba_VM-ARN-01XDr43_24756-18455

c1.wfinterface.com/tracking/ga/ga.js

23.36.79.32

20 kB

URL
c1.wfinterface.com/tracking/ga/ga.js
IP
23.36.79.32:0
ASN
#20940 Akamai International B.V.

Certificate
IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (49163)
Size
20 kB (19477 bytes)
Hash
8402e9ebdf9290c018b0617018227681
2d840fcd6c3008d9aca747ba0ce056b496db8e1b
0b2af045acafbdf14516bf55f310568036ace959946d16edb1acebcd58029d22

HTTP Headers

GET /tracking/ga/ga.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-c025"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 19477
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=22sN4YMFevuePuLyLXBN1g%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416494&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3

163.171.134.56

200 OK

43 B

URL GET HTTP/1.1
www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416494&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3
IP
163.171.134.56:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416494&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3 HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 04 Aug 2023 10:30:18 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=pdksRfb8z1x1Ce9ALTfiYlmhSPdJxDQvnu9qU+tiNZB305x3i0c7CT7rcqZGfuXc; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24ba_VM-ARN-01cnE31_28198-18239

c1.wfinterface.com/tracking/ga/ga_conversion_async.js

23.36.79.32

14 kB

URL
c1.wfinterface.com/tracking/ga/ga_conversion_async.js
IP
23.36.79.32:0
ASN
#20940 Akamai International B.V.

Certificate
IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (35846)
Size
14 kB (13593 bytes)
Hash
0a40602db7616a31c9da4548ee920190
878e01cb0c90cb247aabc137327655a6fcffcbd5
6c771bd1c269646a76015f2f6410a40c031e5adea88f665bfe9ae15a972ab6ab

HTTP Headers

GET /tracking/ga/ga_conversion_async.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-8c31"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 13593
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=jfj8lEL4Oob7ibua4J9VRQ%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--d649329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA

163.171.134.56

175 B

URL
www--wellsfargo--com--d649329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
175 B (175 bytes)
Hash
222cb740997b9572016e61aa46127ab8
8333d7b0ab287b8f209c22e6418599de2a10b6b2
995016111c9f14d0a1d010df3c505cb81c3f558dc9178c7c21b330dcbd956e01

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

POST /dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Content-Type: multipart/form-data; boundary=---------------------------20094031832844111177135306962
Content-Length: 169
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTYyYYgt2y%2FG8CmqtBqni%2FRkJq3d%2BgKb50YT%2BxWlpag%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C81449951351949728815155355947144261027%7CvVersion%7C5.2.0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: application/json
Content-Length: 175
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
x-envoy-decorator-operation: ingress DeviceCategoryPost4
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Cwmj2tWimOtTenPnBEnCcGsM3HUtChlZm8pLnOyVj0PpPMtw+7LZ7F463EnBv4MH; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
_abck=4A7A35349C72613BFABE57126D0CC02A~-1~YAAQVZbvUBoynLyJAQAAtHk/xQqhH8erROGxIID7M0pLllGKyeCM6TMcCaCnn7GJNA7nK/yOd5wXh21k3/Mw2R+hPiBsC7xjjTkt07cgVm0uZgV0oQhVUeFuvOZwE1oWED3ZzSL2ZleUmZl4slglHz5faVms76EnP8ap5sneLHUJjlhriqVShtb6YxlQiIb3Bsj43ghcMTHp/BNieZokQOFIKl47ctjq+kJGHsAbkACd3J5uXSauYKhG+0WloBVKYhOkUaHVtLAV1FDB3GV8YFgNJaazz5dpnKydOAR8ky+gXIVxfbSRYNZtOaRwFTm7ePFg2HDkqaGsJuq5G3HjWi0QjvNZvWgo7FZjObPwTDgAHR49gcaQp84JMFGopkcD~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:18 GMT; Max-Age=31536000; Secure
bm_sz=822FF6D4FE9724B15CE34432E6E824DF~YAAQVZbvUBsynLyJAQAAtHk/xRTSqNm2nJLLY2x+MV4RVCtReN/74k3dpBD1wWB8Wb1MTSNv5Y3L5Kk28BwqE2yan2DU/oXmV4661YOgE78E6qcqnbTj4+tethxJSvrC9eIva3H+5gcC23Cy7hKCwqgQb/yYMq1DzZlrhSCA6+LWd5IFHZ+Sex88WYKXUSZx1VvksTrp/N5zY/fVBEAawE5m9IYHnFN5tMXf9DOvSkqCspPPllabapkh2SJkPZyrCYY7ZuqbRrelxD8ywyLvxrLLJnMNbMOvVBfXNoN1XxIMJ9c2i74l~3289649~3163206; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:18 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01XDr43:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24ba_VM-ARN-01cnE31_27983-37461

www--wellsfargo--com--d649329d48d6c.wsipv6.com/as/target/offers/dispositions

163.171.134.56

200 OK

974 B

URL POST HTTP/1.1
www--wellsfargo--com--d649329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
163.171.134.56:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (2440), with no line terminators
Size
974 B (974 bytes)
Hash
6513e6650c56d1d2121386d8a91132fb
16e09b2318b5439ef6dd383794833e372edfbcb9
0dd231a17ffddefdbfcde38f9f749b5be2fd7a2241177bfcb7c37353c141953b

