Report - www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/

Report Overview

Submitted URL
www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
IP
163.171.134.56
ASN
#54994 QUANTILNETWORKS
Submitted
2023-02-05 00:35:15
Access
Website Title
Final URL
Tags
wellsfargo financial phishing
urlquery detections
Phishing - Wells Fargo

Detections

urlquery
17
Network Intrusion Detection
0
Threat Detection Systems
92

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.8 kB	63 kB	34.120.237.76
dpm.demdex.net	204	2012-05-22T07:45:05Z	2023-03-13T05:18:25Z	1.4 kB	2.3 kB	52.18.15.195
connect.secure.wellsfargo.com	11812	2017-01-31T16:32:35Z	2023-03-13T06:46:24Z	5.8 kB	617 kB	23.36.79.24
2549153.fls.doubleclick.net	30024	2015-01-13T00:13:33Z	2023-03-13T06:46:25Z	784 B	1.1 kB	142.250.74.70
adservice.google.no	96969	2018-06-20T01:38:38Z	2023-03-13T05:09:46Z	749 B	724 B	142.250.74.98
media-wellsfargo.nod-glb.nuance.com	28807	2018-12-21T18:46:00Z	2023-03-11T07:06:55Z	2.8 kB	431 kB	8.39.193.5
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
www17.wellsfargomedia.com	76964	2021-07-19T14:03:45Z	2023-03-13T06:46:23Z	16 kB	591 kB	104.110.27.78
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-13T08:22:43Z	680 B	1.9 kB	104.18.32.68
tag-wellsfargo.nod-glb.nuance.com	25312	2018-12-12T21:59:35Z	2023-03-11T07:06:55Z	21 kB	19 kB	8.39.193.5
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
www--wellsfargo--com--t249329d48d6c.wsipv6.com	unknown	2022-08-26T10:45:23Z	2023-03-11T01:53:47Z	68 kB	679 kB	163.171.134.56
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	52.40.49.56
static.wellsfargo.com	12306	2015-03-14T23:03:25Z	2023-03-13T06:46:23Z	7.3 kB	491 kB	95.101.10.120
wellsfargobankna.demdex.net	10546	2017-02-13T10:09:43Z	2023-03-13T06:46:24Z	562 B	1.2 kB	52.211.241.210
rubicon.wellsfargo.com	11786	2019-12-17T21:15:25Z	2023-03-13T06:46:24Z	1.5 kB	3.0 kB	23.36.79.9
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	2.7 kB	5.6 kB	142.250.74.163
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.0 kB	8.0 kB	23.36.77.32
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	2.0 kB	4.5 kB	93.184.220.29
adservice.google.com	76	2021-02-20T17:10:48Z	2023-03-13T08:49:52Z	757 B	895 B	142.250.74.98
pdx-col.eum-appdynamics.com	4816	2018-10-26T09:20:40Z	2023-03-13T07:30:31Z	1.1 kB	19 kB	52.35.53.194
ocsp.dcocsp.cn	33518	2018-11-07T14:15:36Z	2023-03-13T06:54:43Z	338 B	1.1 kB	47.246.44.231

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-02-04	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company
2023-01-28	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/	Wells Fargo & Company

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-05	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/	Phishing
2023-02-05	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js	Phishing
2023-02-05	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE	Phishing
2023-02-05	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js	Phishing
2023-02-05	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single	Phishing
2023-02-05	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE	Phishing
2023-02-05	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/target/offers/conversations	Phishing
2023-02-05	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js	Phishing
2023-02-05	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE	Phishing
2023-02-05	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE	Phishing
2023-02-05	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA	Phishing
2023-02-05	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/as/target/offers/dispositions	Phishing
2023-02-05	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/as/target/offers/dispositions	Phishing
2023-02-05	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/as/target/offers/dispositions	Phishing
2023-02-05	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/as/target/offers/dispositions	Phishing
2023-02-05	medium	www--wellsfargo--com--t249329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (40)

	URL	Size	First Seen	Last Seen
	static.wellsfargo.com/tracking/ga/ga.js	49 kB	2023-03-07	2024-05-06
Pretty URL static.wellsfargo.com/tracking/ga/ga.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-05-06 16:06:29 Times Seen4888 Hash 8402e9ebdf9290c018b0617018227681 2d840fcd6c3008d9aca747ba0ce056b496db8e1b 0b2af045acafbdf14516bf55f310568036ace959946d16edb1acebcd58029d22 Loading...

	connect.secure.wellsfargo.com/jenny/nd	54 kB	2023-03-13	2023-03-13
Pretty URL connect.secure.wellsfargo.com/jenny/nd IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:10:51 Last Seen2023-03-13 17:10:51 Times Seen1 Hash 790dd4b4a356968187969a9a227d34b7 cb4a5e48e17010be240971adabcc533307ced16b b90bcb2cbebd59f6db27dc4be638d2349bd443695fc0789642d088677a78d192 Loading...

	media-wellsfargo.nod-glb.nuance.com/media/launch/site_10006005_default_helper.js?codeVersion=1674015550273	448 kB	2023-03-13	2023-03-13
Pretty URL media-wellsfargo.nod-glb.nuance.com/media/launch/site_10006005_default_helper.js?codeVersion=1674015550273 IP 8.39.193.5 ASN #54396 NUANCE-MOBILITY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 01:57:34 Last Seen2023-03-13 19:21:28 Times Seen1 Hash 1789292f06b653cbd3de4b14061d04fc c59aff2ff7d13c29b6e30fd487a4db966f904f5d 1fdc21301ad224f64b50047230a017c6cde0aa5b5e17a59ab3da8042915b782a Loading...

	www--wellsfargo--com--t249329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js	56 kB	2023-03-13	2023-03-13
Pretty URL www--wellsfargo--com--t249329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 04:40:03 Last Seen2023-03-13 21:00:17 Times Seen1 Hash 028a0ec60337d7d6a49c6baacaa801e6 cfd612e1bbeeda3696a9cc52503e13fa2ab72706 05ff4533e59b921ef2faff5383e4153068835d2cb0011300dec251779ef29883 Loading...

	www--wellsfargo--com--t249329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single	11 kB	2023-03-13	2023-03-13
Pretty URL www--wellsfargo--com--t249329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:10:51 Last Seen2023-03-13 17:10:51 Times Seen1 Hash d1502adebe726372a57bdd3f92a42a76 49b69caf0fc997aa3971def5c61984d7a8308a10 068a09acd8d6c1e56f58737fd379f1897209ffcdfbbd22c5c01f4a677e6d455e Loading...

	static.wellsfargo.com/assets/js/wfui/ndep/js/nuan-c2c.js	23 kB	2023-03-07	2023-06-29
Pretty URL static.wellsfargo.com/assets/js/wfui/ndep/js/nuan-c2c.js IP 95.101.10.120 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2023-06-29 15:24:08 Times Seen72 Hash f320653366aae1336b9a1c0547ea97b9 8c87c242b3bf13c2558679bd936123a5e6069da5 e02ff12dc676cc581ade44548d917c7df10e14c6a7b6373dbf1b67a7b352108a Loading...

	static.wellsfargo.com/tracking/gb/detector-dom.min.js	440 kB	2023-03-08	2023-04-13
Pretty URL static.wellsfargo.com/tracking/gb/detector-dom.min.js IP 95.101.10.120 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:19:07 Last Seen2023-04-13 08:50:50 Times Seen267 Hash d980391562cb88335867228eb62355e0 ee7af0c08ee43ff66f6bba09c08852f7b3859a42 313c07f6e4facc5730db27563c4aeaad1a86126333d448e47c7b29adb1f806fd Loading...

	static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js	45 kB	2023-03-07	2024-05-06
Pretty URL static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js IP 95.101.10.120 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-05-06 16:06:29 Times Seen4870 Hash 5f310e2e2a558d76b916e137aee73462 c7ff0190c9c2c414321211f3863e9e27f32b713e 385196f0fce7cea80c2c99d971780ecb73df9dea6e5b2d95d19df3aa849c7b1f Loading...

	static.wellsfargo.com/tracking/ga/ga_conversion_async.js	36 kB	2023-03-07	2024-05-06
Pretty URL static.wellsfargo.com/tracking/ga/ga_conversion_async.js IP 95.101.10.120 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-05-06 16:06:29 Times Seen4906 Hash 0a40602db7616a31c9da4548ee920190 878e01cb0c90cb247aabc137327655a6fcffcbd5 6c771bd1c269646a76015f2f6410a40c031e5adea88f665bfe9ae15a972ab6ab Loading...

	connect.secure.wellsfargo.com/auth/static/prefs/atadun.js	1.2 kB	2023-03-07	2024-05-02
Pretty URL connect.secure.wellsfargo.com/auth/static/prefs/atadun.js IP 23.36.79.24 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-02 19:31:36 Times Seen4759 Hash 566dda94252f1860a7a28665c715b530 6aa0455dc8ea41441b1f3a733985758dc40af736 43dd833f33570535401d009e6b6f9cde54bdac4e210fc6c89cfdcfcbaa9fc903 Loading...

	connect.secure.wellsfargo.com/PIDO/pic.js?r=0.05585195599527393	90 kB	2023-03-13	2023-03-13
Pretty URL connect.secure.wellsfargo.com/PIDO/pic.js?r=0.05585195599527393 IP 23.36.79.24 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:10:51 Last Seen2023-03-13 17:10:51 Times Seen1 Hash c3d012ee285bea5f3c7bf9fc49640920 1f1f18541d0cca3cc89f23b326af714d30ff79b7 a475d9d4338f83a8f2f98f61882e0df20e99e02f302efa928b837b53f8ddc49a Loading...

	media-wellsfargo.nod-glb.nuance.com/media/launch/sdkChatLoader.min.js?codeVersion=1674015550273	7.1 kB	2023-03-07	2024-03-28
Pretty URL media-wellsfargo.nod-glb.nuance.com/media/launch/sdkChatLoader.min.js?codeVersion=1674015550273 IP 8.39.193.5 ASN #54396 NUANCE-MOBILITY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2024-03-28 17:44:18 Times Seen68 Hash 91a3833ccffbae0b31a6cca516216880 9284e1bb265d09e17e10407f280072b9d938bec5 182475449b1dc308c4d183fe50d348ab2f4e882aac99c0945762629c9fe65f9d Loading...

	www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/	126 B	2023-03-07	2024-05-06
Pretty URL www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/ IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-06 16:06:27 Times Seen2474 Hash f1b0375ca8995f583d4f31df97c9e172 d901e5604947f5b57d3bda7a78e92cdcef0439ec a6117a82be9fcdf7e808ce5f2a8b37a4b0dc1dd7052feb6088fc72f32503343d Loading...

	static.wellsfargo.com/assets/js/wfui/ndep/js/nuan_websdk_bootstrap.js	149 kB	2023-03-08	2023-05-10
Pretty URL static.wellsfargo.com/assets/js/wfui/ndep/js/nuan_websdk_bootstrap.js IP 95.101.10.120 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:41:37 Last Seen2023-05-10 14:57:32 Times Seen65 Hash 298ef372a1456ccb70ec28a8d34286d5 eb899110cd52492d73700e4f6a8a8b69de1f6c4a 6335202de7afbdb826ddbf8d91220ad146b8d98e4cf14e8d09ab24c3545fe713 Loading...

	connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js	1.2 kB	2023-03-08	2023-03-13
Pretty URL connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js IP 23.36.79.24 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:55:54 Last Seen2023-03-13 18:26:06 Times Seen1 Hash 439057c862d1967b1aeeacd491fb6d6a 5a7e1d2191e546aea4ff59a752a834afc89890c0 ae212a56fa9bf5613e72d1d44ca54d5ac9854447f3a537f5b148064e8ab7083e Loading...

	connect.secure.wellsfargo.com/AIDO/glu.js	70 kB	2023-03-13	2023-03-13
Pretty URL connect.secure.wellsfargo.com/AIDO/glu.js IP 23.36.79.24 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:10:51 Last Seen2023-03-13 17:10:51 Times Seen1 Hash 5702b335df3aa6208403877941a50d88 a5a851a758f5daeb818995a8d349df625b84e4df ae8d27cb959230944989ef4526834554c0bbd243709493f398ab9019adf07fdd Loading...

	unknown	0 B	2023-03-07	2024-05-08
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-08 23:02:22 Times Seen37450328 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js	48 kB	2023-03-07	2024-05-06
Pretty URL static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js IP 95.101.10.120 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-05-06 16:06:29 Times Seen4881 Hash aeccb854b0a76aa9f478e466c8011b29 625d31cbeb8978cf2419f58d14bba92a42dbb45c 7f0d10bc282c3d7b0eb4d7527303490f8d3b86a1c65e293c2d9f0793006441e6 Loading...

	static.wellsfargo.com/tracking/ga/ec.js	2.8 kB	2023-03-07	2024-05-06
Pretty URL static.wellsfargo.com/tracking/ga/ec.js IP 95.101.10.120 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-05-06 16:06:29 Times Seen4663 Hash 0ae62a83927125e9b9dfa97f89af9d3f efb68f49f2b9b6b5567bf26a17015ede289e429d 618688d9849fef712931832c71e01be145d1791d6da917a702ab86a74ce66089 Loading...

	connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.10431191855408595	272 kB	2023-03-13	2023-03-13
Pretty URL connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.10431191855408595 IP 23.36.79.24 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:10:51 Last Seen2023-03-13 17:10:51 Times Seen1 Hash b499be85738028e483e0281c4f281fe1 edaca45accc3c4abc7f84cf6408824ab575427df e3f26a9407889759c210a1bc1c778b74fc3beecc70873bb57aa8c1754c61d46b Loading...

	tag-wellsfargo.nod-glb.nuance.com/tagserver/postToServer.min.htm?siteID=10006005&codeVersion=1674015550273	21 kB	2023-03-07	2023-07-06
Pretty URL tag-wellsfargo.nod-glb.nuance.com/tagserver/postToServer.min.htm?siteID=10006005&codeVersion=1674015550273 IP 8.39.193.5 ASN #54396 NUANCE-MOBILITY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:04 Last Seen2023-07-06 01:44:31 Times Seen101 Hash ceff19d6f6c2b1a641348fe75922e31d 0f49f9408d2499018f89a9c651dbeb869120ae64 7455230adb5d30b14d3ce23c11e2937451ce1eecb55a592703bbcd2044711cea Loading...

	static.wellsfargo.com/tracking/hp/utag.js	206 kB	2023-03-13	2023-03-13
Pretty URL static.wellsfargo.com/tracking/hp/utag.js IP 95.101.10.120 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:28:05 Last Seen2023-03-13 22:20:55 Times Seen1 Hash efd2380ecf94446243bd3502483359fb c7cc23288e4d64e43a6e12b12a914eb7927e8e28 46a101f6a8cd0c3d3b1e9a30a9f3aafff13a9b47d6dae277a493cfe12fa0c844 Loading...

	static.wellsfargo.com/assets/js/wfui/ndep/websdk/nuance-websdk-loader.js	42 kB	2023-03-08	2023-03-13
Pretty URL static.wellsfargo.com/assets/js/wfui/ndep/websdk/nuance-websdk-loader.js IP 95.101.10.120 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:41:37 Last Seen2023-03-13 19:21:28 Times Seen1 Hash 4b567a90733070ba71971ee3e390d93f 53c1b3adcf6f237fcc01c86334353facbe5ccc35 525ee88b19f07036bf27010d9e625893322160c9166b5abc2a1f180909fd0355 Loading...

	media-wellsfargo.nod-glb.nuance.com/media/launch/site_10006005_default_jssdk.js?codeVersion=1674015550273	145 kB	2023-03-13	2023-03-13
Pretty URL media-wellsfargo.nod-glb.nuance.com/media/launch/site_10006005_default_jssdk.js?codeVersion=1674015550273 IP 8.39.193.5 ASN #54396 NUANCE-MOBILITY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 01:57:35 Last Seen2023-03-13 19:21:28 Times Seen1 Hash a4411526dd79cc022057ac7ae2b447ad 872523c11e907c2241a4a0faa01dcb2e09c3af3f 587c3660ab03d4c4bcc418ccb456d93f0cf2d7237c8350a6bbee7c2a25559deb Loading...

	www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/	306 B	2023-03-07	2023-04-05
Pretty URL www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/ IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2023-04-05 02:01:42 Times Seen260 Hash bf7d1aee3b865a6842835bce8c0a0685 c5213d92fbf617eec79bcade5d93355daf5f199f a14e4c94d8fddca88038c337df0f10bc9bc25460c913bdb20c064ac48ca545a8 Loading...

	www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/	389 B	2023-03-13	2023-03-13
Pretty URL www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/ IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:10:51 Last Seen2023-03-13 17:10:51 Times Seen1 Hash ac6498dfdaed00dd9e4986b21b213765 b19f297734f9b641a1151271ddfd2639568fc5c5 83afcacdfcd51ab5a61811b60ee4e43e96e16b41bd68d4be47ba8ba8da05b1a9 Loading...

	www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/	114 B	2023-03-08	2023-04-13
Pretty URL www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/ IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:59:53 Last Seen2023-04-13 08:50:12 Times Seen270 Hash 365ddb72c37cebb912aa0592fee6d67b 4db151969054fda826b478c23c47ca594d1aefdf 3ee0b2776fac2745ea071d2476528f6190f67abe0491ce74aedbb02f2bd7e0b6 Loading...