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 265
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTYyYYgt2y%2FG8CmqtBqni%2FRkJq3d%2BgKb50YT%2BxWlpag%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C81449951351949728815155355947144261027%7CMCOPTOUT-1691238616s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 974
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com https://*.postrelease.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nuance.com; script-src 'nonce-fb825ac3-57cc-45fe-8f9d-0ffaee717ddd' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:100; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:c0851d48-1ad7-43c5-bdbe-b04a5315fbf2; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:c0851d48-1ad7-43c5-bdbe-b04a5315fbf2|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:60; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=8D39265615B633A89C091CC48F08B390; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sun, 04 Aug 2024 10:30:18 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202308050330181695912665; domain=.wellsfargo.com; path=/; expires=2 Aug 2033 10:30:18 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!MmgJ+yiKtfgB4akMntjHYqEj2JIOPKv0SkBvzBTEvR5zg2S3vu+c5SBKjhDoPtNpqnOi3pX+Be1Ss7g=; path=/; Httponly; Secure
DCID=wRXY4bDlHETrzH2INBNZeTu0FU0H%2fLUHn3hzX+G5jLH%2ffb%2fIpJJzsOKDEj%2f25BE+; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
_abck=C06913FC2B506047701B861D11F15971~-1~YAAQTpbvUKqi3LuJAQAA5Hk/xQod7aelJV9xwDiGDawgK/41rMf36uPeIgLOtnBqxb2jwmSw3QiXCa+0rSiOrBISqvQXKunifNSGA5c2iO2VU+HCLcLkCpacb5GvEKNIaOVW6pd/0WzLS6T4/mMlj2GswwiooyUoiU0R7Ptu+oBT4mN8DAMMod9t+SQkWrOZZ05AWTm3Fehgq8PoBswrlgUqy0tqmAYHcVLGaYb/0KDen2xPRE/uCEDDJwukiwloDVXueSB9pI+rLn6kJBAzSaNYptpNo2xihcxcCIyYifhPaJDjTnSfyIocvGJbCe9x/nPrpMdAmafURvmlXfgkotV9r6nXNoJAN1HP5JSkorxPRvPwHmJ5eDeFUZkUV7fP~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:18 GMT; Max-Age=31536000; Secure
bm_sz=7CB387A3B69EEA6599F72FDC9626EF7F~YAAQTpbvUKui3LuJAQAA5Hk/xRTKO26SuyMcNMlphC8F/DlHpCA9vFgoy3qxfJfjZDh9yenZIuDiw10pjCxppeXZcbiAt7t6h0UIKOzIdMIPI2YGPboap+p1sImGVdZ+0xPaVQlbPhJ35iICi4ZNKx0wDvtiHFb+h2DAWuqDIiCDbZFhWUa9itjjFBJFnK5tEqDP5XVpzhyqzIzD6aFQIa7sn6N1FrnWnO6XoKPvTuTwHRt1/4LnC7mG3lhPaO9F0VX20LBF3mwqLsc3Ckolwu7JCDM+6srd/sOsG/xa3KUuZr5lh/ub~3289649~3163206; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:18 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01cnE31:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24ba_VM-ARN-01cnE31_27980-22168

www--wellsfargo--com--d649329d48d6c.wsipv6.com/as/target/offers/dispositions

163.171.134.56

200 OK

966 B

URL POST HTTP/1.1
www--wellsfargo--com--d649329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
163.171.134.56:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (2438), with no line terminators
Size
966 B (966 bytes)
Hash
3cc5da33d7c89002d0bbc5c47d9efe8c
bc5a610481fceba2451345d4f2dbff9b7f0ac27c
043a8cb72f2d1a32919e19d4363b0789381f7114696cb8e6735bd7a4714e3edf

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 265
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTYyYYgt2y%2FG8CmqtBqni%2FRkJq3d%2BgKb50YT%2BxWlpag%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C81449951351949728815155355947144261027%7CMCOPTOUT-1691238616s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 966
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com https://*.postrelease.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nuance.com; script-src 'nonce-66cba0be-a6c7-40be-97f4-913c06700436' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:100; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:20fc340f-42bc-42ea-b3ce-76e69a64aecf; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:20fc340f-42bc-42ea-b3ce-76e69a64aecf|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:54; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=2D99377F52908A857A2A607302D88446; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sun, 04 Aug 2024 10:30:18 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120230805033018889417941; domain=.wellsfargo.com; path=/; expires=2 Aug 2033 10:30:18 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!D0rKh9ez+qS7dNoMntjHYqEj2JIOPE2lXtsR3EQzf7sgKE6aNGolffWvBTf4UvRWlicIo6pj1LhS184=; path=/; Httponly; Secure
DCID=Lk9RS3Z%2f9bEmA0tP04DSmHjLae4xZ%2f8gJtyJE%2fB4scu+2js3RNCEaorLMJ63kObm; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
_abck=46C29B47D24864A133301208A0291D66~-1~YAAQVZbvUCMynLyJAQAA83k/xQq2mxTEfLPMIJYgwcrG1cZF6mP2KbnezJj8CWuJ/0DA7amdjn0at5k9Fl6sMCcivrtTCpuYWONIi7Dt9WwMWPdwZPgHUqO975rlnLO0nYwqoxU9GJrt7BXwqr1DBog/GSw8plw3UGi8Kulsx56AU5VokuPlSNNmwUNEHdW5zZvjd4OiIb+dwIby0Yv2Rz1Hnqf6+KkMS/2oa1YhVY/LMURfmRKZKZ+KMX85jOTfgF38XYWIFURCGaktf/OG6XhM+KF5OIwpqkNfHSeVfFblR+1kpEHFCHUWJHphyxWuUR+gy1y2qk25BUdWZQItlz7wThYKomayaYkk5jucJ6JEIjXQ6Fw7HKDIX9hGcCG4~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:18 GMT; Max-Age=31536000; Secure
bm_sz=DAF84FD8E3BFC305AADF380D59464DAB~YAAQVZbvUCQynLyJAQAA83k/xRTx9ZzZeVUDs9zcWvnXcX4NH5GYfeMaom9Y2obwk6Pb6Og2ayV6QkeEvgMWmQpFbV4VyZN1ZEQYIJYkdnSkGvAnDrxhTZYPS+B70f51sUrVcZqcINh2uDgESjMouyc960KM/+tWHZs+xw5zk2fKacSak5rvqbqDo7dKlYlSjw228wYtQJR9VdOkw44+bQBMrChdIN7mmBeQgqLKQCAvmS/f2zcmB/gtw00i+BZT65h3HlNzOUNMl+G7uuH8l7sNnag5icWNUY4DBngru38fPuXm2jgA~3289649~3163206; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:18 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01cnE31:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24ba_VM-ARN-01cnE31_27980-22169

www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416496&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32