	media-wellsfargo.nod-glb.nuance.com/media/launch/tcFramework_jssdk.min.js?codeVersion=1674015550273	532 kB	2023-03-10	2023-03-29
Pretty URL media-wellsfargo.nod-glb.nuance.com/media/launch/tcFramework_jssdk.min.js?codeVersion=1674015550273 IP 8.39.193.5 ASN #54396 NUANCE-MOBILITY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 05:27:02 Last Seen2023-03-29 22:00:36 Times Seen46 Hash 55e7be3a505a9402ebd3164bf94c7316 d85ccdf4b799d0d72dfa8922cb0ab9be22c23d51 b54bffddea96813d8f31ae2bebc1990653283a9617a543d0c0b417f66c697f82 Loading...

	www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/	199 B	2023-03-07	2024-05-06
Pretty URL www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/ IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-06 16:06:27 Times Seen2472 Hash e086f28166bf73bc94e3cd49222ba6b3 e672fcd875785616f34372b6dd2a8245edbd0ca6 268683f78bf540a4628d352b35364a4405e8f1693eaee6a34e081045b1f95e54 Loading...

	www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/	252 B	2023-03-07	2024-05-06
Pretty URL www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/ IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-06 16:06:27 Times Seen2502 Hash 4f6526fc5cfbf8f77c674e5cb40c36d6 94bb860d263ab388eea733a7a0e7fc00717d0637 06249a30772721e1f681be4a0d74c05a58b36a266c273eafdbe86ebcca83aabc Loading...

	static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js	32 kB	2023-03-07	2023-11-04
Pretty URL static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js IP 95.101.10.120 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2023-11-04 00:29:39 Times Seen29 Hash 162100f507af8b50f1406bf3fc405ce5 cf0a2bf9b914710962e0dd7899b93ba5ceb5134d e9a598a5cc23c24a8ecc364ed7413961e416f5e9ec3df513ad9a12cda625a279 Loading...

	www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/	695 B	2023-03-07	2023-03-26
Pretty URL www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/ IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:04 Last Seen2023-03-26 13:09:33 Times Seen18 Hash 899837b2f1e8a81797ae37ad361488d3 0f4abcaeceb40790ea9341b6f43328a983e8428f ab4f57987919925eaadb2fa2eb5e82798300b1b7aaab2066b875f8cded107873 Loading...

	tag-wellsfargo.nod-glb.nuance.com/chatskins/launch/inqChatLaunch10006005.js?chatVersion=sdk	5.2 kB	2023-03-13	2023-03-13
Pretty URL tag-wellsfargo.nod-glb.nuance.com/chatskins/launch/inqChatLaunch10006005.js?chatVersion=sdk IP 8.39.193.5 ASN #54396 NUANCE-MOBILITY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 01:57:34 Last Seen2023-03-13 19:21:28 Times Seen1 Hash f10b5a392c98a08c99d3bcbb5999304e d562f16db3fcd54261939052ac4416f5a6a7e917 1d96851e2908ba02019127cec6f87c66bb9d3c0957d6918638e0a8bcb75fe52b Loading...

	tag-wellsfargo.nod-glb.nuance.com/tagserver/frame-bridge.js	28 kB	2023-03-08	2023-06-29
Pretty URL tag-wellsfargo.nod-glb.nuance.com/tagserver/frame-bridge.js IP 8.39.193.5 ASN #54396 NUANCE-MOBILITY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:41:37 Last Seen2023-06-29 15:24:08 Times Seen72 Hash fee3c44553151f3adad603f3fbf70081 91e1bf1b18c9b83fa36c17dd1567b85c653a0b12 2ca980db17561aeb7beece18426d664f0ab09675080cb9934f33c941c9bde5b8 Loading...

	connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBJWXRTZldQVXM5WWZrMnl6MFlqK091SmMreWdVdjlHRHk2Vy8vNWFQUGo0dGw1eklKcmVGL3N4cnExNmYwRDNONWM0ZHRFcTJ5MGNrOEFvQktDS3dTZS9BcDhYb2Vqb3VGY2RScy9zVXZabWhKanMrdjcrbUlyeFlWV2Y4VmViMTF3TzhibFRJM1R2SWs5anIwREVrSGlFR3JmVXpzTDRxRnN1djcyRi9PRHJTbFQvRUtaL2NFU1UyOHRuY1VRUnVzRnA1SnFVUTNyZGpaTTdvOUZwTGliemw2alJHUHl5cThma2lsQUttdmNacCt5dVRyMnNlYUtNRHhzMHhPL0tMdFBVYU1RRmkwQUpuTFBtNWN5QzVrT1V5aElBZXcrakh1WUVzWS9GTTh0Q2VaZz09fDEzZDk3ZDc3YTg3YTc3YjkxZmZkOTRjMWY0ODMzNTU3NDg3MzNhMTBiYTgzOTZhMTU3OWIxMjZiMTQ2ZjQzZGZkNGQ0YTRhNjE1YTU5MDQ1Yjk4ZDQzNzE4Y2QxY2Q5YTc1YzJhMWQ5NDRhZWNkZjlmYjM1NzkzYzUwNmE2Y2ZkZDAxNWE2ODdlZTllYjYwODFiOTAyZDYyN2ZlM2YxMmZjODhlYjUzMjUwYzY1MDk3Y2NkYzdhNTRlNGE2NTY2ZjU5MDMyYWQ4MGRlYWY2ZDA5ODFkMjBmNzRmMzA0YmMzMDk4MTVlY2U3YTdlZmE3ODVjOTc2M2IwOWNlYmEzNTMwYmNmMDdhMzAzY2ZhZGY2YjZhOGNjNjM4MjQwYmE5ZTBmY2VmODIzM2Y1YjA0ZTU3YjA3MDdkMWZhMTc0MTkyMjgxYWYxZWYzODg2ODYxMWM3Y2JhODg2MGY1YzgyM2JlOWNmYThkMGRiMjdkYzMxOWU1MDBiMWNjODM4NzhkOGQxMGUxYThkYjUxYWM4ODliZTQ0NjlmZDgyNGY5YTJhM2ZjODRiODAxMDFkMjY0N2Y2YzVmMzlmMDczMjdjOWUwMzM4NTEzMzk2ZjQxOGZjZjIxZjAyNWY4NTAxZDU0ZjMzNWEzZGI5ZDA3NmQ5MzM2MjZmZWE2NGZjYWRiZjNjfDAwZWUwYjYyZWNhYWM4OWY%3D&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com&t=jsonp&c=ipsdlovffdwyxo_b&eu=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F	90 B	2023-03-13	2023-03-13
Pretty URL connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBJWXRTZldQVXM5WWZrMnl6MFlqK091SmMreWdVdjlHRHk2Vy8vNWFQUGo0dGw1eklKcmVGL3N4cnExNmYwRDNONWM0ZHRFcTJ5MGNrOEFvQktDS3dTZS9BcDhYb2Vqb3VGY2RScy9zVXZabWhKanMrdjcrbUlyeFlWV2Y4VmViMTF3TzhibFRJM1R2SWs5anIwREVrSGlFR3JmVXpzTDRxRnN1djcyRi9PRHJTbFQvRUtaL2NFU1UyOHRuY1VRUnVzRnA1SnFVUTNyZGpaTTdvOUZwTGliemw2alJHUHl5cThma2lsQUttdmNacCt5dVRyMnNlYUtNRHhzMHhPL0tMdFBVYU1RRmkwQUpuTFBtNWN5QzVrT1V5aElBZXcrakh1WUVzWS9GTTh0Q2VaZz09fDEzZDk3ZDc3YTg3YTc3YjkxZmZkOTRjMWY0ODMzNTU3NDg3MzNhMTBiYTgzOTZhMTU3OWIxMjZiMTQ2ZjQzZGZkNGQ0YTRhNjE1YTU5MDQ1Yjk4ZDQzNzE4Y2QxY2Q5YTc1YzJhMWQ5NDRhZWNkZjlmYjM1NzkzYzUwNmE2Y2ZkZDAxNWE2ODdlZTllYjYwODFiOTAyZDYyN2ZlM2YxMmZjODhlYjUzMjUwYzY1MDk3Y2NkYzdhNTRlNGE2NTY2ZjU5MDMyYWQ4MGRlYWY2ZDA5ODFkMjBmNzRmMzA0YmMzMDk4MTVlY2U3YTdlZmE3ODVjOTc2M2IwOWNlYmEzNTMwYmNmMDdhMzAzY2ZhZGY2YjZhOGNjNjM4MjQwYmE5ZTBmY2VmODIzM2Y1YjA0ZTU3YjA3MDdkMWZhMTc0MTkyMjgxYWYxZWYzODg2ODYxMWM3Y2JhODg2MGY1YzgyM2JlOWNmYThkMGRiMjdkYzMxOWU1MDBiMWNjODM4NzhkOGQxMGUxYThkYjUxYWM4ODliZTQ0NjlmZDgyNGY5YTJhM2ZjODRiODAxMDFkMjY0N2Y2YzVmMzlmMDczMjdjOWUwMzM4NTEzMzk2ZjQxOGZjZjIxZjAyNWY4NTAxZDU0ZjMzNWEzZGI5ZDA3NmQ5MzM2MjZmZWE2NGZjYWRiZjNjfDAwZWUwYjYyZWNhYWM4OWY%3D&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com&t=jsonp&c=ipsdlovffdwyxo_b&eu=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:10:51 Last Seen2023-03-13 17:10:51 Times Seen1 Hash ed04de5bb855bf73eb5c03cd195c4c2c 09ab09fdfac3305681f59c0d6c7ee115acac355c 64fe53297118bfb420ccd27555a05673e5975acde867e8b5ace2613b22b54954 Loading...

	www--wellsfargo--com--t249329d48d6c.wsipv6.com/5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE	187 kB	2023-03-13	2023-03-26
Pretty URL www--wellsfargo--com--t249329d48d6c.wsipv6.com/5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:22:02 Last Seen2023-03-26 01:39:37 Times Seen2 Hash a6d7dc9f03c7459d2fa0d53e90ae1039 f9d05e9731458d8a8606afae9ff71ef4a227a569 233a5cb7ccfbad3e40b0984592960920bdcf915fd9d987ae3d5ebabcb32e86c5 Loading...

	static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js	2.0 kB	2023-03-07	2024-05-06
Pretty URL static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js IP 95.101.10.120 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-06 16:06:28 Times Seen4784 Hash e7cf4c458b327ab7ed31e0936ccd404f 970bf05073f91ad6b8f21521f7c9886f71f2af1d 52b687a685d2239142be0db5335c5710951ba8c2b39a44431a40f156b4d9312d Loading...

	www--wellsfargo--com--t249329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AEDT-h6GAQAAiSX4i8OdzQm3GT96YNvx8m8oKIoLT2rZua1RvqdSs7UjmY6C&X-G2Q3kxs3--z=q	265 kB	2023-03-13	2023-03-13
Pretty URL www--wellsfargo--com--t249329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AEDT-h6GAQAAiSX4i8OdzQm3GT96YNvx8m8oKIoLT2rZua1RvqdSs7UjmY6C&X-G2Q3kxs3--z=q IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 17:10:51 Last Seen2023-03-13 17:10:51 Times Seen1 Hash 5a2355718bf7cd93526c16abeb7231d9 ec46b059428c91ab0632c5d2d4eb215c46809a35 41c0c2a3862930602b92d63b22d56c5fb841e14ade511b137c3c08b98fd8aa29 Loading...

	www--wellsfargo--com--t249329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js	538 kB	2023-03-08	2023-03-13
Pretty URL www--wellsfargo--com--t249329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js IP 163.171.134.56 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:03:38 Last Seen2023-03-13 19:24:38 Times Seen1 Hash 2527531002b85960239d82afa22c7acb 602fb4f7cec1213a27fca1773c78af27678475e4 58020c2639ef4df91190872d5dda8cb517fbdde491cb2fde718916b58f3b57d1 Loading...

	static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1	117 kB	2023-03-08	2023-09-21
Pretty URL static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1 IP 95.101.10.120 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:36:56 Last Seen2023-09-21 03:50:16 Times Seen11701 Hash 91c536ff4d2c8db1822702f866e60b08 3370d3721e28923f099da1985f718a88015975aa d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a Loading...

HTTP Transactions (153)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1cdc095521e9ee2606059be447d1fdd5
02b5d0a5b5823e2338daf7e144700babe2a213af
8bda3aabcf331c2bfcc4c7023cd797c760fd301dc353641bb95048e072f66c66

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDA3AABCF331C2BFCC4C7023CD797C760FD301DC353641BB95048E072F66C66"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4376
Expires: Sun, 05 Feb 2023 01:47:58 GMT
Date: Sun, 05 Feb 2023 00:35:02 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13035
Expires: Sun, 05 Feb 2023 04:12:17 GMT
Date: Sun, 05 Feb 2023 00:35:02 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20661
Expires: Sun, 05 Feb 2023 06:19:23 GMT
Date: Sun, 05 Feb 2023 00:35:02 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 23:36:16 GMT
content-type: application/json
age: 3526
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: +k5nsWFBoyqd6Ms59AweGMTneiVD2HQLWWW+m5AeuJxxGc/OTYu/0gZAWBG6VUBTXz/88MEZGD0=
x-amz-request-id: 08RD74767PR75EE1
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 00:24:14 GMT
age: 648
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 00:35:02 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 23:49:07 GMT
age: 2755
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.dcocsp.cn/

47.246.44.231

200 OK

471 B

URL HTTP/1.1
ocsp.dcocsp.cn/
IP
47.246.44.231:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
471 B (471 bytes)
Hash
542b45b64f14bdc7fd147142fea0b4aa
c32ce619bdcab43c88896ab236540f72f37ef468
bcfac699f38c8afb72b5f5200d7381677697c93b12eb134a55c90430fd2cd48a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Sat, 04 Feb 2023 23:53:07 GMT
Last-Modified: Sat, 04 Feb 2023 14:24:41 GMT
ETag: "63de6aa9-1d7"
Expires: Mon, 06 Feb 2023 14:24:41 GMT
Accept-Ranges: bytes
Ali-Swift-Global-Savetime: 1675554787
Via: cache21.l2de2[0,0,200-0,H], cache11.l2de2[1,0], cache3.se1[28,28,200-0,M], cache3.se1[29,0]
Age: 2515
X-Cache: MISS TCP_REFRESH_MISS dirn:1:278461071
X-Swift-SaveTime: Sun, 05 Feb 2023 00:35:02 GMT
X-Swift-CacheTime: 1085
Timing-Allow-Origin: *
EagleId: 2ff62c9716755573028397929e

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3494
Expires: Sun, 05 Feb 2023 01:33:17 GMT
Date: Sun, 05 Feb 2023 00:35:03 GMT
Connection: keep-alive

www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/

163.171.134.56

200 OK

20 kB

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (884), with CRLF line terminators
Size
20 kB (20152 bytes)
Hash
32a866043176ff70883d8ecd8b116b1d
26ff9ea6788a5231d7f8b162c718f0e47e697c5f
89c0b9bd7c5fb41d5d40df27e2dd964d8876c3a6deb2348edde756e0b2d71fe9

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

GET /es/ HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:1$_se:1$_ss:1$_st:1675557042436$ses_id:1675555242436%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|26536168839272335320436151831218815203; __ts_xfdF3__=407901679; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhtaaIVN9CrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22d0xDb0FBZmFONzRsSVlMRA%3D%3D56SWpV6yAE0gPfJZqeBpJVjork3wRrwgYTNsYh4-gea_OuU8kc42lUcnp5cOfHdTpEq0c8DnEMPZAJgRYru3mCqfr3ei1muSdgI%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:03 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 20152
Connection: keep-alive
Expires: -1
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-d874a69c-311f-4227-9308-43e00f061b2e' 'self' https://*.wellsfargo.com https://*.wfinterface.com;report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Content-Language: en-US
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Akamai-Transformed: 9 24325 0 pmb=mTOE,1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:a9651fea-e018-4e93-8418-71c23090c02d; Expires=Sun, 05-Feb-2023 00:35:33 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:0|g:a9651fea-e018-4e93-8418-71c23090c02d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 05-Feb-2023 00:35:33 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 05-Feb-2023 00:35:33 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206931; Expires=Sun, 05-Feb-2023 00:35:33 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206931|e:93; Expires=Sun, 05-Feb-2023 00:35:33 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=ES; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=1120230204163503127905435; domain=.wellsfargo.com; path=/; expires=2 Feb 2033 00:35:03 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==; path=/; Httponly; Secure
WesdAksn=A9Ny_x6GAQAA_Wu8zX-JpR9Qi1sXmiqOch5XQzN3l_d5oPOJHJyinbhpPHtwAaOrhiucuDv8wH8AAEB3AAAAAA|1|0|705aff119e3384b50c559f03a1c7c34900140657; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=poTu4Y8ydVuPKM0dsQJ6tLwjRT9VmvKCLpoes0imIEJ6dBGnEq2Vbt9XG+59VpjV; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:02 GMT;Httponly; Secure
_abck=F4B3E4447D650264FA794A91EED251EC~-1~YAAQjGpkX1TjwMKFAQAAnnP/Hgk5r0ZBWeTH+ml1YCDGvmz9MXm2PFU9z0Eeol64zHFd4yslE9yiYVfgxijKPa/3vdJLX22MRMtePvLVjlqeoOQ6xuMt/h9w0VjGt+Z9QFv6COKG+IK9WvvdBPFxRwAXskt319sk67Reml9N6JsA2rVTr0bE1x/dRBtlDjW2oLSIe3VjuMwQrntaRmWPSrTl1cnnHy/u8lcXMGB29o9ID7VJAAOvOhVjyGM+TuYTf//VQJ4UR4prk1Q387JqxnewxZD2MyoA7Cqe15nu7v6Es4CevGBQghEfU43QvBCfJkuDjKXxrphvadPnnOCURTvvpx6x6jwGGU38fJauwJxHviLrbtAS58x7t7fy4FzJBg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 00:35:03 GMT; Max-Age=31536000; Secure
bm_sz=2B3016BD4F424F3D9DC48DA21E209171~YAAQjGpkX1XjwMKFAQAAnnP/HhJRD6cWLr90O+jfEMLve6+udJUtaUtk3waHR74QVP5ztagaCNXJ4FUk/Vw/QcZuBy/GEUip6BZZKj84FO8DSf7FG9tHs5F8AgKIP7X7SzzWzDcO0lS554RNWe2kShB9SN3op3WhhG9Th8FMax1huA4ISmdT+7wJPbmg1ynPXPX5YwkyDrK+qQ+iyeOMxdV9PHzCV5v+gSRDq3n6gsYoyNTsytZ0o1e3OwDAZ0FWw3VB+ZWg69XA8gX2o3Pq6ZYGm+rXaBE4DQpGVp01Mk6WeGHMNv0t~4407621~3490115; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 04:35:02 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b6_VM-ARN-01XDr43_7190-28265