163.171.134.56

43 B

URL
www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416496&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416496&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32 HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 04 Aug 2023 10:30:18 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=UlEcqlFVC%2fIDw%2f9nO6Ap6Kl4ffrATZW1PIgHhiq4CjHf8drJXArrtdgrL6VWWjaY; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24ba_VM-ARN-01XDr43_24912-10759

c1.wfinterface.com/tracking/ga/ec.js

23.36.79.32

1.3 kB

URL
c1.wfinterface.com/tracking/ga/ec.js
IP
23.36.79.32:0
ASN
#20940 Akamai International B.V.

Certificate
IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT

File type
ASCII text, with very long lines (2771)
Size
1.3 kB (1313 bytes)
Hash
0ae62a83927125e9b9dfa97f89af9d3f
efb68f49f2b9b6b5567bf26a17015ede289e429d
618688d9849fef712931832c71e01be145d1791d6da917a702ab86a74ce66089

HTTP Headers

GET /tracking/ga/ec.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-aed"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1313
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=yTWFbcRxgeOXxJLH476fNg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5%3A0&_cls_v=53ffcf32-88c7-487e-858d-b712f3828a78&pv=2&f_cls_s=true

23.36.79.18

200 OK

1.0 kB

URL GET HTTP/1.1
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5%3A0&_cls_v=53ffcf32-88c7-487e-858d-b712f3828a78&pv=2&f_cls_s=true
IP
23.36.79.18:443
ASN
#20940 Akamai International B.V.

Requested by
https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate
IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (4264), with no line terminators
Size
1.0 kB (1042 bytes)
Hash
0a3de1fc6e459863851ae3073c903407
ae7dd2ee0b1fedb980d9504bce8df3f266193b0e
bc80bb07b77b4f492f5d02984c16bbc07d7ea019ea49ccc0000ec1ede25419cd

HTTP Headers

GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5%3A0&_cls_v=53ffcf32-88c7-487e-858d-b712f3828a78&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1042
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=c31911bd; Secure; SameSite=None;HttpOnly;Secure
_cls_v=53ffcf32-88c7-487e-858d-b712f3828a78; Secure; SameSite=None;HttpOnly;Secure
_cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!Ko5x65vgkP/SzUnpnNE5eVRfS7HzYxotOTF6pxGEqJ2bTcCDTsZ9GCtvCAE1D6pmoNA445Z2KiJ8zA==; path=/; Httponly; Secure
DCID=8R7KRBTpUWYMYlCcUxXUXnwvypGCyjxPLBj+7eIrFXaehYdDHxpVOjRySAy9GU+s; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--d649329d48d6c.wsipv6.com/as/target/offers/dispositions

163.171.134.56

200 OK

970 B

URL POST HTTP/1.1
www--wellsfargo--com--d649329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
163.171.134.56:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (2438), with no line terminators
Size
970 B (970 bytes)
Hash
988db0af8d9a8aafbd8bd703c2a5a4ba
c9ad5a892ed054b084ea07fb69f578a0aeadb3f8
dbfef2a537f87900256a1e776a49ce0cf5d88fbe6acf3a0b8cc0878fc9bca38e

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 265
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTYyYYgt2y%2FG8CmqtBqni%2FRkJq3d%2BgKb50YT%2BxWlpag%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C81449951351949728815155355947144261027%7CMCOPTOUT-1691238616s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:19 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 970
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com https://*.postrelease.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nuance.com; script-src 'nonce-4a083659-75be-4d1a-b8b6-1d552052825a' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:100; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:a90b1c45-9641-409e-a6de-472167e87ea0; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:a90b1c45-9641-409e-a6de-472167e87ea0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:69; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=EFAE568E3CDAE6B65F5ECFDBC1A1A404; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sun, 04 Aug 2024 10:30:18 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120230805033018531659355; domain=.wellsfargo.com; path=/; expires=2 Aug 2033 10:30:18 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!tb8Kt/jKN5twx28MntjHYqEj2JIOPKmjdW69oWqwKV7BarVo5dqMRfFUN96s4UzqbAiWBNewxL2AqzE=; path=/; Httponly; Secure
DCID=Q4dYdrDbZ%2fAqP1emH%2fVUHD0o6ba+OosCL5hqiG+8tEkVBqyQ5vnD+MGyv4Ux29fc; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
_abck=C709143BF69B36BEEF1D024A9CB5A027~-1~YAAQVZbvUCsynLyJAQAAhHo/xQqUXLpOvxrnqDr9aYIl9gjF4hVzp8GTwwhzEQIOqUWfqcUioQ84qp0JajSMUz4m/5jBOz2+4fHVHVF2G50MUxrxBkZUQZO/hQ1A+lFadSJxWktqKnCTify68PJqXRhk//Ws28iDWf4OEWT0kbsUkxvJD050HpXiktE+EqBXTKnxDoeasWx+NkhCSziAr7WPpfLCUQe4V9SxaU9fO0ug+A2Ilq/u60ncho8HFuW02K/fVTIl/IFX6Rphg18o4m8gBlC1Kr6A99ABZhQdPDAnKK9EMIRIPk9u/TQJeFSOX7ZXMEKlWwrEdjG2oXf+wbtAnDXNxCugCHNtWTeJ59TKERS/hXhmDYIvC4R0EJ4u~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:19 GMT; Max-Age=31536000; Secure
bm_sz=2845B805366B4D98DC7394B03735B098~YAAQVZbvUCwynLyJAQAAhHo/xRTpxPl+cGvOw50GicLoRO9UvrAdUOAoQqb+PrJuxWry6iRJVL0umaEUa++VCzkq2/F8pk6KKgvRCtwoW2c8TntZiOBdEx276/elXrKHbVBBZx6tmjMJjedihIzV8Q2M4ECZg/IUt63mOPJgr6+yHt0U4DaDJ1yYcQceg3y+WneWhGF1cvFYKcrl/74BdG1cDt9m7xAywTx5Npinfbxo8+l+WLkeqbjWdkZzBAwLv6L/iS+91Ln4KjO+tM1acdRcD30e+OKvx9EokwMYS1CSTPewBwha~3289649~3163206; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:18 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01cnE31:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24ba_VM-ARN-01XDr43_24756-18459