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1345111232_616x353.jpg

104.110.27.78

200 OK

24 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1345111232_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
24 kB (23618 bytes)
Hash
51ee4423bd7473f82847570bb6f10f88
5665cca6ad63f3cf35b07de9f3534c8e94cfe698
79117776265cb8f5638233611d20d12eb5af668b2b7a0228eaa6d15d190e6890

HTTP Headers

GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1345111232_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6350582a-e73f"
last-modified: Tue, 01 Nov 2022 15:13:52 GMT
server: Akamai Image Manager
content-length: 23618
content-type: image/webp
cache-control: private, no-transform, max-age=1200153
expires: Sat, 18 Feb 2023 21:57:36 GMT
date: Sun, 05 Feb 2023 00:35:03 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png

104.110.27.78

200 OK

562 B

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
562 B (562 bytes)
Hash
dffe59af45e3b6e5d78ffcb4a1a5386a
f273b4eded463939c9a9ec7944a892d2a3921ed2
9bd4d77dfdadd6574d42e469c1968fffce0422134f4487f1d785367752743f96

HTTP Headers

GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61a93697-769"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 562
content-type: image/webp
cache-control: private, no-transform, max-age=1000430
expires: Thu, 16 Feb 2023 14:28:53 GMT
date: Sun, 05 Feb 2023 00:35:03 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_900217040_616x353.jpg

104.110.27.78

200 OK

37 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_900217040_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
37 kB (36638 bytes)
Hash
610cca644e5b3cff3d2aa622756a5262
21d77bf774d09ef0d2aadd12e9b554bdcfabf685
9c48183f44abcf70ba1c5752a29e2e3fbb314ed363d918ee00f4977f70dcac3e

HTTP Headers

GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_900217040_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "63505814-e902"
last-modified: Tue, 01 Nov 2022 15:12:20 GMT
server: Akamai Image Manager
content-length: 36638
content-type: image/webp
cache-control: private, no-transform, max-age=1174249
expires: Sat, 18 Feb 2023 14:45:52 GMT
date: Sun, 05 Feb 2023 00:35:03 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png

104.110.27.78

200 OK

2.5 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.5 kB (2496 bytes)
Hash
e3dfb8e67322de6a7be8c293043e69e1
9c2339e0b48afdfdcd908f78777be88c133d2aef
ea103ea932d2ebdd8e57887e4beabb394c21b6f260f49adfa8be4772cb61faec

HTTP Headers

GET /assets/images/rwd/first_time_experience-account_summary.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "618287e9-14da"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 2496
content-type: image/webp
cache-control: private, no-transform, max-age=1027457
expires: Thu, 16 Feb 2023 21:59:20 GMT
date: Sun, 05 Feb 2023 00:35:03 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_557715963_616x353.jpg

104.110.27.78

200 OK

22 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_557715963_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
22 kB (22174 bytes)
Hash
338cfc728ba1dbb6840c74558c5b9d9e
16d3653d467c5e8f80600b924a91fc19d3bf416f
dcc2606ff287abd984b9e619a55adb02716c387721e5482b604503b0602e3cd0

HTTP Headers

GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_557715963_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "635162e0-ce5a"
last-modified: Mon, 31 Oct 2022 17:02:20 GMT
server: Akamai Image Manager
x-serial: 60
x-check-cacheable: YES
content-length: 22174
content-type: image/webp
cache-control: private, no-transform, max-age=1268843
expires: Sun, 19 Feb 2023 17:02:26 GMT
date: Sun, 05 Feb 2023 00:35:03 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/es/images/rwd/wf_logo_220x23.png

104.110.27.78

200 OK

1.7 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/es/images/rwd/wf_logo_220x23.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.7 kB (1710 bytes)
Hash
c5f6eb132665afa77e8ac7a1a707e951
70d65ab0dcfaace4c1d8bbb772af4fd7c6f66c80
0d7727e08780a04f9c86fca16ed264664eea2b161744cfb70836880bf04fc1ac

HTTP Headers

GET /assets/es/images/rwd/wf_logo_220x23.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61c392e6-10c2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 1710
content-type: image/webp
cache-control: private, no-transform, max-age=1029308
expires: Thu, 16 Feb 2023 22:30:11 GMT
date: Sun, 05 Feb 2023 00:35:03 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_g_1199830824_1600x700.jpg

104.110.27.78

200 OK

52 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_g_1199830824_1600x700.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x502, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
52 kB (51474 bytes)
Hash
67a063a06589a4e40465cffe34adf460
83bd779eab37f708db097c28d9eb4295c3ebdc13
e037cf255bed27ebd83c682b368532fc925848a9ff0e42d97132ac995e43bbdf

HTTP Headers

GET /assets/images/contextual/responsive/lpromo/wfi_ph_g_1199830824_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61a7e46d-172e2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 51474
content-type: image/webp
cache-control: private, no-transform, max-age=973198
expires: Thu, 16 Feb 2023 06:55:01 GMT
date: Sun, 05 Feb 2023 00:35:03 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png

104.110.27.78

200 OK

1.0 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.0 kB (1004 bytes)
Hash
2700367e62982f99dbdb7efa2e11328c
7db153f43a4bc9d95eb94e0d07404440b92ec129
8e16030cdf2d91809d0540f79aa3a3be4b83e4a9bf13bd91def3962f1484406f

HTTP Headers

GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61a93697-f60"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 131
x-check-cacheable: YES
content-length: 1004
content-type: image/webp
cache-control: private, no-transform, max-age=973296
expires: Thu, 16 Feb 2023 06:56:39 GMT
date: Sun, 05 Feb 2023 00:35:03 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg

104.110.27.78

200 OK

35 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x423, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
35 kB (35078 bytes)
Hash
b4461eb744601a2ca1764ee8245185fe
8666c2c62e249f94da9721df78c7ce0cfbb587b5
e04eef1b087076cfd56ee5728e50ef2993dc739f5d1934c3196c7bf88019d386

HTTP Headers

GET /assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "62057fd1-14ef3"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 35078
content-type: image/webp
cache-control: private, no-transform, max-age=956598
expires: Thu, 16 Feb 2023 02:18:21 GMT
date: Sun, 05 Feb 2023 00:35:03 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_check_mark_gradient_64x64.png

104.110.27.78

200 OK

1.3 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_check_mark_gradient_64x64.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.3 kB (1344 bytes)
Hash
20cf7cbf9f523ea23270f0140672e57d
61c40fed4a85b0ff069f6361f87ee77ff4207c2d
9d7f1fe0833268a6a9468b9fc19436ffe00b8596c67131b09361467deaed1b76

HTTP Headers

GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_check_mark_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61a93697-12d2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 1344
content-type: image/webp
cache-control: private, no-transform, max-age=429292
expires: Thu, 09 Feb 2023 23:49:55 GMT
date: Sun, 05 Feb 2023 00:35:03 GMT
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7be4db1954b8468725970ae76f5cedd3
7fa676c88d532e70b813b2a5e239980dfbf2a9b0
9bb64dd2e4fc5e83a14e9dd659a3199a604c7dc9c5d06bdb95b7f89ac8b6f9bd

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5399
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 00:35:03 GMT
Last-Modified: Sat, 04 Feb 2023 23:05:04 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
7be4db1954b8468725970ae76f5cedd3
7fa676c88d532e70b813b2a5e239980dfbf2a9b0
9bb64dd2e4fc5e83a14e9dd659a3199a604c7dc9c5d06bdb95b7f89ac8b6f9bd

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3550
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 00:35:03 GMT
Last-Modified: Sat, 04 Feb 2023 23:35:53 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

52.40.49.56

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.40.49.56:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Fs6dyidG1yptP6jfvK3NKQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: GLEwo8mfcP+EclaXyJuD786Go1I=

static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js

95.101.10.120

200 OK

901 B

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
IP
95.101.10.120:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (1952), with no line terminators
Size
901 B (901 bytes)
Hash
5dcc7c101ced74367609685d577093f6
f0d8214335e3c33b634048b992afd536f5bd3e43
10aab16ccfb5374425dc6ee64453a7fe6d7b6dfa47ab65779f42c7db740da1ef

HTTP Headers

GET /assets/js/wfui/appdynamics/appdEUMConfig.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 20 Jan 2022 02:38:25 GMT
Vary: Accept-Encoding
ETag: W/"61e8cb21-7a0"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 901
Date: Sun, 05 Feb 2023 00:35:03 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=8LeLhsFLjpzl2H43fKpdiw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--t249329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js

163.171.134.56

200 OK

18 kB

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
Unicode text, UTF-8 text, with very long lines (31326), with NEL line terminators
Size
18 kB (17856 bytes)
Hash
3c62755a932398b8a5d7d8cde9413fb3
8e0c91ea864ec3f0ff9385d6ddc6eb2c0987f8d4
980ef0d6507b3822543dff672ffcb8f9a51930638d23f417daaea928695881ae

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

GET /ui/javascript/homepage-ui/homepage_iaoffer.js HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:1$_se:1$_ss:1$_st:1675557042436$ses_id:1675555242436%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|26536168839272335320436151831218815203; __ts_xfdF3__=407901679; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhtaaIVN9CrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22d0xDb0FBZmFONzRsSVlMRA%3D%3D56SWpV6yAE0gPfJZqeBpJVjork3wRrwgYTNsYh4-gea_OuU8kc42lUcnp5cOfHdTpEq0c8DnEMPZAJgRYru3mCqfr3ei1muSdgI%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:03 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 17856
Connection: keep-alive
Expires: Sat, 04 Feb 2023 15:36:35 GMT
Last-Modified: Tue, 13 Dec 2022 16:55:38 GMT
ETag: "6398ae8a-d8e9"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01uY9168:5 (Cdn Cache Server V2.0), 1.1 VM-ARN-01XDr43:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b7_VM-ARN-01XDr43_7140-60060

www--wellsfargo--com--t249329d48d6c.wsipv6.com/5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE

163.171.134.56

200 OK

73 kB

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
data
Size
73 kB (72934 bytes)
Hash
c6dd15c3ee5a4bcd9d8e8a0c3d52fd41
ebba299bae409a0681ee4e00cc72c1458f73e049
ead22de7b5e9317ca777f867211c757f63e6efee96eab3baa6f9126e39a78659

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

GET /5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:1$_se:1$_ss:1$_st:1675557042436$ses_id:1675555242436%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|26536168839272335320436151831218815203; __ts_xfdF3__=407901679; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhtaaIVN9CrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22d0xDb0FBZmFONzRsSVlMRA%3D%3D56SWpV6yAE0gPfJZqeBpJVjork3wRrwgYTNsYh4-gea_OuU8kc42lUcnp5cOfHdTpEq0c8DnEMPZAJgRYru3mCqfr3ei1muSdgI%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:03 GMT
Content-Type: application/javascript
Content-Length: 72934
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 18:21:50 GMT
ETag: "c065b170d98e55180d9d0ec22203687e78580f5a9c71964c6b1b97f01595bfe0"
Content-Encoding: gzip
Cache-Control: max-age=21600
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=3CaZ20uvjOKZOd8XYtgbwQ%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=C65286825DB8D08132F2AFCC41BC49CF~-1~YAAQjGpkX1bjwMKFAQAAX3T/Hgn21tXxQnsL7r94Cnq38e17JM4cmUuA8J0SV8WQ9xLQUTRh+jbN+SOxxEqABvNy/o6d8WMFyEoS4CKFomFfTJj0VPqbGiBvAFMT0P7A/0bfKjpYAgIXvbPDK8Fh0ZYvkySa5p3sebh1wFrCYcR2/lhL5SbrODkonWfZqqzS0CqdLoc81HDnHmUbDvkwzzhm1unOaJpsRsBJ4Jqaq4Qy5mNdtabx64N84P89uc+LvusvOiYn3iSoJz9hx1dZ/+NhyC97gwXqxDshFawXMm0vISqdzLRt1lIQe3C/Ue/2vCcGXrlE13R7wDSEHOItkyC5nPBJHhsKCaERBKRojjyXoM1q+yd2HklFS+Ppv9YuVw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 00:35:03 GMT; Max-Age=31536000; Secure
bm_sz=7A6015E39381D19BC10EC16CC4F957FA~YAAQjGpkX1fjwMKFAQAAX3T/HhIrut6U003DdFOEOcmihSMX6j2qFTz/ghPpbmECacGBmJlz2rAyMT4hJBbosmazdu5tC2+guN7Z3vH7eCumMa5qZ6cSCBq5JpoNo4z74U1DeDA0oi2stRQ1FOQeYW6XCjXWCTFYle1c9dHSXgBxVp3yyHGMds4ooFBhexGcVxmrfcwgSGYezpdiQaODSpgnzqdv+XfwnByssFBOB9Y3VfRNGRG5VDFS1p6gQpiEzPZLZdKCCxWRUQNlJW3sllZTujtBCTITn8veTMCgxQKK6IHSnvmp~3753010~3556405; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 04:35:03 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01cnE31:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b7_VM-ARN-01XDr43_7130-56086

www--wellsfargo--com--t249329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js

163.171.134.56

200 OK

57 kB

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
Unicode text, UTF-8 text, with very long lines (65500), with no line terminators
Size
57 kB (57254 bytes)
Hash
55cf5abb917b734f8783436c20210ab0
83005f65ae0fb0cd0bd2576a330c8a4b9ddbb9fa
7e1678f1d42ace98528997082d53caedc0b14848feee15137bd786c3ba1bc012

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

GET /ui/javascript/homepage-ui/ps-homepage.js HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:1$_se:1$_ss:1$_st:1675557042436$ses_id:1675555242436%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|26536168839272335320436151831218815203; __ts_xfdF3__=407901679; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhtaaIVN9CrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22d0xDb0FBZmFONzRsSVlMRA%3D%3D56SWpV6yAE0gPfJZqeBpJVjork3wRrwgYTNsYh4-gea_OuU8kc42lUcnp5cOfHdTpEq0c8DnEMPZAJgRYru3mCqfr3ei1muSdgI%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:03 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 57254
Connection: keep-alive
Expires: Sat, 04 Feb 2023 15:36:35 GMT
Last-Modified: Tue, 13 Dec 2022 16:55:38 GMT
ETag: "6398ae8a-2b63b"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01cV0174:5 (Cdn Cache Server V2.0), 1.1 VM-ARN-01XDr43:2 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b7_VM-ARN-01XDr43_7132-24602

www--wellsfargo--com--t249329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single

163.171.134.56

200 OK

4.3 kB

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
ASCII text, with very long lines (9269)
Size
4.3 kB (4289 bytes)
Hash
822114fba6bec32f0d64a7906a28539b
cf582573dea001fcc604808295ab82caa29afcc4
3382c39861218acb0528a9d0ae32a3a4dfc0188d672117284c0491bec7200702

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

GET /auth/login/static/js/general_alt.js?single HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:1$_se:1$_ss:1$_st:1675557042436$ses_id:1675555242436%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|26536168839272335320436151831218815203; __ts_xfdF3__=407901679; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhtaaIVN9CrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22d0xDb0FBZmFONzRsSVlMRA%3D%3D56SWpV6yAE0gPfJZqeBpJVjork3wRrwgYTNsYh4-gea_OuU8kc42lUcnp5cOfHdTpEq0c8DnEMPZAJgRYru3mCqfr3ei1muSdgI%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:03 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 4289
Connection: keep-alive
Content-Encoding: gzip
Expires: Sun, 05 Feb 2023 00:35:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A1V0_x6GAQAA5EqmOJIugWIKelBv5Sr_Tn26NQrXXCrI4xlYeu5JyHt5K7wOAaOrhiucuDv8wH8AAEB3AAAAAA|1|0|2e69bc1c0861e39340e42ce00f2ab320a6e8488e; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=nW%2f3z4bxXjVh1y3P0pDPhu7d22qT84FVcFChr2eMIMx6xHbGwFKk4rrXIXlM3c0e; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:03 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b7_VM-ARN-01XDr43_7190-28268

static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js

95.101.10.120

200 OK

11 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
IP
95.101.10.120:0
ASN
#20940 Akamai International B.V.

File type
Unicode text, UTF-8 text, with very long lines (31790)
Size
11 kB (11076 bytes)
Hash
6d79a0dbc6ea2602aa38bbf53e43124e
8b53e45df3e4aea81cbfaa90081f6795bcfe39fc
d2aa003ecdd6c31e12964104bd23498a60e94fa2d163c6d1ff285db59f61bb6a

HTTP Headers

GET /assets/js/wfui/container/wfui-container-bottom.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Sat, 12 Feb 2022 17:58:28 GMT
Vary: Accept-Encoding
ETag: W/"6207f544-7c61"
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 11076
Date: Sun, 05 Feb 2023 00:35:03 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=91cpgxXik4LZ8GzdUabnYw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png

104.110.27.78

200 OK

49 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 1187 x 406, 8-bit colormap, non-interlaced\012- data
Size
49 kB (48569 bytes)
Hash
4576998e5446061faba47c4c609823e0
3beff60a8beab6ef65403e7bc02f996509c737a2
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39

HTTP Headers

GET /assets/images/sprite/responsive-sprite-v7.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 48569
last-modified: Thu, 21 Jul 2022 20:04:58 GMT
etag: "62d9b16a-bdb9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=2605485
expires: Tue, 07 Mar 2023 04:19:48 GMT
date: Sun, 05 Feb 2023 00:35:03 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2

104.110.27.78

200 OK

22 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Size
22 kB (22424 bytes)
Hash
0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc

HTTP Headers

GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=10144039
expires: Fri, 02 Jun 2023 10:22:22 GMT
date: Sun, 05 Feb 2023 00:35:03 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2

104.110.27.78

200 OK

23 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Size
23 kB (22600 bytes)
Hash
83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba

HTTP Headers

GET /assets/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5848"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=10144043
expires: Fri, 02 Jun 2023 10:22:26 GMT
date: Sun, 05 Feb 2023 00:35:03 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2

104.110.27.78

200 OK

22 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Size
22 kB (22172 bytes)
Hash
f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704

HTTP Headers

GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=9987216
expires: Wed, 31 May 2023 14:48:39 GMT
date: Sun, 05 Feb 2023 00:35:03 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2

104.110.27.78

200 OK

22 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107\012- data
Size
22 kB (21636 bytes)
Hash
1a2740c8df445989e4ee5f5396b6474c
a3f8545619fdd5b2a481952cd9e2c7b169bb43a6
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc

HTTP Headers

GET /assets/fonts/wellsfargosans-lt.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 21636
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5484"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=10144028
expires: Fri, 02 Jun 2023 10:22:11 GMT
date: Sun, 05 Feb 2023 00:35:03 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www--wellsfargo--com--t249329d48d6c.wsipv6.com/5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE

163.171.134.56

201 Created

18 B

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2344
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:1$_se:1$_ss:1$_st:1675557042436$ses_id:1675555242436%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|26536168839272335320436151831218815203; __ts_xfdF3__=407901679; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhtaaIVN9CrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22d0xDb0FBZmFONzRsSVlMRA%3D%3D56SWpV6yAE0gPfJZqeBpJVjork3wRrwgYTNsYh4-gea_OuU8kc42lUcnp5cOfHdTpEq0c8DnEMPZAJgRYru3mCqfr3ei1muSdgI%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 201 Created
Date: Sun, 05 Feb 2023 00:35:03 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=xsEPBaxlzhDaf7V6kJF6ow%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=xsEPBaxlzhDaf7V6kJF6ow%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=00E7B56A4B20063C06782EC149B58419~-1~YAAQjGpkX1jjwMKFAQAAnXX/HgmZHVB54yJjz3nOQdE/zYYh+UekyLbWiptLoT0aFuO0uk1n6Nygjf/M8xqp1YkY4KOJGmAX5DCRMSNIA7+tMGjw6fjd7ojXzzxJGwQo7NIG/usfVEI8ksHoIPrTeDxWzKg6LgnX1Q4B+IvjRpJW4edZGLZiiBJoPGfGGNgQyNhFV9QLgEaLdnXWuFRTFtpMkltBGoEn16eTJG8Qeq+OQiO19wqDoLiRIG9WO7dNsC0tV7FYxE9iFrMWqe+hNzQHCBxtD8dvXUAkgoKhgbMWEl1c081Wv6lw0ibprG/LdUTceo/TjH56nQwNpNTuE0eQQP9Mda9PNq0MkokYlZWrSaWBgjGNMfM8aeXehLap0w==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 00:35:03 GMT; Max-Age=31536000; Secure
bm_sz=09D19E9FAA5FA48A6F7997C47CFB98DE~YAAQjGpkX1njwMKFAQAAnXX/HhJqYvdWywtRhj7LrsHZqBWrajVvfTRN8wViUq6aB8FANKdrp7gLTQI42EjCFEQR13hwF56TPyy1+HcAbstTudtNjUtsaWLHMBWZxlARWebT3FfLdLQfpS5/gCk1STZzkOZ+PEayDkTgLWHA5h77JUpgBMaBR2tuipGk7pr/w3o8oCSWalHSPaqtrWCkwxehSIshMnOGt1wa6wFWMuyt7cMjxfIYlowvDePghlmjcTQqP+m95K3h4ZLiOuHZNJu0gOrK/cJhs2OtEDex2tohYJqjnQaI~3753010~3556405; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 04:35:03 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01cnE31:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b7_VM-ARN-01XDr43_7190-28273

static.wellsfargo.com/tracking/hp/utag.js

95.101.10.120

200 OK

55 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/hp/utag.js
IP
95.101.10.120:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (15181)
Size
55 kB (54818 bytes)
Hash
3696ebaee8a4dce7a09695dd80b3aef8
0dabf76fc893ffa3d29ba90d81cc03708b798431
0987f794748b29c49ec899c0d7599f225ce1252f243ab35d168a8d853b1aceae

HTTP Headers

GET /tracking/hp/utag.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 24 Jan 2023 07:23:58 GMT
Vary: Accept-Encoding
ETag: W/"63cf878e-322c5"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 54818
Date: Sun, 05 Feb 2023 00:35:03 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=cvs7Wj9HBD+fFmIpz5vxsQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/assets/js/wfui/ndep/websdk/nuance-websdk-loader.js

95.101.10.120

200 OK

13 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/ndep/websdk/nuance-websdk-loader.js
IP
95.101.10.120:0
ASN
#20940 Akamai International B.V.

File type
Unicode text, UTF-8 text, with very long lines (41881)
Size
13 kB (13370 bytes)
Hash
346912f774e106a5ea6f78459c661c4a
71d774577bd02f71c5def49535f88a92bd1b7088
8e7d64f1048594472f76fc1b6796a2b8fe847953a2e5b15636f3862e629ff27b

HTTP Headers

GET /assets/js/wfui/ndep/websdk/nuance-websdk-loader.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 09 Nov 2022 04:37:54 GMT
Vary: Accept-Encoding
ETag: W/"636b2ea2-a3cb"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 13370
Date: Sun, 05 Feb 2023 00:35:03 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=dTSiB9Hw68Jo6GeNa6T5JQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--t249329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AEDT-h6GAQAAiSX4i8OdzQm3GT96YNvx8m8oKIoLT2rZua1RvqdSs7UjmY6C&X-G2Q3kxs3--z=q

163.171.134.56

200 OK

148 kB

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AEDT-h6GAQAAiSX4i8OdzQm3GT96YNvx8m8oKIoLT2rZua1RvqdSs7UjmY6C&X-G2Q3kxs3--z=q
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
ASCII text, with very long lines (65536), with no line terminators
Size
148 kB (148348 bytes)
Hash
5e7a2e91560646a2c5735ed3d9a3a1c8
44806844cc81da75f169136a23a0a4882a9d58cb
603f6eb54a7e8e187ae6e268d424711fb873e349791f659c06c9240d563a522c

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company

HTTP Headers

GET /auth/login/static/js/general_alt.js?async&seed=AEDT-h6GAQAAiSX4i8OdzQm3GT96YNvx8m8oKIoLT2rZua1RvqdSs7UjmY6C&X-G2Q3kxs3--z=q HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:1$_se:1$_ss:1$_st:1675557042436$ses_id:1675555242436%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|26536168839272335320436151831218815203; __ts_xfdF3__=407901679; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhtaaIVN9CrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22d0xDb0FBZmFONzRsSVlMRA%3D%3D56SWpV6yAE0gPfJZqeBpJVjork3wRrwgYTNsYh4-gea_OuU8kc42lUcnp5cOfHdTpEq0c8DnEMPZAJgRYru3mCqfr3ei1muSdgI%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:03 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Sun, 05 Feb 2023 00:35:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=Aw11_x6GAQAAX_YAudJGMWWDE_PBZJuYDxZs3Ew-XEu9F6cFkqBDrWbsfEbOAaOrhiucuDv8wH8AAEB3AAAAAA|1|0|1b8b40c3d06fbb2bb8d465d98d065c777b7971dc; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=+dMHdqUzEEugDqOx86H9ZgzjQHzF2t+mbbvnlo+w7qnNSDRsQgDq2rWsncfPktBk; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:03 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b7_VM-ARN-01XDr43_7130-56088

www--wellsfargo--com--t249329d48d6c.wsipv6.com/target/offers/conversations

163.171.134.56

200 OK

2.3 kB

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/target/offers/conversations
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (10893), with no line terminators
Size
2.3 kB (2335 bytes)
Hash
faa4b43b41efd2c662719068df467d14
7160574aaca923479133f4f8f921e616155c43f7
681c84630b595510e2185c2803063f1aaf35b3085aeea1492b0309b137fc661b

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /target/offers/conversations HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 105
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:1$_se:1$_ss:1$_st:1675557042436$ses_id:1675555242436%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|26536168839272335320436151831218815203; __ts_xfdF3__=407901679; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhtaaIVN9CrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22d0xDb0FBZmFONzRsSVlMRA%3D%3D56SWpV6yAE0gPfJZqeBpJVjork3wRrwgYTNsYh4-gea_OuU8kc42lUcnp5cOfHdTpEq0c8DnEMPZAJgRYru3mCqfr3ei1muSdgI%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:03 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 2335
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-e032a966-9ce7-49aa-9ff2-7f0e2bc82129' 'self' https://*.wellsfargo.com https://*.wfinterface.com;report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:30|g:287c4bb1-d3db-4210-a332-9402b9566335; Expires=Sun, 05-Feb-2023 00:35:33 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:30|g:287c4bb1-d3db-4210-a332-9402b9566335|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 05-Feb-2023 00:35:33 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 05-Feb-2023 00:35:33 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:30|i:206893; Expires=Sun, 05-Feb-2023 00:35:33 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:30|i:206893|e:174; Expires=Sun, 05-Feb-2023 00:35:33 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=11202302041635031676062888; domain=.wellsfargo.com; path=/; expires=2 Feb 2033 00:35:03 GMT; secure=true; SameSite=Lax; HttpOnly
wcmcookiehp=2EA9A800828518AB14339FFE2EEA763E; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
DCID=pm8d%2fD%2fN4XuPaQoI92lK%2f+YlkbHM1zlCR5jt9vOjokMb%2fShJ70Bjw8YU17U7l7IU; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:03 GMT;Httponly; Secure
_abck=BD6F49E96EA50078F01814A63C173435~-1~YAAQvWpkX04pZ8WFAQAAFnb/HgmrRb75S71VRZnLVeSeSgpDen+KrXhuJco9/jSRN/07OVP196vMHjC81L/3f6G/70qFs6YUN3OCwku8y03XH0WcR48gHLMzb/SDjrw70FzmBnYkgFPQKthJ9jeNSIgHv4wD+sQj8ExkZ4VPiD/6Fq3yAkndefPFq604N7xeuizV4HiCCyUUyGGwdPjPIHbo4q+VowbGVbMiM40fmyd45PFFK7uKRkyb0FaPQqvJzdxIgyOD+mBHtG6Q0GMv+8ojZd/TIM5151UwWpsZaOah0Krg/2YgxQaaq2h5vykSx/hHH0rsKdMnBMX3E/GLMpIXOh+bohFMEbahugnEM96M7kXUN1FouDbYx3gVTXOOAw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 00:35:03 GMT; Max-Age=31536000; Secure
bm_sz=EDCE34828357E1D103A3C30B2D067D6E~YAAQvWpkX08pZ8WFAQAAFnb/HhJh7WcSVg7BxJdjEURiXwy/d54b6mMVn2e3lWWfxVb4PwlXnZYGbG/8pDWp+xiGkUL7A6bpGw/fySvFFL40TLAYPXBoXdvRcNi4WdcX/1FHHeKCRVAgbM3yjCwquU3X9bKE7fxVbqamzFLfNyyBWwX4vl1LOV6BZw6GHSVOj7XDgzJZZmmYD0PRqwSZxf9hVyek4cZHzs4Eq5qshSmOFeyZ2SkbvHm4JBUMg3WsFCn8hrr15ChXz/ziG0if6bTKkObNBoL5JZ25juFQzThEUaAs9HCS~3753010~3556405; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 04:35:03 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b7_VM-ARN-01XDr43_7245-36199

static.wellsfargo.com/assets/js/wfui/ndep/css/nuance-c2c-button.css

95.101.10.120

200 OK

2.7 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/ndep/css/nuance-c2c-button.css
IP
95.101.10.120:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with CRLF line terminators
Size
2.7 kB (2671 bytes)
Hash
5257c2e188d24ddc00cc92573e5f2cfb
3526eb21d812e9ebfcb3514cc2ff9ad53abe442e
ae7a3a2c2db5a1dc74814e5001e439aeeae648e3b31cdb7474856dc52ea0b223

HTTP Headers

GET /assets/js/wfui/ndep/css/nuance-c2c-button.css HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Wed, 14 Jul 2021 10:08:23 GMT
Vary: Accept-Encoding
ETag: W/"60eeb797-2bb3"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 2671
Date: Sun, 05 Feb 2023 00:35:03 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=o8VF9JIVAFsKYcF1V1CWQg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--t249329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js

163.171.134.56

200 OK

306 kB

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
ASCII text, with very long lines (65356)
Size
306 kB (305866 bytes)
Hash
0a73606e47133a2d2a13f7b5e1750e3c
8faaf759f275f0b66491df1c5077939099282044
cadbb05fc74ea8549b09ebed74da9dddf5499847acbcfaf7775b67a48abfc1ed

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

GET /auth/login/static/js/general_alt.js?1js HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:1$_se:1$_ss:1$_st:1675557042436$ses_id:1675555242436%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|26536168839272335320436151831218815203; __ts_xfdF3__=407901679; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhtaaIVN9CrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22d0xDb0FBZmFONzRsSVlMRA%3D%3D56SWpV6yAE0gPfJZqeBpJVjork3wRrwgYTNsYh4-gea_OuU8kc42lUcnp5cOfHdTpEq0c8DnEMPZAJgRYru3mCqfr3ei1muSdgI%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:03 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Sun, 05 Feb 2023 00:35:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: DCID=d1%2fCvmRtegCpoJ4MSndhctwx5BxSmIC5GcmubYwrPtM+JrI0cO83kZhJ+OQcevnE; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:03 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b7_VM-ARN-01XDr43_7132-24608

www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico

104.110.27.78

200 OK

9.2 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
9.2 kB (9198 bytes)
Hash
cd112f1acb59ef6e59e09c0effd8ce2a
bc104cd92adc32a8f695300d2b0cc69c2776f6af
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c

HTTP Headers

GET /assets/images/icons/ico/favicon.ico HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/x-icon
content-length: 9198
last-modified: Fri, 17 Dec 2021 21:10:38 GMT
etag: "61bcfcce-23ee"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=41289
expires: Sun, 05 Feb 2023 12:03:12 GMT
date: Sun, 05 Feb 2023 00:35:03 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png

104.110.27.78

200 OK

1.0 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
ISO Media, AVIF Image\012- data
Size
1.0 kB (1012 bytes)
Hash
4febe8c61db195a61e1bf6366a2dba1e
6b66fc1349bd2d08b0d9046a2f0c33d1b2925534
964596930b998b90463258b346ce36d991a0f28e7054770a1decfff35a9cda0c

HTTP Headers

GET /assets/images/icons/icon-hires_192x192.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6116f9a6-dcf"
last-modified: Tue, 17 Jan 2023 06:26:40 GMT
server: Akamai Image Manager
content-length: 1012
content-type: image/avif
cache-control: private, no-transform, max-age=971414
expires: Thu, 16 Feb 2023 06:25:17 GMT
date: Sun, 05 Feb 2023 00:35:03 GMT
X-Firefox-Spdy: h2

static.wellsfargo.com/assets/js/wfui/ndep/css/nuance-chat.css

95.101.10.120

200 OK

505 B

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/ndep/css/nuance-chat.css
IP
95.101.10.120:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with CRLF, LF line terminators
Size
505 B (505 bytes)
Hash
e2966fedd68930d5281a2ed6ea61c0d3
1ede5572cf49f251c212abdbd6f2df4bb48de1fe
c2ef5abb39d304068b5476114ebc952a97c091ea59348c8ba3adeadc715976ad

HTTP Headers

GET /assets/js/wfui/ndep/css/nuance-chat.css HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Tue, 17 Nov 2020 14:00:34 GMT
Vary: Accept-Encoding
ETag: W/"5fb3d782-52b"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 505
Date: Sun, 05 Feb 2023 00:35:04 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=bw1i5INLEYoeFz4+sLbgcw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--t249329d48d6c.wsipv6.com/5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE

163.171.134.56

201 Created

18 B

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2513
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:2$_se:1$_ss:1$_st:1675559141705$ses_id:1675557341705%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|26536168839272335320436151831218815203; __ts_xfdF3__=407901679; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhtaaIVN9CrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22d0xDb0FBZmFONzRsSVlMRA%3D%3D56SWpV6yAE0gPfJZqeBpJVjork3wRrwgYTNsYh4-gea_OuU8kc42lUcnp5cOfHdTpEq0c8DnEMPZAJgRYru3mCqfr3ei1muSdgI%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 201 Created
Date: Sun, 05 Feb 2023 00:35:04 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=utgM4cD33tpiKdeprh8njg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=utgM4cD33tpiKdeprh8njg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=5F0FC1DE6ED682A799AE48879F03C8FB~-1~YAAQjGpkX1zjwMKFAQAAVHj/HglNRVo9L1lEBOOsQAEpDMV5mJSlikbLwjteUOxlyrox5bTy0NnEMJ4DS+CIRXRJJSixm8JocNEMdXy92QvCVxLyyGls39yCwSD6p9kvJKzIzfN0shV1RVoEUV2lXrp/zsvRGTdfl0JYD5xsl8/JqD+iVvb/ACy6kN35Z6GPJbW1y078i++fKA8QzOBGiRS4qDzR2yHnTZwYxoLFxS6ljR4oDC7GuN10g+cKmjXeP5+Kg4zb9z1U+HU11CCc1LOvpE9Lrd44MMnYTFTM19dqVXEVZi/UZDbVEbBbQH2gxcp6F+sYDtC4x5/UmW2OA2/LIrx9KE/qd02wWAqKOy+4/phnvCpnXUFqjIB3zYddQw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 00:35:04 GMT; Max-Age=31536000; Secure
bm_sz=EEB3C66350D72039BEEC978D287152DC~YAAQjGpkX13jwMKFAQAAVHj/HhIyplJb4omWo9w88gF5KWzKS2AKZuDR89egzraL48W45uqQXsOn69SUPMsoYS12m+jlC0Wb+uw1znSdVD4kpcRvRmpk4e4js4qQkzwKC8LEFeu9/aUM7HtCItaCW4QO/EEhcehAGiZamAjAPfR2v8f2QKhKycAIsaSVEkXXZxox23q9ZOGXpIBTV/wHAo11OoJaI96MlTvq6S8zUQFeSRxi32FWhOiU2TW5mCu4cOXGSROvx+IxsICDigTnVvSnB1nf183KxLzknMttWN2ouC05cRI7~3556147~4272951; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 04:35:04 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01cnE31:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b8_VM-ARN-01XDr43_7132-24650

static.wellsfargo.com/assets/js/wfui/ndep/js/nuan_websdk_bootstrap.js

95.101.10.120

200 OK

35 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/ndep/js/nuan_websdk_bootstrap.js
IP
95.101.10.120:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (306), with CRLF line terminators
Size
35 kB (35227 bytes)
Hash
6b6e25186e12dddab5cfc7e3eaf88138
b10a74c86e7fa78e2c8a7b3797bcfaf7ccc717e7
c626e63ae020f2dff5a3dd67681ef69d4fb334218d325321dabfa5e206586602

HTTP Headers

GET /assets/js/wfui/ndep/js/nuan_websdk_bootstrap.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 09 Nov 2022 04:37:55 GMT
Vary: Accept-Encoding
ETag: W/"636b2ea3-24709"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 35227
Date: Sun, 05 Feb 2023 00:35:04 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=w6Ehl2fr0HdzV72Nq2STEA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7368
Expires: Sun, 05 Feb 2023 02:37:52 GMT
Date: Sun, 05 Feb 2023 00:35:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7368
Expires: Sun, 05 Feb 2023 02:37:52 GMT
Date: Sun, 05 Feb 2023 00:35:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7368
Expires: Sun, 05 Feb 2023 02:37:52 GMT
Date: Sun, 05 Feb 2023 00:35:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7368
Expires: Sun, 05 Feb 2023 02:37:52 GMT
Date: Sun, 05 Feb 2023 00:35:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7368
Expires: Sun, 05 Feb 2023 02:37:52 GMT
Date: Sun, 05 Feb 2023 00:35:04 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12256 bytes)
Hash
062e186a259eda97173695240a492c63
9b476a4ec219667f560b88199a3a4e4b0a93b579
d18570d3c4ada689b5c2a99b0783ce41c629bd125e6683cf225e01b7032f14a4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12256
x-amzn-requestid: 1b959eb9-cf69-414c-b57b-4a63277d709c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fvgx-EhgoAMF2wA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc7b3f-2c58e8ac2aee8a8f409a93a0;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 03:10:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dvxlk1iSyNfjmNRI_8HcmhG9_xe0ZlaZ0Pzj0H9EBR6wwXKg0L7YVQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 04:43:21 GMT
age: 71503
etag: "9b476a4ec219667f560b88199a3a4e4b0a93b579"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fef803fc0-c789-4c2b-8cb2-33bef88abc9c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8691 bytes)
Hash
bbb38d805862a1b3081eebf256e0dae0
4a5cb01390d897be8721cd4551c74d0452aff640
02443891d0533f37fe38b16febafc86fa64c457dc1827b97ec535d623486d549

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fef803fc0-c789-4c2b-8cb2-33bef88abc9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8691
x-amzn-requestid: 51bb839e-c32c-4be9-9f38-7f8044160e70
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVsLgFPqIAMFfww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d22716-3794126b47a79aed27e1aac4;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:09:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9du1ien5j1WSLplBzT5AAV-xIPKNgg4-8tdjux_iEGXNGaCcj29Xog==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 10:04:17 GMT
age: 52247
etag: "4a5cb01390d897be8721cd4551c74d0452aff640"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6e4dfe8-8de0-4ffd-85a4-544a7e82f052.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5652 bytes)
Hash
5d907b978dc107f6e95182eee954462a
29a73442173f75b4f3413e2c6459e8448b1cc33f
8268fb8aa86182e7c2113709cce8f559ac8cc831e12cfd7a75c67f30c69808a5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6e4dfe8-8de0-4ffd-85a4-544a7e82f052.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5652
x-amzn-requestid: a9d8e72b-b943-4c6d-a01c-7b7b65da6ee4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzXDqG-eIAMFbTQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63de054a-778199ce1db9fa1b73a9d4ec;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 07:12:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CyZUnEQ1l6j1CZCVM63GYbV6mAnhjW3kh4E5M07jH6d3t4mwhSK4hw==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:07:48 GMT
age: 8836
etag: "29a73442173f75b4f3413e2c6459e8448b1cc33f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.5 kB (3474 bytes)
Hash
d7a466d89c75ff3459b7328591db52cf
c3f29f9c2fbdc1fa2aef7a9e79ca796b28394afb
e73243be3d01d12a224c4e9826c4f52610cf7722eee69f62755278d7550705f1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3474
x-amzn-requestid: 5846c080-9f25-4590-863c-8af2126cdbe1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f1WXEEbnoAMFRdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ded0f9-1bd490125feadc14366e7ca0;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 21:41:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: d8aQmkW-aqLFpb79RynlJG2vY1GTDbjLNY0Qukgg_WIjdI6cmbVKFw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:51:26 GMT
age: 9818
etag: "c3f29f9c2fbdc1fa2aef7a9e79ca796b28394afb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a38348b-ed70-4e2f-80ce-d13e44fefcfc.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13557 bytes)
Hash
7b596a8e984911df703e15c72d25d513
a1fa1355f4de6f246d35bed9f128e13fc9dc4e72
aba708124199ec6b0ce86ac14c6c18d233ff405071a7f22522217c2fcb0aa9b7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a38348b-ed70-4e2f-80ce-d13e44fefcfc.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13557
x-amzn-requestid: 981a0f31-e874-4392-a81d-12d667020700
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fH8-JGEsoAMFhZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cca85a-7398031f2676734c65447e5b;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 03:07:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dDjAyq5pSck1A4V9vIFxwjPfUfo4B23FmPmq9AJwxGLqy6m99zEH-Q==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:09:58 GMT
age: 8706
etag: "a1fa1355f4de6f246d35bed9f128e13fc9dc4e72"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b593b5-5093-4504-8ab7-492c62b14ca7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.8 kB (5801 bytes)
Hash
c1f3df5bbad5048923e29c0767d703d3
48c408d37a7bd7f96653174359178eed46ddf298
c8bae041c3d64334964b2aa771a07bc2709ced4c497e1795f864d9416fed728f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b593b5-5093-4504-8ab7-492c62b14ca7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5801
x-amzn-requestid: 441284a8-923a-4b22-b39f-95dec713c292
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fjj9jHu_IAMFZ-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d7b389-788174a773fcd695540cc95e;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 12:09:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: DgvqiQwdytO2caPNzg2OhGcv8ly9N_YeQTzpuf6iwAVt8AQZEXRLqw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:44:03 GMT
age: 10261
etag: "48c408d37a7bd7f96653174359178eed46ddf298"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

static.wellsfargo.com/assets/js/wfui/ndep/js/nuan-c2c.js

95.101.10.120

200 OK

5.6 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/ndep/js/nuan-c2c.js
IP
95.101.10.120:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (928), with CRLF line terminators
Size
5.6 kB (5649 bytes)
Hash
00e6f77045d9c92840a490cfcdc9ff6a
22f273b66fe0c5d43cf747fb9868b0904d5ee4b8
4d144f941f05ff42f2a818328b7524c6d3f2b6efc1fe93a09794af14ad262f6c

HTTP Headers

GET /assets/js/wfui/ndep/js/nuan-c2c.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 16 Mar 2022 05:41:26 GMT
Vary: Accept-Encoding
ETag: W/"62317886-590b"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 5649
Date: Sun, 05 Feb 2023 00:35:04 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=GsHwh5FVovUrJvPG9EjB4Q%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg

104.110.27.78

200 OK

46 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 616x353, components 3\012- data
Size
46 kB (46359 bytes)
Hash
dcf7437b7a206b67e8a55258ceea28ae
88e53c53f0878df1b91a66feaaa14fd8fae4af48
360a07438b52ee265a76b81e252fa33b85d462168d6998b6e35df8df2899e9d3

HTTP Headers

GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "63505819-d82f"
last-modified: Thu, 20 Oct 2022 21:37:57 GMT
server: Akamai Image Manager
x-serial: 1019
x-check-cacheable: YES
content-length: 46359
content-type: image/jpeg
cache-control: private, no-transform, max-age=305650
expires: Wed, 08 Feb 2023 13:29:14 GMT
date: Sun, 05 Feb 2023 00:35:04 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_482407060_616x353.jpg

104.110.27.78

200 OK

44 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_482407060_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
44 kB (44138 bytes)
Hash
b4631869e8156b945150dacf3e571683
e6b735d9613d52f2bf9ce1ee32adc5b070f70d27
e4d822cd4da416d1e99229a66fac1a95f3b279d91fe5fbbaea4c41ae509577cc

HTTP Headers

GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_482407060_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "63505818-e489"
last-modified: Tue, 01 Nov 2022 22:03:08 GMT
server: Akamai Image Manager
x-serial: 575
x-check-cacheable: YES
content-length: 44138
content-type: image/webp
cache-control: private, no-transform, max-age=1373288
expires: Mon, 20 Feb 2023 22:03:12 GMT
date: Sun, 05 Feb 2023 00:35:04 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_g_7207608_collegesponsorship_bball_1700x700.jpg

104.110.27.78

200 OK

57 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_g_7207608_collegesponsorship_bball_1700x700.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x423, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
57 kB (57420 bytes)
Hash
51ea86b50f91badab17b622389d92133
e122b40755f86c2984a551a63f88f4c14cc6a7b4
f943a6af0c5f78f1b0ea93db771a7702e859d67fe08bf66220295443503bd2f7

HTTP Headers

GET /assets/images/contextual/responsive/hpprimary/wfi_ph_g_7207608_collegesponsorship_bball_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "638faebe-18a4e"
last-modified: Fri, 09 Dec 2022 21:15:35 GMT
server: Akamai Image Manager
x-serial: 682
x-check-cacheable: YES
content-length: 57420
content-type: image/webp
cache-control: private, no-transform, max-age=2285447
expires: Fri, 03 Mar 2023 11:25:51 GMT
date: Sun, 05 Feb 2023 00:35:04 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_ui-card_color-gradient_64x64.png

104.110.27.78

200 OK

1.1 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_ui-card_color-gradient_64x64.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.1 kB (1064 bytes)
Hash
f34b79c8f01331bb9af372c3996392f8
88d0d0233e00f3f387efd497131bb91bdbfed6b9
b069f9d87f72a379d0b3076384da242c0f20c891964f3d502aee614e5d393085

HTTP Headers

GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_ui-card_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6259d009-b1d"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 1284
x-check-cacheable: YES
content-length: 1064
content-type: image/webp
cache-control: private, no-transform, max-age=1128284
expires: Sat, 18 Feb 2023 01:59:48 GMT
date: Sun, 05 Feb 2023 00:35:04 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/active_cash_refresh_hplp_1600x700.jpg

104.110.27.78

200 OK

25 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/active_cash_refresh_hplp_1600x700.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x502, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
25 kB (24782 bytes)
Hash
f8f8b797f394dae4b55a85b9f55eea80
d96aada64a87f18da3fbe13e2b9c057a37192ebb
c625c5f31f79968509bb3eb016f3b20a99e44496fb0f691b8ba3bb960e9caef7

HTTP Headers

GET /assets/images/contextual/responsive/lpromo/active_cash_refresh_hplp_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "62d96afb-178fc"
last-modified: Mon, 25 Jul 2022 22:14:15 GMT
server: Akamai Image Manager
x-serial: 1184
x-check-cacheable: YES
content-length: 24782
content-type: image/webp
cache-control: private, no-transform, max-age=2015750
expires: Tue, 28 Feb 2023 08:30:54 GMT
date: Sun, 05 Feb 2023 00:35:04 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png

104.110.27.78

200 OK

2.3 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.3 kB (2330 bytes)
Hash
cd43a2d200f1b8eec84495408eb299f0
2eb173b0af9b49b634e0645a96931f5fdf6e3ab3
659ec8c02bafa9c286c39731fb1d2d382a7a8dd2ee8cc4132146558dbe27b6a8

HTTP Headers

GET /assets/images/homepage/position-1-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61619278-9f2c"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 858
x-check-cacheable: YES
content-length: 2330
content-type: image/webp
cache-control: private, no-transform, max-age=974740
expires: Thu, 16 Feb 2023 07:20:44 GMT
date: Sun, 05 Feb 2023 00:35:04 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png

104.110.27.78

200 OK

2.3 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.3 kB (2340 bytes)
Hash
2f9e97870725142046712437d067b97f
bf8db685193835edea05ac95e5671b24e0f49467
50ce7b0d954443e5fd62e3cd003bc7124bda0b30dd58d6a66485c72be96959c0

HTTP Headers

GET /assets/images/homepage/position-2-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61619278-cf3e"
last-modified: Thu, 14 Jul 2022 02:02:39 GMT
server: Akamai Image Manager
content-length: 2340
content-type: image/webp
cache-control: private, no-transform, max-age=891662
expires: Wed, 15 Feb 2023 08:16:06 GMT
date: Sun, 05 Feb 2023 00:35:04 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png

104.110.27.78

200 OK

2.1 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.1 kB (2092 bytes)
Hash
bf02d082705f06162b2e73f68602e79e
219dbb45081fa5d8663bad2f96e9066e7f17aa6e
10c22e3b130204065c1a61e7995a9defe21f0408801e8b442035a03f8d16ad64

HTTP Headers

GET /assets/images/homepage/position-3-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61619278-7b35"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
x-serial: 416
x-check-cacheable: YES
content-length: 2092
content-type: image/webp
cache-control: private, no-transform, max-age=1006073
expires: Thu, 16 Feb 2023 16:02:57 GMT
date: Sun, 05 Feb 2023 00:35:04 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png

104.110.27.78

200 OK

852 B

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
852 B (852 bytes)
Hash
83d5bb1eeca48fd91b76ba78a6033079
795d21b0703fe9606406267cbb1740251f17949c
b5b73fb58b90213e3e94e8bb2f2821ae968e4a14c736940a2a80673c5039919b

HTTP Headers

GET /assets/images/rwd/Active-Cash-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6217f519-1d25"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 852
content-type: image/webp
cache-control: private, no-transform, max-age=859847
expires: Tue, 14 Feb 2023 23:25:51 GMT
date: Sun, 05 Feb 2023 00:35:04 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg

104.110.27.78

200 OK

1.1 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 79x50, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
1.1 kB (1118 bytes)
Hash
8fc4a7236687f00978c3d3d9c679fa7d
5d7bcfc23ba4a4b58f22f497b214e7b427916b05
c2f04b9277e2158e498ea44ff61a651461ac7bcf0eed712b78fa8e21ae6eabfb

HTTP Headers

GET /assets/images/rwd/wf_autograph_card_79x50.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6286a22a-81c"
last-modified: Thu, 14 Jul 2022 19:31:27 GMT
server: Akamai Image Manager
x-serial: 2010
x-check-cacheable: YES
content-length: 1118
content-type: image/webp
cache-control: private, no-transform, max-age=1070225
expires: Fri, 17 Feb 2023 09:52:09 GMT
date: Sun, 05 Feb 2023 00:35:04 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png