www--wellsfargo--com--d649329d48d6c.wsipv6.com/as/target/offers/dispositions

163.171.134.56

200 OK

969 B

URL POST HTTP/1.1
www--wellsfargo--com--d649329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
163.171.134.56:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (2437), with no line terminators
Size
969 B (969 bytes)
Hash
665fe9448492418abcd46d180117d46c
1ea365cfb1ad6b42ea7656a32d66e2d5bf7bf9cc
67d5ac116e8ccc63c130a790b70395457332c551bac00472d09962db92f08e52

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 262
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTYyYYgt2y%2FG8CmqtBqni%2FRkJq3d%2BgKb50YT%2BxWlpag%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C81449951351949728815155355947144261027%7CMCOPTOUT-1691238616s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:19 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 969
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com https://*.postrelease.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nuance.com; script-src 'nonce-76a45a02-e4f2-4440-bde1-4590de643804' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:100; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:6af3f1bf-f2ba-4fd1-b88f-8e0b2f9c7419; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:6af3f1bf-f2ba-4fd1-b88f-8e0b2f9c7419|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:64; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=8519DD13590A6509BFFC8A649180BDD8; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sun, 04 Aug 2024 10:30:18 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202308050330181487568248; domain=.wellsfargo.com; path=/; expires=2 Aug 2033 10:30:18 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!uXrNF+FWaiBXN5sMntjHYqEj2JIOPHw4E7R4zCQRpCwbvjHmXhrf1YA0jsXmwf7GIz2jgZwIUbi4hm0=; path=/; Httponly; Secure
DCID=Ov0YVn+ixaPFJfYA76fzozAmruD%2f6TxHVFnHYs1aFKoPspY2C3WTvG8Dan3%2fZUJa; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
_abck=833327FCBD3A41C0BC412197380B99BB~-1~YAAQTpbvULCi3LuJAQAApHo/xQrumBj4Bjiwpz33+Gix3HFmyFi/32lE4iAELX4XSWNo3omOUuPWgD3oxqf8m62x7NL665/zzHMRNVoXZPNff/AtVXYu7LYC3hXyjujLYPgO5wJkRaNsq8USzGW6Vz5+esStR1S6Pf4rwPMZzHTzKRVLbX5CEi7t+m37ANPw2pU/+h11oqdUIgLyaFPVwUjjg+S7oEF6SmbVOEtNTifvKAMHrWYCKVxs5VrjdafxDLbsdlctBXhkdUg95FzsD4g4oW9TAz/GAxqGdKGFvgT0jWK0tzlJ6n8qMdg/pb6fdEhPxBYqn3RbhtTcatKvvjQ+1oEOoehLUclV3smWsEa4p3gltRGttlh2cvZ14C8o~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:19 GMT; Max-Age=31536000; Secure
bm_sz=2E6A352FBFB16CA96DC4AB45C198DB08~YAAQTpbvULGi3LuJAQAApHo/xRSttxa/1pGveon/qWYylcZBgW5EjAQllxjtnpKHktQv7ApAabUUvLTxcs2M3nd8LyReqh/+3QPWzofv0mQzwdGjiaw7v8L2wOYswa4X0uDxsu4sL5iAFmj9N8+Ne+W+zy0J9n+e22OcTT5ZjhOcsc/hMlaeiR4gNxEPbc/XLUnUorDjLw0CwMl48ab3jDa+GIHnGUaqhGEm5bloN/XAVaHURjGaemtg7hnpSkwz+eM+3DomMCJX/LsP6KrPkpHXpmdkk3Vny6VydqPz/eiixqZb+J99~3289649~3163206; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:18 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01cnE31:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24ba_VM-ARN-01cnE31_28198-18241

connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js

23.36.79.24

152 kB

URL
connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
152 kB (151908 bytes)
Hash
10e4c9b8cb6d1b9b01139293788df5e9
40b0f9473b0f0ba1eaf4eacbdf0433efbda73aea
f3dd8735950dd65aa073b7fadd451a227c3856425042c3f5fdb4a09b0980544c

HTTP Headers

GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Allow: GET, POST, OPTIONS
Access-Control-Allow-Methods: POST
X-Frame-Options: SAMEORIGIN
ETag: W/"649daaaa-f4e"
Last-Modified: Thu, 29 Jun 2023 16:00:42 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Sat, 05 Aug 2023 10:30:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
WesdAksn=A8t3P8WJAQAANkdH0rJj9GaiMxsN3YALSZtruzBbqu3K-M9sj49oqyJiUh7aAVtaKpqcuNk0wH8AADQwAAAAAA|1|0|80564de810e1904998a21408164bd0804ce6acab; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=JimrVCEF8XpgDCXYckt06VsPP44HBY%2fgx9SwCjQAD3KhpN7C3hqe8FsUxeVJJjvb; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