104.110.27.78

200 OK

712 B

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
712 B (712 bytes)
Hash
856ba11ad61b561850f726f3f9bd8c6b
b50337dec6ee97d505a21bdcaa15f4a0d2bb2571
7867b0f1e4d21ebd684268360f820149578a15141a9128b57a97843c0fcb3b72

HTTP Headers

GET /assets/images/rwd/Reflect-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6217f519-1c20"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 712
content-type: image/webp
cache-control: private, no-transform, max-age=977703
expires: Thu, 16 Feb 2023 08:10:07 GMT
date: Sun, 05 Feb 2023 00:35:04 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png

104.110.27.78

200 OK

1.3 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.3 kB (1348 bytes)
Hash
20395535ccb9d64fc541151586d860d7
791003e66d20380a1925d19a9bb3c4cbaf451073
5220e2267bf1d52810fa37112ed26e7d0d6a6f8cfaaa7d36c032b68562030d05

HTTP Headers

GET /assets/images/rwd/bilt_card_79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6217f519-1be6"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 961
x-check-cacheable: YES
content-length: 1348
content-type: image/webp
cache-control: private, no-transform, max-age=956466
expires: Thu, 16 Feb 2023 02:16:10 GMT
date: Sun, 05 Feb 2023 00:35:04 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg

104.110.27.78

200 OK

29 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
29 kB (29240 bytes)
Hash
1368994cfb46c8ae169c749459365581
49af26a99885e645354f7b26e123655cdeee159b
a5bcbe6002a1fbae84d43160b1f45c3686d5c35e7fda458e9f4b3fd2dacfe3e5

HTTP Headers

GET /assets/images/rwd/volunteers_cars_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "618017dd-cd21"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 29240
content-type: image/webp
cache-control: private, no-transform, max-age=968789
expires: Thu, 16 Feb 2023 05:41:33 GMT
date: Sun, 05 Feb 2023 00:35:04 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v10.png

104.110.27.78

200 OK

11 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v10.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
11 kB (10726 bytes)
Hash
9c4b303bdcacf6cf05468a56f77cd235
bf44cb45c6a3d500e592dde1313e6a7806e6a2fc
c8ab4b96ff707821880745e242ef4e07eb44aa0ceb7a68efaf44b692e7ad1474

HTTP Headers

GET /assets/images/rwd/Native_App_Phone_Personal_v10.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "635ae506-9a21"
last-modified: Wed, 09 Nov 2022 20:10:17 GMT
server: Akamai Image Manager
content-length: 10726
content-type: image/webp
cache-control: private, no-transform, max-age=1980475
expires: Mon, 27 Feb 2023 22:42:59 GMT
date: Sun, 05 Feb 2023 00:35:04 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/woman_in_office_616x353.jpg

104.110.27.78

200 OK

32 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/woman_in_office_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
32 kB (31450 bytes)
Hash
7b5816c180aaf51a1142bd41e53a6ed3
f8dfd3ec8e0fb88ecef0a4b07acda06d280741ab
d7651b47c8d449b7311d15e9625df3514e7c0278ff059392189e608b5a9113a1

HTTP Headers

GET /assets/images/rwd/woman_in_office_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "618017dd-d06e"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 31450
content-type: image/webp
cache-control: private, no-transform, max-age=1128404
expires: Sat, 18 Feb 2023 02:01:48 GMT
date: Sun, 05 Feb 2023 00:35:04 GMT
X-Firefox-Spdy: h2

static.wellsfargo.com/tracking/gb/detector-dom.min.js

95.101.10.120

200 OK

132 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/gb/detector-dom.min.js
IP
95.101.10.120:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65434)
Size
132 kB (131829 bytes)
Hash
73ad7a8f8ccda765b898b038f90d8274
756ac35ad2422d93a0b327dfeff7fe9200695883
60ccc38cf175aba7cbe63bf1ec6319b5c1648d9a52014dfefa6ec718476a17b7

HTTP Headers

GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:03:51 GMT
Vary: Accept-Encoding
ETag: W/"632cbfa7-6b8d3"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 131829
Date: Sun, 05 Feb 2023 00:35:04 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=ok03gTRMKMnrHSPR3lqFcg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--t249329d48d6c.wsipv6.com/5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE

163.171.134.56

201 Created

18 B

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3266
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:2$_se:1$_ss:1$_st:1675559141705$ses_id:1675557341705%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|26536168839272335320436151831218815203; __ts_xfdF3__=407901679; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhtaaIVN9CrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22d0xDb0FBZmFONzRsSVlMRA%3D%3D56SWpV6yAE0gPfJZqeBpJVjork3wRrwgYTNsYh4-gea_OuU8kc42lUcnp5cOfHdTpEq0c8DnEMPZAJgRYru3mCqfr3ei1muSdgI%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 201 Created
Date: Sun, 05 Feb 2023 00:35:04 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=TeMkNbeIvWNhvfw9OTsvNg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=TeMkNbeIvWNhvfw9OTsvNg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=7A74ABE63D4B4D288623971B45272F78~-1~YAAQjGpkX17jwMKFAQAADnr/Hgl+qwLqojetasVbMuRjKyiOczc5yVZWlWCLy5FMZa5k/K7QJJbGrB+6bGTnGGybK3R/V6usyeA2NePqRWpvo+maSgQOT6pA3OzdLbPLcyv/DMdNLF3X6p0o2+5CNy4nJR0JhQdkme6CFE3g3idegEw5xKfTLzMGYjqp4NkIbeWFwb1eCIorNZI1qBbqzOVt8f6Zciu/vrjFAgZuW/0jjB0fUD6k7+kdUER29lHujIWWB98a4ysKlgJBwpuG2vI+k5brOCK2XV/3mvbyQuqhUgkp9HwpAb7phZ5JC4XMFJlYrTd28AB/I5l2EOhMHuGR9sMnADZGVq3ZVu0ioeahycQQz54Mjxd39wAobMsxLQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 00:35:04 GMT; Max-Age=31536000; Secure
bm_sz=7586067269956302FAC9B1137CB47D2F~YAAQjGpkX1/jwMKFAQAADnr/HhKOKYpgkq7wfYPI8F7vhY6VkWBLgfr8TPG62eDL//8zGdnhh/bmmyGahTGzQyeMOSECR+ct0BzJcQcOlgqMNF1uuEap+NHkwTvvONIrPzH1vNJS1h35J0kNTqtLlAWFvEcDqYmw50DAMC9eGmwAR9sWWgYzKXIRIeWK5mXh0pvjQbiF6XVPMoZjDzhf02Hb/x1Mukfv3Hx0hdklzUcFVSPOYd8z+zGhF71j41t3esHpIUpqr/pLtkfdvxpUYYHXl+GkGOgiQ6QvzUt55G4yDM/STZFa~3556147~4272951; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 04:35:04 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01cnE31:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b8_VM-ARN-01XDr43_7132-24668

static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1

95.101.10.120

200 OK

45 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1
IP
95.101.10.120:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65507), with CRLF line terminators
Size
45 kB (45055 bytes)
Hash
02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4

HTTP Headers

GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sun, 05 Feb 2023 00:35:04 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=disxn%2fmTEzPYCLCN2XK76Q%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
3a8f191b6804fc7779af2631165a23cb
d64c7ccd78c831820e1fbe0f96f012bd8a1ea7f8
3d1128de7ff22ad54dc569850cff7895140ead9c34009a0be3a7872694f03869

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6201
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 00:35:04 GMT
Last-Modified: Sat, 04 Feb 2023 22:51:43 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
3a8f191b6804fc7779af2631165a23cb
d64c7ccd78c831820e1fbe0f96f012bd8a1ea7f8
3d1128de7ff22ad54dc569850cff7895140ead9c34009a0be3a7872694f03869

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5455
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 00:35:04 GMT
Last-Modified: Sat, 04 Feb 2023 23:04:09 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=26536168839272335320436151831218815203&d_coop_unsafe=1&ts=1675557342639

52.18.15.195

200 OK

313 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=26536168839272335320436151831218815203&d_coop_unsafe=1&ts=1675557342639
IP
52.18.15.195:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (377), with no line terminators
Size
313 B (313 bytes)
Hash
f0c7082594b20e15dab14e33e24bb6c3
2fc9a611377aba93b71b094657ff02983c89a731
9e88f1fc62ea290431463ac717fc4a4b208e217f2340c0c60972beb12e77e076

HTTP Headers

GET /id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=26536168839272335320436151831218815203&d_coop_unsafe=1&ts=1675557342639 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-0826e4ce6.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=26567055162215162710432499701354167024; Max-Age=15552000; Expires=Fri, 04 Aug 2023 00:35:04 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: IDHAWHNXSmg=
Content-Length: 313
Connection: keep-alive

static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js

95.101.10.120

200 OK

14 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP
95.101.10.120:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (32088), with CRLF line terminators
Size
14 kB (14304 bytes)
Hash
3aebe41731e9656c48b87e8e8b2d1177
43369d1732f4ad8a5e7a1e9a3e133d96945afe02
6cf0cd136cefa8b4cce2da6ead22c33b83af4af3e87d7e4e9589b60f6ce4e395

HTTP Headers

GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 14304
Date: Sun, 05 Feb 2023 00:35:04 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Ex%2fz5au5DZ38jmQugV3BNQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=26536168839272335320436151831218815203&d_coop_unsafe=1&ts=1675557342646

52.18.15.195

200 OK

313 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=26536168839272335320436151831218815203&d_coop_unsafe=1&ts=1675557342646
IP
52.18.15.195:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (377), with no line terminators
Size
313 B (313 bytes)
Hash
d88b039573df6387594cf8b27850c327
7b576d72a53905a26e3220c3bfe51517e9c93644
d2f22a549c18fb9b0116ac7beea445c22a88cd03a3a368f953c2f03b2afdca12

HTTP Headers

GET /id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=26536168839272335320436151831218815203&d_coop_unsafe=1&ts=1675557342646 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-0227c85fb.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=26567055162215162710432499701354167024; Max-Age=15552000; Expires=Fri, 04 Aug 2023 00:35:04 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: ByGA806xQoY=
Content-Length: 313
Connection: keep-alive

wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1675557342652

52.211.241.210

200 OK

321 B

URL HTTP/1.1
wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1675557342652
IP
52.211.241.210:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (596), with no line terminators
Size
321 B (321 bytes)
Hash
a7d133af5972ad4e8ca8c01f9750a743
1f6b6664090d283143b12849bff486a92160f3b4
bd6c9184318601b48bfc9a6992676d0520d3d8087232b8f0cd18d148f8c3f95c

HTTP Headers

POST /event?d_dil_ver=9.5&_ts=1675557342652 HTTP/1.1
Host: wellsfargobankna.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 425
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0f822ad5b.edge-irl1.demdex.com 5 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=26567055162215162710432499701354167024; Max-Age=15552000; Expires=Fri, 04 Aug 2023 00:35:05 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: RTzUMb5USTM=
Content-Length: 321
Connection: keep-alive

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
8a41a6e5225635ecc02de9eabd9a472b
585d12a70f821899fdfad9c09cc87fc46cac9ea0
997fff4ada3bc79630777b4f847861230bb5ae6c58627220d8ef2c693bb92cbf

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:05 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 13:42:56 GMT
Expires: Wed, 08 Feb 2023 13:42:55 GMT
Etag: "585d12a70f821899fdfad9c09cc87fc46cac9ea0"
Cache-Control: max-age=305869,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79479063eff71c12-OSL

www--wellsfargo--com--t249329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA

163.171.134.56

200 OK

179 B

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
179 B (179 bytes)
Hash
ce77a306ed1bc10bae438673218eb0a2
207f245dc428eb65b3c2fe43b2b3537ec849f6ad
1f470e37b7054f1678319c22871acc5e52959d217d3ab3091305253835050873

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Content-Type: multipart/form-data; boundary=---------------------------251615928310448981443617497027
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Content-Length: 171
Connection: keep-alive
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:2$_se:1$_ss:1$_st:1675559141705$ses_id:1675557341705%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=MCMID|26536168839272335320436151831218815203; __ts_xfdF3__=281071963; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhtaaIVN9CrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22d0xDb0FBZmFONzRsSVlMRA%3D%3D56SWpV6yAE0gPfJZqeBpJVjork3wRrwgYTNsYh4-gea_OuU8kc42lUcnp5cOfHdTpEq0c8DnEMPZAJgRYru3mCqfr3ei1muSdgI%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:05 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 179
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
x-envoy-decorator-operation: ingress DeviceCategoryPost4
X-Akamai-Transformed: 9 175 0 pmb=mTOE,1
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=RAL0IsIw%2fUvgJROTaxBTThUTk6XZUyTTSp0QRrMjXKH5oPmnb4AWHZq717b1W%2fZh; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:05 GMT;Httponly; Secure
_abck=B1910ADC8FA884569785E7C9AAB8BC3B~-1~YAAQjGpkX2LjwMKFAQAAS3v/Hgmwg7sl5CkALrZsQLwnMFxg1QOJyVIObCXgAYLRK4hZjF+LjKk4JeOOW/K6cKR+IOJSDx4rC+7vSdYvsaYlbM0w/e5+nIqC8u7+t76VsCFOcdbfKc2DsslmpOypJ/7c2Ej33CMAozRmsktD3Lkh0VScIXnWZWK1cg1K7KQIm7Aj3XPZeTBQVbLadXkEScDh6FP3h5spGIPUmAoZ/UR2cq3YWnNXDNSea2047pajd6OEWvFw1IU4Rrn5CyqPXaNOilxharTo39PxypGTEhBHQgjJevmfgcwv/To7aPwD/DH0hZu8z24XkF21ib1FwJlZULU53ssGbwrlVZcudym8ErBzHyhOZiXT/we75+OEmw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 00:35:05 GMT; Max-Age=31536000; Secure
bm_sz=FFBE04AA42E281B481359D988AEE247D~YAAQjGpkX2PjwMKFAQAAS3v/HhJ5yZ3r8T/P4FDjxoT2qO/YLN16H+dZ0Z8iRjHLDvUHPZYIAx/1/IKj9BMuzCI5DjxVygqIE3hobydr0kKB5wjR1Sqz4qE6mURksAALCeTW3gXS4wX6Qg0GZdsqhSOA+GOpdzrQrER/RWVn4o4wSt+a2MOhLWk0zImDijdIO6GLUMA93FQl1hc4wWVFwdWjbNJ0DHG4XWYAFJ00oKzcJ4uwJ2LsrLJ5J/747aUqoZ5NW/B89fstVJ5vMgCg/nXvrofPqxA1N8RzzHA4AttbIVr2AN2N~3556147~4272951; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 04:35:04 GMT; Max-Age=14399
X-Via: 1.1 VM-ARN-01XDr43:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b8_VM-ARN-01XDr43_7132-24671

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
8a41a6e5225635ecc02de9eabd9a472b
585d12a70f821899fdfad9c09cc87fc46cac9ea0
997fff4ada3bc79630777b4f847861230bb5ae6c58627220d8ef2c693bb92cbf

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:05 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 13:42:56 GMT
Expires: Wed, 08 Feb 2023 13:42:55 GMT
Etag: "585d12a70f821899fdfad9c09cc87fc46cac9ea0"
Cache-Control: max-age=305869,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 794790643a490b02-OSL

rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=f30034f2-d307-4ef7-894c-4781c0f10128%3A1&_cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc&pv=2&f_cls_s=true

23.36.79.9

200 OK

76 B

URL HTTP/1.1
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=f30034f2-d307-4ef7-894c-4781c0f10128%3A1&_cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc&pv=2&f_cls_s=true
IP
23.36.79.9:0
ASN
#20940 Akamai International B.V.

File type
JSON data\012- , ASCII text, with no line terminators
Size
76 B (76 bytes)
Hash
197d8dfceb375bbac4729f29bba5ea48
4624bbab2b90f69e7aca7217c128a3fba28ef6cb
eacbb38a2c2400bcc5a529c80901e3e726ce3c6b28a85dc9489836ed4f26e4d2

HTTP Headers

GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=f30034f2-d307-4ef7-894c-4781c0f10128%3A1&_cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 76
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sun, 05 Feb 2023 00:35:05 GMT
Connection: keep-alive
Set-Cookie: _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; Secure; SameSite=None;HttpOnly;Secure
_cls_s=f30034f2-d307-4ef7-894c-4781c0f10128:1; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!F199mPdBE0HIO0x54TfMmyz5FQ342d5p9Fc5sYqTRmbusD0fihqMg5Frq768ucFj5VopF8GaED54QxA=; path=/; Httponly; Secure
DCID=rd8RgeMUtsT2Nh8vHcVG6g3BYYLxT4ENXO4r%2fps+PKo%3d; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:05 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

static.wellsfargo.com/tracking/ga/gtag.js?t=UA-107148943-1

95.101.10.120

200 OK

45 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/gtag.js?t=UA-107148943-1
IP
95.101.10.120:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65507), with CRLF line terminators
Size
45 kB (45055 bytes)
Hash
02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4

HTTP Headers

GET /tracking/ga/gtag.js?t=UA-107148943-1 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sun, 05 Feb 2023 00:35:05 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=E76FUz3pw3bhRZdmx%2fOxBw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js

23.36.79.24

200 OK

569 B

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
C source, ASCII text
Size
569 B (569 bytes)
Hash
33fbe3a2d69cddef6e4a946096d516c6
5dc02187efd63f59e7747024016774a9ae4046bf
5afe00e1770197f51923e187f09f529db01f0ad8a3f245b2e9b571446e364fe8

HTTP Headers

GET /accounts/static/7M/accounts/short/accounts-cache.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: W/"6387ebc6-497"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 569
Date: Sun, 05 Feb 2023 00:35:05 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=YZyhX1jQtKdbnQQWpzHOftHGQvsx2dwspyKfAVdGCKkTDa6mdIYJjo23rJz28wyv; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:05 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js

95.101.10.120

200 OK

16 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
IP
95.101.10.120:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (599)
Size
16 kB (15970 bytes)
Hash
18a9dcc7cee831010cf1647c8e39088a
731f39c30835414c6e165dd4687bf4071fe0eb10
1dc439a17ef08f995584c4869ccc397120b2502b57ba40240887df28e347be9b

HTTP Headers

GET /assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 Mar 2021 23:46:24 GMT
Vary: Accept-Encoding
ETag: W/"60401fd0-bbed"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15970
Date: Sun, 05 Feb 2023 00:35:05 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=FDrTdyt8RAh8OCv5p5Ywpg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/tracking/ga/gtag.js?t=DC-2549153

95.101.10.120

200 OK

45 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/gtag.js?t=DC-2549153
IP
95.101.10.120:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65507), with CRLF line terminators
Size
45 kB (45055 bytes)
Hash
02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4

HTTP Headers

GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sun, 05 Feb 2023 00:35:05 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=wPhzqwSJVeL8TMqBrGKrRA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/tracking/ga/gtag.js?t=AW-984436569

95.101.10.120

200 OK

45 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/gtag.js?t=AW-984436569
IP
95.101.10.120:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65507), with CRLF line terminators
Size
45 kB (45055 bytes)
Hash
02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4

HTTP Headers

GET /tracking/ga/gtag.js?t=AW-984436569 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sun, 05 Feb 2023 00:35:05 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=%2fWjDKNFOvT3jyJ3tOXvF%2fg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.2f6490b248e0bc46f824.chunk.css

23.36.79.24

200 OK

23 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.2f6490b248e0bc46f824.chunk.css
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
23 kB (23136 bytes)
Hash
1f394d5e622516de8455a0adad3ec3a4
6ea419e3813723cbe7bb8e2b1a55007c27de2cf5
f5e90651778c28c44a8527a67cf1e6ca98e3f444079e453f4005558e66437e2c

HTTP Headers

GET /accounts/static/7M/accounts/public/stylesheets/main.2f6490b248e0bc46f824.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 23136
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-5a60"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Sun, 05 Feb 2023 00:35:05 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=xE858WHMBZvPg0p7VfY++Q%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.dfcfda3cf6ac55a7ceb9.chunk.css

23.36.79.24

200 OK

37 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.dfcfda3cf6ac55a7ceb9.chunk.css
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
37 kB (37102 bytes)
Hash
1524d2feddb5b31daa9fe7c4fcb562b1
45717724083119d92a3e2e5e7b65724ae0333b84
ddb56ac96f135f1dc6eede90348813730b1a2744bdd3e5f20443dbc6010820a0

HTTP Headers

GET /accounts/static/7M/accounts/public/stylesheets/wfui.dfcfda3cf6ac55a7ceb9.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 37102
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-90ee"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Sun, 05 Feb 2023 00:35:05 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=4CctfAEwROSJZmR4OzIHXg%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
de061a858052c7286918b3dbf82d2d66
6c550208d9d2c15ce37352bf0f784544d251ae00
e51caf316c3aad61c76d82e56a506e3e31b4462999006d65b45bd6ff5285c03b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2987
Cache-Control: max-age=155407
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 00:35:05 GMT
Etag: "63deaa1d-1d7"
Expires: Mon, 06 Feb 2023 19:45:12 GMT
Last-Modified: Sat, 04 Feb 2023 18:55:25 GMT
Server: ECS (amb/6BA8)
X-Cache: HIT
Content-Length: 471

www--wellsfargo--com--t249329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343248&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-251734-16%7Etcm%3A91-223657-32

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343248&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-251734-16%7Etcm%3A91-223657-32
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343248&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-251734-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Connection: keep-alive
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:2$_se:2$_ss:0$_st:1675559142870$ses_id:1675557341705%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C26536168839272335320436151831218815203%7CMCAAMLH-1676162142%7C6%7CMCAAMB-1676162142%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCCIDH%7C651932546%7CMCOPTOUT-1675564542s%7CNONE%7CvVersion%7C5.2.0; __ts_xfdF3__=431927109; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhsEEsg15SrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22MThjVkhzazVJbEE2UklKRw%3D%3D3kogrVUWHs1IBXHnDVxC1Rn079UJnytcFJ4xYgvbJmd5CL6z2Ekuf3zV3G1KyNWRUu4BnuzkW98c-Yxxz4gt99ZK2pcE8C0iKaE%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==; _cls_s=f30034f2-d307-4ef7-894c-4781c0f10128:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:05 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 04 Feb 2023 00:35:05 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=P9sZy8TAERLDxlV88FXnR+yj3d%2fIR80AjNX539eClP84mUPyw2kXAQWiAh2OKsEa; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:05 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b9_VM-ARN-01XDr43_7140-60104

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.85f8fe51d92e1666882c.js

23.36.79.24

200 OK

3.6 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.85f8fe51d92e1666882c.js
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (7300), with no line terminators
Size
3.6 kB (3646 bytes)
Hash
529a7c0a23255dcba4b28d93223b1baa
d42dccc998c4ef14ccd29ac23dad922646aff36f
efe09028974baf21caabbc06eceea0e8b01d1efd9102f7985743241f6cc8abb2

HTTP Headers

GET /accounts/static/7M/accounts/public/js/runtime.85f8fe51d92e1666882c.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: W/"6387ebc6-1c84"
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Content-Encoding: gzip
Content-Length: 3646
Date: Sun, 05 Feb 2023 00:35:05 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=Q%2fQGmSR46HjG30Y4aZm6VRxj0G4Dz3FamkyBcYnZsu8%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:05 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--t249329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343227&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343227&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343227&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Connection: keep-alive
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:2$_se:2$_ss:0$_st:1675559142870$ses_id:1675557341705%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C26536168839272335320436151831218815203%7CMCAAMLH-1676162142%7C6%7CMCAAMB-1676162142%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCCIDH%7C651932546%7CMCOPTOUT-1675564542s%7CNONE%7CvVersion%7C5.2.0; __ts_xfdF3__=431927109; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhsEEsg15SrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22MThjVkhzazVJbEE2UklKRw%3D%3D3kogrVUWHs1IBXHnDVxC1Rn079UJnytcFJ4xYgvbJmd5CL6z2Ekuf3zV3G1KyNWRUu4BnuzkW98c-Yxxz4gt99ZK2pcE8C0iKaE%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==; _cls_s=f30034f2-d307-4ef7-894c-4781c0f10128:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:05 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 04 Feb 2023 00:35:05 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=BODBtgLr5XhwSmmbI+D27TQ%2fnthQoI5hyq92d8PB9BM%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:05 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b9_VM-ARN-01XDr43_7132-24681

www--wellsfargo--com--t249329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343251&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_ent_collegeaffinityrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251734-16%7Etcm%3A91-223657-32

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343251&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_ent_collegeaffinityrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251734-16%7Etcm%3A91-223657-32
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343251&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_ent_collegeaffinityrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251734-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Connection: keep-alive
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:2$_se:2$_ss:0$_st:1675559142870$ses_id:1675557341705%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C26536168839272335320436151831218815203%7CMCAAMLH-1676162142%7C6%7CMCAAMB-1676162142%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCCIDH%7C651932546%7CMCOPTOUT-1675564542s%7CNONE%7CvVersion%7C5.2.0; __ts_xfdF3__=431927109; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhsEEsg15SrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22MThjVkhzazVJbEE2UklKRw%3D%3D3kogrVUWHs1IBXHnDVxC1Rn079UJnytcFJ4xYgvbJmd5CL6z2Ekuf3zV3G1KyNWRUu4BnuzkW98c-Yxxz4gt99ZK2pcE8C0iKaE%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==; _cls_s=f30034f2-d307-4ef7-894c-4781c0f10128:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:05 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 04 Feb 2023 00:35:05 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=OoagqZ4KH69+X8e8lyoIrOpQtQRAo28Y8DwluDpEd4E%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:05 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b9_VM-ARN-01XDr43_7163-52347

www--wellsfargo--com--t249329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343240&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A283-226512-16%7Etcm%3A91-226306-32

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343240&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A283-226512-16%7Etcm%3A91-226306-32
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343240&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A283-226512-16%7Etcm%3A91-226306-32 HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Connection: keep-alive
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:2$_se:2$_ss:0$_st:1675559142870$ses_id:1675557341705%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C26536168839272335320436151831218815203%7CMCAAMLH-1676162142%7C6%7CMCAAMB-1676162142%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCCIDH%7C651932546%7CMCOPTOUT-1675564542s%7CNONE%7CvVersion%7C5.2.0; __ts_xfdF3__=431927109; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhsEEsg15SrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22MThjVkhzazVJbEE2UklKRw%3D%3D3kogrVUWHs1IBXHnDVxC1Rn079UJnytcFJ4xYgvbJmd5CL6z2Ekuf3zV3G1KyNWRUu4BnuzkW98c-Yxxz4gt99ZK2pcE8C0iKaE%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==; _cls_s=f30034f2-d307-4ef7-894c-4781c0f10128:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:05 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 04 Feb 2023 00:35:05 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=9E6NzNzNnKepaqwxFLg5gc0XJpz5+UgGHbrVoTVe4Uk%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:05 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b9_VM-ARN-01XDr43_7245-36224

www--wellsfargo--com--t249329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343236&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A283-224274-16%7Etcm%3A91-223647-32

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343236&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A283-224274-16%7Etcm%3A91-223647-32
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343236&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A283-224274-16%7Etcm%3A91-223647-32 HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Connection: keep-alive
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:2$_se:2$_ss:0$_st:1675559142870$ses_id:1675557341705%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C26536168839272335320436151831218815203%7CMCAAMLH-1676162142%7C6%7CMCAAMB-1676162142%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCCIDH%7C651932546%7CMCOPTOUT-1675564542s%7CNONE%7CvVersion%7C5.2.0; __ts_xfdF3__=431927109; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhsEEsg15SrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22MThjVkhzazVJbEE2UklKRw%3D%3D3kogrVUWHs1IBXHnDVxC1Rn079UJnytcFJ4xYgvbJmd5CL6z2Ekuf3zV3G1KyNWRUu4BnuzkW98c-Yxxz4gt99ZK2pcE8C0iKaE%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==; _cls_s=f30034f2-d307-4ef7-894c-4781c0f10128:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:05 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 04 Feb 2023 00:35:05 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=KOnYD3+yG37NndfoI60afJo6eVs2kCEMsR60oz1c+nQ%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:05 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b9_VM-ARN-01XDr43_7130-56161

www--wellsfargo--com--t249329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343245&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343245&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343245&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8 HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Connection: keep-alive
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:2$_se:2$_ss:0$_st:1675559142870$ses_id:1675557341705%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C26536168839272335320436151831218815203%7CMCAAMLH-1676162142%7C6%7CMCAAMB-1676162142%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCCIDH%7C651932546%7CMCOPTOUT-1675564542s%7CNONE%7CvVersion%7C5.2.0; __ts_xfdF3__=431927109; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhsEEsg15SrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22MThjVkhzazVJbEE2UklKRw%3D%3D3kogrVUWHs1IBXHnDVxC1Rn079UJnytcFJ4xYgvbJmd5CL6z2Ekuf3zV3G1KyNWRUu4BnuzkW98c-Yxxz4gt99ZK2pcE8C0iKaE%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==; _cls_s=f30034f2-d307-4ef7-894c-4781c0f10128:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:05 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 04 Feb 2023 00:35:05 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=wkyKIYXvd%2fAYTxPZZ+hozQJ37kuowSJoETE35bZ6FpfaUkPHw6JWLXC6FSCjMNtj; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:05 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b9_VM-ARN-01XDr43_7190-28294

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
153d0de36959c722c00df71ba86daca2
305f56a3134879ebf0828e169e903e560540c070
0cf533a798d42d1e97fb6619a411afadf9a68c92302ba852869b0c0555a47987

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 00:35:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
185b62fe607d5d833cc1717b68f3f7b7
ab6b571fdfcd1d1cdb923c48f53df4ecd74d85c2
656d98d306ebfcdea0dff590c34a6ce1496faa95ba05fb86f72a5e57e295f61b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 00:35:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

2549153.fls.doubleclick.net/activityi;src=2549153;type=allv40;cat=all_a00;ord=6206272430215;gtm=2od8g0;auiddc=61449811.1675555243;u1=1120230204163503127905435;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.1468159124.1675555244;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F?

142.250.74.70

200 OK

331 B

URL HTTP/2
2549153.fls.doubleclick.net/activityi;src=2549153;type=allv40;cat=all_a00;ord=6206272430215;gtm=2od8g0;auiddc=61449811.1675555243;u1=1120230204163503127905435;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.1468159124.1675555244;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F?
IP
142.250.74.70:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (581), with no line terminators
Size
331 B (331 bytes)
Hash
1c691bd7f921685e8c0c46fe60cc24c1
9f199394efd1767f903e29cb0a5b5845f057c3a7
b8ce62bf9759fd70a2962162158a9395197f3a531ac509029539ecb5a5e1c13c

HTTP Headers

GET /activityi;src=2549153;type=allv40;cat=all_a00;ord=6206272430215;gtm=2od8g0;auiddc=61449811.1675555243;u1=1120230204163503127905435;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.1468159124.1675555244;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F? HTTP/1.1
Host: 2549153.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 Feb 2023 00:35:05 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 331
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 05-Feb-2023 00:50:05 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
185b62fe607d5d833cc1717b68f3f7b7
ab6b571fdfcd1d1cdb923c48f53df4ecd74d85c2
656d98d306ebfcdea0dff590c34a6ce1496faa95ba05fb86f72a5e57e295f61b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 00:35:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www--wellsfargo--com--t249329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343257&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A542-228930-16%7Etcm%3A91-228643-32&promoSlot=1

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343257&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A542-228930-16%7Etcm%3A91-228643-32&promoSlot=1
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343257&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A542-228930-16%7Etcm%3A91-228643-32&promoSlot=1 HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Connection: keep-alive
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:2$_se:2$_ss:0$_st:1675559142870$ses_id:1675557341705%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C26536168839272335320436151831218815203%7CMCAAMLH-1676162142%7C6%7CMCAAMB-1676162142%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCCIDH%7C651932546%7CMCOPTOUT-1675564542s%7CNONE%7CvVersion%7C5.2.0; __ts_xfdF3__=431927109; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhsEEsg15SrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22MThjVkhzazVJbEE2UklKRw%3D%3D3kogrVUWHs1IBXHnDVxC1Rn079UJnytcFJ4xYgvbJmd5CL6z2Ekuf3zV3G1KyNWRUu4BnuzkW98c-Yxxz4gt99ZK2pcE8C0iKaE%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==; _cls_s=f30034f2-d307-4ef7-894c-4781c0f10128:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:05 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 04 Feb 2023 00:35:05 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=kSXHM7idHRXnsq5wWA4Bb99J64BVfqcZQVs6%2fBkPKYH0wm9xHvh3%2fOWsXmZAwj3E; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:05 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b9_VM-ARN-01XDr43_7132-24687

tag-wellsfargo.nod-glb.nuance.com/tagserver/nuanceChat.html?UUID=WF_10006005

8.39.193.5

200 OK

266 B

URL HTTP/1.1
tag-wellsfargo.nod-glb.nuance.com/tagserver/nuanceChat.html?UUID=WF_10006005
IP
8.39.193.5:0
ASN
#54396 NUANCE-MOBILITY

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
266 B (266 bytes)
Hash
a671bc4e541aadc71fd7812d93af15e7
3b8c76ac113e54f3d413e09807f3661c72d0f6b5
ef16255038c7c5847295c3c434243418d898b7b40a9095aeeb65e3ddb7579383