ort.wellsfargo.com/securereporting/reporting/v1/csp

23.36.79.25

0 B

URL
ort.wellsfargo.com/securereporting/reporting/v1/csp
IP
23.36.79.25:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /securereporting/reporting/v1/csp HTTP/1.1
Host: ort.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 3083
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Length: 0
X-Vcap-Request-Id: 694fbe9b-6496-4a62-4963-ec0e240b37f4
X-Xss-Protection: 1; mode=block
Date: Sat, 05 Aug 2023 10:30:19 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:0|g:a127d1c6-3741-440f-9871-21bed70bb80f; Max-Age=30; Expires=Sat, 05 Aug 2023 10:30:49 GMT; Path=/; Secure
ADRUM_BTa=R:0|g:a127d1c6-3741-440f-9871-21bed70bb80f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Max-Age=30; Expires=Sat, 05 Aug 2023 10:30:49 GMT; Path=/; Secure
SameSite=None; Max-Age=30; Expires=Sat, 05 Aug 2023 10:30:49 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766; Max-Age=30; Expires=Sat, 05 Aug 2023 10:30:49 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:2; Max-Age=30; Expires=Sat, 05 Aug 2023 10:30:49 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:2|d:2; Max-Age=30; Expires=Sat, 05 Aug 2023 10:30:49 GMT; Path=/; Secure
DCID=VsZKcZ1H8wJ6mSiITv5%2fiBHDJ6Rwhha%2f2IjM2NF5wbuVsS9bcKyZvGuEUA2R5BzE; Domain=ort.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:19 GMT;Httponly; Secure
_abck=4B7D694E3955D6CEDBCFCFBA645B4A05~-1~YAAQFU8kF3KkJrWJAQAAOns/xQpHaycmlS0eEeqGZAuXfC+7hW5u67tV3xVWfEpwR4bVY628cyQy5+XggALBHgCQjRQe0RIhTB8GHlQb97BaNz3lVqQQsbnr95iLuX0qNN4ohmtVV2/sKd5nZv03TjWtB4eWkq1Buf3HiBdkpANaNCtKBtkFJx2UBi2W5bfJw6VTnmx7s7Q12vk8wwPKrz6awkRwuJ3dl9mpvHFN2mBUcFFbagIDnyk1bzwNmBQLYrTqAsT4IInfHTz8+IaLlrMDphOd2VmeZERgDsKDSmaFc7XhzCU3KORwwuZFi2/FcdUXs6L/tKJpNQOznj7aBfty5tW8p+2NF9QfO/vShXKUx/q7ME4WzuNKTMdvk1q/~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:19 GMT; Max-Age=31536000; Secure
bm_sz=2607DBF58FE19702A70E20BF8C0DAFFC~YAAQFU8kF3OkJrWJAQAAOns/xRSU9eYQyt3XX39jMjRxydDR1NYOQjOX0XGMoBGHl9kVNvPbuure4ozw0obyGoZ+u0LSF8gBZCIAPxj8E8ElYkyAcGvCnn8HeF6Is90NdM6xNh8XZuBiO5jWym+KAFrD54p8G0UHsV9L4vlbl6BCeVqIMVC5cgb/KQMYUC7yDvIWo53v49iv/izeHiAOJa4eJ2+elWWgEBOdtBMw6+1MfnzY+FhkDlhU79Gf69+sMAsVmVreS/lsSYED2Z5/jWKli0cQc4PBh/gjtzn0aIPGrRIzF/jv~4605505~3420739; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:19 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

connect.secure.wellsfargo.com/auth/static/prefs/atadun.js

23.36.79.24

607 B

URL
connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with CRLF line terminators
Size
607 B (607 bytes)
Hash
566dda94252f1860a7a28665c715b530
6aa0455dc8ea41441b1f3a733985758dc40af736
43dd833f33570535401d009e6b6f9cde54bdac4e210fc6c89cfdcfcbaa9fc903

HTTP Headers

GET /auth/static/prefs/atadun.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 29 Jun 2023 15:53:03 GMT
Vary: Accept-Encoding
ETag: W/"649da8df-4a0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Content-Encoding: gzip
Content-Length: 607
Date: Sat, 05 Aug 2023 10:30:19 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=JH6YivQHCVdJzSwa6JH35+S+0hSMVTWx+krjKAjHS6A%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:19 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

connect.secure.wellsfargo.com/jenny/nd

23.36.79.24

18 kB

URL
connect.secure.wellsfargo.com/jenny/nd
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (2293)
Size
18 kB (18049 bytes)
Hash
fabd69acad9198d99b681a1c76b97a61
95d0306f68de42da077d330d8bea8ce0a347d52c
b7218dd742456f2a2a46ef91b8d193f2c8f53bce46deafefbf7fc46df1007089

HTTP Headers

GET /jenny/nd HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/javascript;charset=ISO-8859-1
Content-Length: 18049
Date: Sat, 05 Aug 2023 10:30:20 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:55|g:96ae62ed-87dc-48cc-ac56-89a89c374432; Expires=Sat, 05 Aug 2023 10:30:50 GMT; Path=/; Secure
ADRUM_BTa=R:55|g:96ae62ed-87dc-48cc-ac56-89a89c374432|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sat, 05 Aug 2023 10:30:50 GMT; Path=/; Secure
SameSite=None; Expires=Sat, 05 Aug 2023 10:30:50 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812; Expires=Sat, 05 Aug 2023 10:30:50 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812|e:2; Expires=Sat, 05 Aug 2023 10:30:50 GMT; Path=/; Secure
ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=Q9wXRYwdDZ4cyUmL3XPhnOIaWWO2Qa11%2fWD5%2fY9vScQyqCkag+Za0oKOaIoufD%2f2; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:20 GMT;Httponly; Secure
_abck=2EE1053C1B99A274E38F3D11B1806B74~-1~YAAQFE8kF8MQC7uJAQAAIH8/xQr3QFDlZoqR4ecuLmh7LAiw0ovduX3VWkEzjZjhUkkVWF5xD+UWa2JIIfgAMMFbBNyNUZIw2+ufBl70Lev3e4iIKcwDY+P1DUGAT3LULg3Gh/fjlFoItCtdyIx17mlFoQLexSb5/xvdvht3uCxhIbckjPml2prq6k3eGnO61cOVk8+7IH8NsP8vKl276sXNJaymVAcPkvFoiYumzwHBt+62EWMF6w1glT4fKrfjprdQSxQVBx7yrqNf1hDJv8Qd8SGtpgqbsdmVICe4g2nRsEqiY4xl/9FzFSWzz9T32ysQuf6NxFRDdpuwtOKbGwfa/ewclNa5pFoO8lL/eu4ABn4w6/I9ISqjFWdNY0Qy~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:20 GMT; Max-Age=31536000; Secure
bm_sz=1698C9BEA7E6E942EEB582C2C83545B4~YAAQFE8kF8QQC7uJAQAAIH8/xRSN1IddBp/Zp4Ov22ojx4aloz6LiUdxtDwzVRri2HC4JEigx1N7iPFhCyaBVuIQFuDFfnIYJMYLQ9Y6WFu06/NQZRZOnKDtDLXOiv0RfWsKtAxnW1X5vsn54uQljoI/If/dtra9aWA0bNkvuJj8aoDtp89gP9RO6uBzJadFhh7snOcH602384ndoccyq+FcihS+UJAJAWY4lnjpILZu6PZDbctY1zT6CsMWUlDuHpFtwQDofKAKjmtF1YhA0+ri/SuzyGpA0XYHYceAQhEaUTJ3T7uS~3487541~4407619; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:19 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--d649329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip

163.171.134.56

134 B

URL
www--wellsfargo--com--d649329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
134 B (134 bytes)
Hash
792ff569cfae41886213c9ff5823884e
fc7a73a874df458e0bf6691d4f150d6222732b50
2fe42ed1f9b4779c04096d908c652fe0c5bbac5cef67f1ec3560e210e09d9d55

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

POST /dti_apg/api/dip/v1/dip HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
ADRUM: isAjax:true
Content-Length: 2048
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:2$_ss:0$_st:1691233216787$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTYyYYgt2y%2FG8CmqtBqni%2FRkJq3d%2BgKb50YT%2BxWlpag%3D%22%2C%22_s%22%3A%22RhtYaJZE%22%2C%22c%22%3A%22OUt1QTdxVmNuU2ltTEVsQw%3D%3DX6Nv1Qc1fWgGizUeeeMwf8gPqVRSsYpZkoZnWgrvHY7hger_3y05DfRsFbsQoKtyoIGZ82ZZwvJCVzUTAap-MAjDdmzh-NkSZH8%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C81449951351949728815155355947144261027%7CMCOPTOUT-1691238616s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ISD_WCM_COOKIE=!uXrNF+FWaiBXN5sMntjHYqEj2JIOPHw4E7R4zCQRpCwbvjHmXhrf1YA0jsXmwf7GIz2jgZwIUbi4hm0=; _cls_v=53ffcf32-88c7-487e-858d-b712f3828a78; _cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0; _gcl_au=1.1.153719203.1691231417; _ga=GA1.2.943158742.1691231418; _gid=GA1.2.636550239.1691231418; _gat_gtag_UA_107148943_1=1; ADRUM_BTa=R:27|g:6af3f1bf-f2ba-4fd1-b88f-8e0b2f9c7419|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:64
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:20 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 134
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
X-Akamai-Transformed: 9 206 0 pmb=mTOE,1
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=9nxaYPoXfyJmd+qUKsOPs1J6XysxQ+Tzo8syhZe57hs%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:20 GMT;Httponly; Secure
_abck=7135D806F49C559C54D553D2992C11AA~-1~YAAQTpbvUMGi3LuJAQAASH8/xQoWBfcfZsDBoiG6OzDOHIJg717QyDaCpQZSDpNR4AMVnsVgWIEXtufgkguZY9DxdtX3m3Uvl5pir+6MevkvDoQAeAiLp8OL+dkMLBqylBp/3diPk04oMHCUVz4bSi3l/SZIRD7W8huKlOirfFZrsuxwoD2I4OSo+cmqBd4EvsnE8qk+Ey0Sf4uwrA+nhJ5jK3XaEjjixneI7eAeHY70LmkITA8zrnc8joPvGJEQw+WZ+SsFsZGYIIIQ5PpUuQQ+OF2v99HgHL17OT4oUpBH4ttYn3WbvnfbZGRmJ4Y+qdiZbdZyTt4wjw0t/0qh1GHS5UrcAl4MHRDXXsboDHOvkcossMUYCZezfqlfEJue~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:20 GMT; Max-Age=31536000; Secure
bm_sz=69B696CF896CAD96207729BBDDCCB1F9~YAAQTpbvUMKi3LuJAQAASH8/xRTlcqkvMJyciM7ku6oHnQR9Ti73tFHUUnzbNWehI94jTs/UhcTXWoSM1oHxJQgNPtqIUAIzVfOAo9S5D3eq/nldhs2zng0OdG8+HhEvVo8QuuotBmlP5nPHa7q3dxpcnQjSeBacxCVq6dUULxozp86xsM8ck7jdhysmO2K5xw/Z/d0yjNRmsNZ94iT8j9PGC5u9UkuQ9nco3KduqXYwz9yZg2MwQ2VoCYeZrH7awIvDDyhQoTg00D/MKGOX2UmOFVhHd4njnujBBBexD6yI0jSYqF6m~4405552~3487800; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:19 GMT; Max-Age=14399
X-Via: 1.1 VM-ARN-01XDr43:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24bb_VM-ARN-01cnE31_27983-37481

pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum

44.241.221.162

265 B

URL
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP
44.241.221.162:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
265 B (265 bytes)
Hash
2abdb73627a12ed54ad7a19198f2430b
06cdf01a4d8dfde075e986138e5fc0c725189f48
bfcc421a9df20e6146865e9d65546d0c1a137639192c021a502ca81cf0b29dc9

HTTP Headers

POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 11573
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 05 Aug 2023 10:30:20 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:55|g:758c0660-b3ca-4b77-8abb-1e10b2bf8a1d; Path=/; Expires=Sat, 05-Aug-2023 10:30:50 GMT; Max-Age=30
ADRUM_BTa=R:55|g:758c0660-b3ca-4b77-8abb-1e10b2bf8a1d|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e; Path=/; Expires=Sat, 05-Aug-2023 10:30:50 GMT; Max-Age=30
SameSite=None; Path=/; Expires=Sat, 05-Aug-2023 10:30:50 GMT; Max-Age=30; Secure
ADRUM_BT1=R:55|i:559461; Path=/; Expires=Sat, 05-Aug-2023 10:30:50 GMT; Max-Age=30
ADRUM_BT1=R:55|i:559461|e:1; Path=/; Expires=Sat, 05-Aug-2023 10:30:50 GMT; Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
strict-transport-security: max-age=31536010; includeSubDomains
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2

www--wellsfargo--com--d649329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?x

163.171.134.56

200 OK

0 B

URL POST HTTP/1.1
www--wellsfargo--com--d649329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?x
IP
163.171.134.56:443
ASN
#54994 QUANTILNETWORKS

Requested by
https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	phishing	Wells Fargo & Company

HTTP Headers

POST /dti_apg/api/imp/v1.0/report/?x HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
content-type: text/plain;charset=UTF-8
Content-Length: 296
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:2$_ss:0$_st:1691233216787$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTYyYYgt2y%2FG8CmqtBqni%2FRkJq3d%2BgKb50YT%2BxWlpag%3D%22%2C%22_s%22%3A%22RhtYaJZE7CrPUQPX5gQRmX7%2B%22%2C%22c%22%3A%22OUt1QTdxVmNuU2ltTEVsQw%3D%3DX6Nv1Qc1fWgGizUeeeMwf8gPqVRSsYpZkoZnWgrvHY7hger_3y05DfRsFbsQoKtyoIGZ82ZZwvJCVzUTAap-MAjDdmzh-NkSZH8%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbwkzmQAAAAAqXBWD5n0EfFH0BY7rZYQ%22%2C%22diB%22%3A%22AcqJRvpzfD724TiLeTUSJCk5Kh9nDZLN%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22alWL3wBgy-7gOMmdC8pZ1A%3D%3D5z_DAf2DzcmqZwDA35eZKEDK4nICWUAzdsXGNGEVOpdGOgxNHkx9aa30HncXqAACQRfvSUPHFVIKfaAgamFJo3sT_YgcXUQS5r3rKNLk9eQt8-g6O2nZGc36A4YGr-baNzF8niOPnp8iQmiYvmdIGMC_1d3MoMIXzs5_e1TpdZDndcLjDtCc7jqC%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VfB%2FeZ7hmi1nUL8E4%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C81449951351949728815155355947144261027%7CMCOPTOUT-1691238616s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ISD_WCM_COOKIE=!uXrNF+FWaiBXN5sMntjHYqEj2JIOPHw4E7R4zCQRpCwbvjHmXhrf1YA0jsXmwf7GIz2jgZwIUbi4hm0=; _cls_v=53ffcf32-88c7-487e-858d-b712f3828a78; _cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0; _gcl_au=1.1.153719203.1691231417; _ga=GA1.2.943158742.1691231418; _gid=GA1.2.636550239.1691231418; _gat_gtag_UA_107148943_1=1; ADRUM_BTa=R:27|g:6af3f1bf-f2ba-4fd1-b88f-8e0b2f9c7419|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:64; ndsid=ndsa08grcaem2zvrlkxviqlj; _imp_di_pc_=AbwkzmQAAAAAqXBWD5n0EfFH0BY7rZYQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:27 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=AvjWu4qW61OlleUPzNNUAmPWK6E7gq8QVzJTaVhqBsGsa7IKVuJnPD9ARL+YD6fq; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:27 GMT;Httponly; Secure
_abck=FB6571CD78DA4F20473D744991286E7A~-1~YAAQTpbvUAej3LuJAQAAcJ0/xQruMIJrXvqJpa1nJFJm6Gaw/S7pGaGcD9f0rG0HwZwBuWscm29iNBABNsZexsx4T97OxVXYxi8v7NGNKLk8YkZRbE1czbktJGSfrsvKM7ndT6lTQuNRuOaOjUV2Aw0+HLvPlBStRlF678mjdxaxZBQVlXq8QmzgZs1gEGS/+objtjRrdIsBFQEiuIRkOQG4fexU0Yc/fzs1SkISXAOKP9eS1vqLDHzt8HOeLrV1FCo1mUtyGPADMwlKwc98r94SaNaBlKWj8O22hl+6C3RZPxswAdmUX1YQGYTH6hM5BeUd3pyw3gj0GXLUoHkcy1hGGhvjGyQUG0nL74NQk6AyCxkDdBsmk/CUPnXYCEtl~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:27 GMT; Max-Age=31536000; Secure
bm_sz=C306C9E528A488D7D0E3B4B8277770DD~YAAQTpbvUAij3LuJAQAAcJ0/xRSKAAMenL2+MnLEEhzILjnikleI6NUia/uJSrtIJhdbfaYYTxpGApzaQO9Qaf8YMv0QY9Uea/F9tR/Mq6V3eM0EAsSo6jdqKJqCfzIL3w1KChoUSux+IOx3blro3FwDb7KLa9zUo68kVe6vKXmf9qNuC4C6vcg7YK/lC9CRgbcEW1ubdeRt7fkldmjSigeEt7L9hguNuMmglDaI/4SNXiEq4WacrGafgwZgPJn9vETaa5uLb2ypdkb9N3KhtXNrJ8W7wxp9pstzY8dcUhR0prJoI945~3556151~4534596; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:27 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01cnE31:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24c3_VM-ARN-01cnE31_27983-37582

rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0&_cls_v=53ffcf32-88c7-487e-858d-b712f3828a78&pid=a05a020f-95de-4880-a9a5-01f0b6a72321&sn=1&cfg&pv=2&aid=

23.36.79.18

1.0 kB

URL
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0&_cls_v=53ffcf32-88c7-487e-858d-b712f3828a78&pid=a05a020f-95de-4880-a9a5-01f0b6a72321&sn=1&cfg&pv=2&aid=
IP
23.36.79.18:0
ASN
#20940 Akamai International B.V.

Certificate
IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (4264), with no line terminators
Size
1.0 kB (1042 bytes)
Hash
0a3de1fc6e459863851ae3073c903407
ae7dd2ee0b1fedb980d9504bce8df3f266193b0e
bc80bb07b77b4f492f5d02984c16bbc07d7ea019ea49ccc0000ec1ede25419cd

HTTP Headers

POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0&_cls_v=53ffcf32-88c7-487e-858d-b712f3828a78&pid=a05a020f-95de-4880-a9a5-01f0b6a72321&sn=1&cfg&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 2802
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=c31911bd; _cls_v=53ffcf32-88c7-487e-858d-b712f3828a78; _cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1042
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sat, 05 Aug 2023 10:30:29 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=c31911bd; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!sw/0m492wwLkMLnpnNE5eVRfS7HzY3kHVQSyRSa//QwfhcdFk2znRgZ6a0KH7AgX9uv/Fh/Se1IJYA==; path=/; Httponly; Secure
DCID=%2fBTQ+QH+QCQrV7HCSsUpuuOBndL3F197O7LXLWcCa7abUKWa4ksc1AV5TyuSTE0y; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

23.36.79.9

1.0 kB

URL
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0&_cls_v=53ffcf32-88c7-487e-858d-b712f3828a78&pid=a05a020f-95de-4880-a9a5-01f0b6a72321&sn=2&cfg&pv=2&aid=
IP
23.36.79.9:0
ASN
#20940 Akamai International B.V.

Certificate
IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (4264), with no line terminators
Size
1.0 kB (1042 bytes)
Hash
0a3de1fc6e459863851ae3073c903407
ae7dd2ee0b1fedb980d9504bce8df3f266193b0e
bc80bb07b77b4f492f5d02984c16bbc07d7ea019ea49ccc0000ec1ede25419cd

HTTP Headers

POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0&_cls_v=53ffcf32-88c7-487e-858d-b712f3828a78&pid=a05a020f-95de-4880-a9a5-01f0b6a72321&sn=2&cfg&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 34417
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=c31911bd; _cls_v=53ffcf32-88c7-487e-858d-b712f3828a78; _cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1042
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sat, 05 Aug 2023 10:30:29 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=c31911bd; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!OHZ3/7+8vCDWLyR54TfMmyz5FQ342d7fLqwlg6AShVjFgarziAK5sBNG/cPtgip9ZBFsbn2bb3Z2Iow=; path=/; Httponly; Secure
DCID=6xOFEgLx9qf8EZKmI1E4FM7UzX7mCrkpUtmu0gL5qLs%3d; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

23.36.79.18

163 B

URL
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0&_cls_v=53ffcf32-88c7-487e-858d-b712f3828a78&pid=a05a020f-95de-4880-a9a5-01f0b6a72321&sn=3&cfg=c31911bd&pv=2&aid=
IP
23.36.79.18:0
ASN
#20940 Akamai International B.V.

Certificate
IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
163 B (163 bytes)
Hash
0b6b0fc93eb33fc21c54360f02f227a8
98b1693d6422093d03c60a8b0a9980d958507356
ebc5094392501fc48f5f86506101a03378945208b9fe42adc003f4b42668a159

HTTP Headers

POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0&_cls_v=53ffcf32-88c7-487e-858d-b712f3828a78&pid=a05a020f-95de-4880-a9a5-01f0b6a72321&sn=3&cfg=c31911bd&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 11437
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=c31911bd; _cls_v=53ffcf32-88c7-487e-858d-b712f3828a78; _cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 163
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sat, 05 Aug 2023 10:30:29 GMT
Connection: keep-alive
Set-Cookie: ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!HPjko885Cdiq8isq/D2JHXmrrcNtC+UMYtRRZ6+3jzS4ZO5jO+zGbsDVXnPvAk0+kWEafkJOTyuD2w==; path=/; Httponly; Secure
DCID=M3Gw2LyiZZQfhyUdIZTbZOpLMNH3mPrFRWdb7H+BNpKdosyqDXju+ZZ95jZwui8E; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50

44.241.221.162

200 OK

26 B

URL GET HTTP/2
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
IP
44.241.221.162:443
ASN
#16509 AMAZON-02

Requested by
https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate
IssuerDigiCert Inc
Subject*.eum-appdynamics.com
FingerprintD1:05:1E:84:AD:7B:48:5B:E9:4C:78:9A:8B:60:B4:3D:FA:93:A8:DE
ValidityWed, 14 Jun 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
26 B (26 bytes)
Hash
6a43099d5c8fe991a7aa7ebaca53069d
5bce2f0d57305c58c7b05bfce29ebb39a18f5570
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

HTTP Headers

GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 05 Aug 2023 10:30:20 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
strict-transport-security: max-age=31536010; includeSubDomains
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (27)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by