HTTP Headers

GET /tagserver/nuanceChat.html?UUID=WF_10006005 HTTP/1.1
Host: tag-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Cookie: inqVital_10006005=%7B%22INQ%22%3A%7B%22custID%22%3A%22-4312649783771889957%22%2C%22clntLag%22%3A-37859%7D%2C%22v%22%3A3%2C%22vcnt%22%3A18%2C%22vtime%22%3A1675555249587%2C%22_acid%22%3A%22-1%22%2C%22_ss%22%3A%22unsold%22%2C%22CHM%22%3A%7B%22lpt%22%3A0%2C%22lastChat%22%3A%7B%7D%2C%22lastCallId%22%3A0%7D%2C%22_is%22%3A1675555249579%2C%22_iID%22%3A%22-43126497837718899571%22%2C%22_ig%22%3A%22CHAT%22%7D; inqSession_10006005=%7B%22tzOf%22%3A28800000%2C%22auu%22%3A0%2C%22_svMs%22%3A-1%2C%22_aTyp%22%3A3%2C%22l%22%3A%5B%5D%2C%22m%22%3A0%2C%22n%22%3A0%2C%22o%22%3A0%2C%22r%22%3A0%2C%22s%22%3A0%2C%22st%22%3A0%2C%22v%22%3A0%2C%22ab%22%3A0%2C%22G%22%3A0%2C%22ss%22%3A0%2C%22T%22%3A0%2C%22U%22%3A0%2C%22ag%22%3A0%2C%22V%22%3A0%2C%22Va%22%3A0%2C%22cA%22%3A2%2C%22cB%22%3A1%2C%22af%22%3A-1%2C%22cnA%22%3A0%2C%22at%22%3A%22WFB-MessengerApp-S%22%2C%22as%22%3A1%2C%22Ac%22%3A0%2C%22sa%22%3A0%2C%22cHn%22%3A0%2C%22hdg%22%3A%22%22%2C%22bcs%22%3A0%2C%22to%22%3A0%2C%22stv%22%3A0%2C%22pi%22%3A%22null%22%2C%22St%22%3A0%2C%22odcr%22%3A0%2C%22scI%22%3A%220%22%2C%22lpb%22%3A0%2C%22ac%22%3A1%2C%22sDLT%22%3A%22%22%2C%22ay%22%3A0%2C%22aya%22%3A0%2C%22f%22%3A0%2C%22j%22%3A0%2C%22ahh%22%3A0%2C%22CDRC%22%3A0%2C%22CHM%22%3A%7B%22pmor%22%3Afalse%7D%2C%22_ssID%22%3A%22-43126497837718899571%22%2C%22rd%22%3A%22www--wellsfargo--com--v949329d%22%2C%22sest%22%3A%22%22%2C%22_sT%22%3A0%2C%22ltt%22%3A1675555249578%2C%22C2CM%22%3A%7B%7D%7D; inqState_10006005=%7B%22VA%22%3A%5B%5D%2C%22_loy%22%3A1%2C%22_ssQ%22%3A%5B%222023-02-05T00%3A00%3A49.571Z%22%5D%2C%22_slq%22%3A%5B%5D%2C%22_cct%22%3A0%2C%22_sqc%22%3A0%2C%22_slc%22%3A0%2C%22cfl%22%3A9223372036854776000%2C%22t%22%3A28800000%2C%22u%22%3A0%2C%22w%22%3A28800000%2C%22x%22%3A0%2C%22y%22%3A0%2C%22z%22%3A28800000%2C%22aa%22%3A0%2C%22A%22%3A28800000%2C%22LDM%22%3A%7B%22lh%22%3A%5B%7B%22id%22%3A-1%2C%22cg%22%3A%5B%5D%7D%5D%7D%2C%22CHM%22%3A%7B%7D%2C%22fst%22%3A1675555249571%2C%22lst%22%3A1675555249571%2C%22_ist%22%3A%22ELIGIBLE%22%2C%22_sesT%22%3A0%2C%22C2CM%22%3A%7B%7D%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: max-age=3600
P3P: policyref="http://tag-wellsfargo.nod-glb.nuance.com/w3c/p3p.xml", CP="NON DSP LAW CUR ADMi TAIi PSAi PSD TELi OUR SAMi IND
ETag: "+6ZNxP/6RTk"
Last-Modified: Wed, 18 Jan 2023 03:46:28 GMT
Accept-Ranges: bytes
Content-Type: text/html; charset=utf-8
Content-Length: 266
Date: Sun, 05 Feb 2023 00:35:05 GMT

www--wellsfargo--com--t249329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343268&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A704-242185-16%7Etcm%3A91-228643-32

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343268&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A704-242185-16%7Etcm%3A91-228643-32
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343268&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A704-242185-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Connection: keep-alive
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:2$_se:2$_ss:0$_st:1675559142870$ses_id:1675557341705%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C26536168839272335320436151831218815203%7CMCAAMLH-1676162142%7C6%7CMCAAMB-1676162142%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCCIDH%7C651932546%7CMCOPTOUT-1675564542s%7CNONE%7CvVersion%7C5.2.0; __ts_xfdF3__=431927109; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhsEEsg15SrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22MThjVkhzazVJbEE2UklKRw%3D%3D3kogrVUWHs1IBXHnDVxC1Rn079UJnytcFJ4xYgvbJmd5CL6z2Ekuf3zV3G1KyNWRUu4BnuzkW98c-Yxxz4gt99ZK2pcE8C0iKaE%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==; _cls_s=f30034f2-d307-4ef7-894c-4781c0f10128:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:05 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 04 Feb 2023 00:35:05 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=9sPgkgfhJvoC5Qt%2fKaYh6j4STX2Z5fw1YLShy5dE7ylTPgWeMC+%2f2pVN7JipuBsA; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:05 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b9_VM-ARN-01XDr43_7130-56163

connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js

23.36.79.24

200 OK

152 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
152 kB (152501 bytes)
Hash
6b72dc81b90de01e890d08b6e708d868
d0ed602fafe6bfc42ee07f8671fcbe086ba8cae1
357b04a401422cc6715bc915a2d04eabed496d3af87c5cf3ea697e601ebf5eb9

HTTP Headers

GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Allow: GET, POST, OPTIONS
Access-Control-Allow-Methods: POST
X-Frame-Options: SAMEORIGIN
ETag: W/"63d032c1-172f"
Last-Modified: Tue, 24 Jan 2023 19:34:25 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Sun, 05 Feb 2023 00:35:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
WesdAksn=A8d7_x6GAQAAX3UcbEjTt9oUrsamet8wM2B0agRO19H94Aw8tzbdewyWIsPLAVtaKpqcuDv8wH8AAEB3AAAAAA|1|0|81b7f85c0aed32d8c1528cb38f95b0153afdc7c3; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=2hTdbrrkHQySMKQGvyLl8Od9HPrpunUCpbWAFhi4UYQ%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:05 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--t249329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343271&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ent_carddesignstudiorspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A704-242185-16%7Etcm%3A91-228643-32&promoSlot=3

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343271&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ent_carddesignstudiorspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A704-242185-16%7Etcm%3A91-228643-32&promoSlot=3
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343271&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ent_carddesignstudiorspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A704-242185-16%7Etcm%3A91-228643-32&promoSlot=3 HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Connection: keep-alive
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:2$_se:2$_ss:0$_st:1675559142870$ses_id:1675557341705%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C26536168839272335320436151831218815203%7CMCAAMLH-1676162142%7C6%7CMCAAMB-1676162142%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCCIDH%7C651932546%7CMCOPTOUT-1675564542s%7CNONE%7CvVersion%7C5.2.0; __ts_xfdF3__=431927109; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhsEEsg15SrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22MThjVkhzazVJbEE2UklKRw%3D%3D3kogrVUWHs1IBXHnDVxC1Rn079UJnytcFJ4xYgvbJmd5CL6z2Ekuf3zV3G1KyNWRUu4BnuzkW98c-Yxxz4gt99ZK2pcE8C0iKaE%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==; _cls_s=f30034f2-d307-4ef7-894c-4781c0f10128:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:05 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 04 Feb 2023 00:35:05 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=4+DHdcOlrZujv3j+PXh1P0z+ic75akt1cHUlESL9YWJa6+3%2fbbFR1nYqNevjAVf3; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:05 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b9_VM-ARN-01XDr43_7190-28297

www--wellsfargo--com--t249329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343260&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A542-242226-16%7Etcm%3A91-228643-32

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343260&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A542-242226-16%7Etcm%3A91-228643-32
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343260&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A542-242226-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Connection: keep-alive
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:2$_se:2$_ss:0$_st:1675559142870$ses_id:1675557341705%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C26536168839272335320436151831218815203%7CMCAAMLH-1676162142%7C6%7CMCAAMB-1676162142%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCCIDH%7C651932546%7CMCOPTOUT-1675564542s%7CNONE%7CvVersion%7C5.2.0; __ts_xfdF3__=431927109; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhsEEsg15SrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22MThjVkhzazVJbEE2UklKRw%3D%3D3kogrVUWHs1IBXHnDVxC1Rn079UJnytcFJ4xYgvbJmd5CL6z2Ekuf3zV3G1KyNWRUu4BnuzkW98c-Yxxz4gt99ZK2pcE8C0iKaE%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==; _cls_s=f30034f2-d307-4ef7-894c-4781c0f10128:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:05 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 04 Feb 2023 00:35:05 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=JIYv0NkyspYvuSOuh9enTnH+9kQCLNX3COhjFmVftJw%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:05 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b9_VM-ARN-01XDr43_7163-52351

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5ac5aaa2dd1a2ab697244f3c0fe3b5b5
bb8a9aeb28cc645435760f3a9a57d85e295de419
d42327bb295e41a2b04efa1c2ad6094a3480d0010de10bb32600f4d17fe9f0d4

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 00:35:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

static.wellsfargo.com/tracking/ga/ec.js

95.101.10.120

200 OK

1.3 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/ec.js
IP
95.101.10.120:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (2771)
Size
1.3 kB (1313 bytes)
Hash
8a1d22ba0de1104dcdc02a582b407ed2
e4d90fd13a73c7379c46b197ded523a5d33c69b9
4a44a1a7efd65360f31e0b1842ad06b7fedc7c0373c69c0077c696cd49cc35de

HTTP Headers

GET /tracking/ga/ec.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-aed"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1313
Date: Sun, 05 Feb 2023 00:35:05 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=5rOqUCGTeJNHlhT2qPpbdQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c7d887fc3e3b7a68b7872c76802085c0
eb26f820776e7d87a00489eb14f918e5f6945835
915e873e95d8f0276f4763e5596b03cac487f6f8a36c65577c6622fc8560d929

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 00:35:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

static.wellsfargo.com/tracking/ga/ga_conversion_async.js

95.101.10.120

200 OK

14 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/ga_conversion_async.js
IP
95.101.10.120:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (35846)
Size
14 kB (13593 bytes)
Hash
42c817a7b5f9583b2bc70f742dc950c9
ff75711716f8605860abe551b0235f7194e4348e
881b430ac699f32b3b5234582494d1f4fc0d22be1e6ac797847d66bc5ebc250f

HTTP Headers

GET /tracking/ga/ga_conversion_async.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-8c31"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 13593
Date: Sun, 05 Feb 2023 00:35:05 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=A4pMsLuHP%2fjFeE0O+n7yyA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--t249329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343254&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A542-228930-16%7Etcm%3A91-228643-32

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343254&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A542-228930-16%7Etcm%3A91-228643-32
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343254&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A542-228930-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Connection: keep-alive
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:2$_se:2$_ss:0$_st:1675559142870$ses_id:1675557341705%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C26536168839272335320436151831218815203%7CMCAAMLH-1676162142%7C6%7CMCAAMB-1676162142%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCCIDH%7C651932546%7CMCOPTOUT-1675564542s%7CNONE%7CvVersion%7C5.2.0; __ts_xfdF3__=431927109; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhsEEsg15SrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22MThjVkhzazVJbEE2UklKRw%3D%3D3kogrVUWHs1IBXHnDVxC1Rn079UJnytcFJ4xYgvbJmd5CL6z2Ekuf3zV3G1KyNWRUu4BnuzkW98c-Yxxz4gt99ZK2pcE8C0iKaE%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==; _cls_s=f30034f2-d307-4ef7-894c-4781c0f10128:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:05 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 04 Feb 2023 00:35:05 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=FNP1aAE3IonLmmno25t+dEnvmAEyNcKSLB%2fWWCe9YEw%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:05 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b9_VM-ARN-01XDr43_7140-60108

rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=f30034f2-d307-4ef7-894c-4781c0f10128:1&_cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc&pid=58ddb369-f5c3-4639-a118-e7b548f51279&sn=1&cfg&pv=2&aid=

23.36.79.9

200 OK

1.1 kB

URL HTTP/1.1
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=f30034f2-d307-4ef7-894c-4781c0f10128:1&_cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc&pid=58ddb369-f5c3-4639-a118-e7b548f51279&sn=1&cfg&pv=2&aid=
IP
23.36.79.9:0
ASN
#20940 Akamai International B.V.

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (4922), with no line terminators
Size
1.1 kB (1075 bytes)
Hash
4cdea2f7cfb54cd1e609c2fdfcecfd3a
a440ecdd4433c09dc7adfbac5e23d36f728d1626
759f9114baddfd4bf89ba879319b607746038bba45aeb5652763d79d03538780

HTTP Headers

POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=f30034f2-d307-4ef7-894c-4781c0f10128:1&_cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc&pid=58ddb369-f5c3-4639-a118-e7b548f51279&sn=1&cfg&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 4059
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Cookie: _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _cls_s=f30034f2-d307-4ef7-894c-4781c0f10128:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1075
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sun, 05 Feb 2023 00:35:05 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=de760e43; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!L0BmiLN2JXC5ItQq/D2JHXmrrcNtC/TSq9VPLYnFrfRyyCiRynxhG+Vm+oQpFUbnRf3nzfG/2Jqipg==; path=/; Httponly; Secure
DCID=eXwHOCVPHArVaieC6tiboWhREO094TbMKKe2SyxmUbbu5DwNviY3ykVyPm98mpoC; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:05 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

adservice.google.com/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=6206272430215;gtm=2od8g0;auiddc=61449811.1675555243;u1=1120230204163503127905435;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.1468159124.1675555244;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F

142.250.74.98

200 OK

331 B

URL HTTP/2
adservice.google.com/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=6206272430215;gtm=2od8g0;auiddc=61449811.1675555243;u1=1120230204163503127905435;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.1468159124.1675555244;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F
IP
142.250.74.98:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (580), with no line terminators
Size
331 B (331 bytes)
Hash
e0112bcb2262cfb0edda0d967923b34e
75c4fc3151802ef0d4971972725f22250be14573
d1d120931127a940f7f01026bc79b1f77e7a0b5cfd3323c41dedc47a61bd3c8d

HTTP Headers

GET /ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=6206272430215;gtm=2od8g0;auiddc=61449811.1675555243;u1=1120230204163503127905435;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.1468159124.1675555244;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2549153.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 Feb 2023 00:35:05 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 331
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
923a28f79514319b2f16e8f52fee3370
14b089fc7e2412fe7a6823f5b4d8bea8669bf755
bb7294772c5d35f2470c02e3236756cde7ad1ddeea465333d906a87da7ee2594

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 744
Cache-Control: max-age=144122
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 00:35:06 GMT
Etag: "63de86cc-1d7"
Expires: Mon, 06 Feb 2023 16:37:08 GMT
Last-Modified: Sat, 04 Feb 2023 16:24:44 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

tag-wellsfargo.nod-glb.nuance.com/tagserver/frame-bridge.js

8.39.193.5

200 OK

5.9 kB

URL HTTP/1.1
tag-wellsfargo.nod-glb.nuance.com/tagserver/frame-bridge.js
IP
8.39.193.5:0
ASN
#54396 NUANCE-MOBILITY

File type
ASCII text
Size
5.9 kB (5926 bytes)
Hash
0ceb2e3aaf3130b64517eee5e5583179
49fb8fbb16b1585e19a8911f59cd7ea234c5b607
9d486489da6c1ff7c439641bc384a2e0c9e4da32c2ab73f71d1fffc4bacefc5b

HTTP Headers

GET /tagserver/frame-bridge.js HTTP/1.1
Host: tag-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/tagserver/nuanceChat.html?UUID=WF_10006005
Cookie: inqVital_10006005=%7B%22INQ%22%3A%7B%22custID%22%3A%22-4312649783771889957%22%2C%22clntLag%22%3A-37859%7D%2C%22v%22%3A3%2C%22vcnt%22%3A18%2C%22vtime%22%3A1675555249587%2C%22_acid%22%3A%22-1%22%2C%22_ss%22%3A%22unsold%22%2C%22CHM%22%3A%7B%22lpt%22%3A0%2C%22lastChat%22%3A%7B%7D%2C%22lastCallId%22%3A0%7D%2C%22_is%22%3A1675555249579%2C%22_iID%22%3A%22-43126497837718899571%22%2C%22_ig%22%3A%22CHAT%22%7D; inqSession_10006005=%7B%22tzOf%22%3A28800000%2C%22auu%22%3A0%2C%22_svMs%22%3A-1%2C%22_aTyp%22%3A3%2C%22l%22%3A%5B%5D%2C%22m%22%3A0%2C%22n%22%3A0%2C%22o%22%3A0%2C%22r%22%3A0%2C%22s%22%3A0%2C%22st%22%3A0%2C%22v%22%3A0%2C%22ab%22%3A0%2C%22G%22%3A0%2C%22ss%22%3A0%2C%22T%22%3A0%2C%22U%22%3A0%2C%22ag%22%3A0%2C%22V%22%3A0%2C%22Va%22%3A0%2C%22cA%22%3A2%2C%22cB%22%3A1%2C%22af%22%3A-1%2C%22cnA%22%3A0%2C%22at%22%3A%22WFB-MessengerApp-S%22%2C%22as%22%3A1%2C%22Ac%22%3A0%2C%22sa%22%3A0%2C%22cHn%22%3A0%2C%22hdg%22%3A%22%22%2C%22bcs%22%3A0%2C%22to%22%3A0%2C%22stv%22%3A0%2C%22pi%22%3A%22null%22%2C%22St%22%3A0%2C%22odcr%22%3A0%2C%22scI%22%3A%220%22%2C%22lpb%22%3A0%2C%22ac%22%3A1%2C%22sDLT%22%3A%22%22%2C%22ay%22%3A0%2C%22aya%22%3A0%2C%22f%22%3A0%2C%22j%22%3A0%2C%22ahh%22%3A0%2C%22CDRC%22%3A0%2C%22CHM%22%3A%7B%22pmor%22%3Afalse%7D%2C%22_ssID%22%3A%22-43126497837718899571%22%2C%22rd%22%3A%22www--wellsfargo--com--v949329d%22%2C%22sest%22%3A%22%22%2C%22_sT%22%3A0%2C%22ltt%22%3A1675555249578%2C%22C2CM%22%3A%7B%7D%7D; inqState_10006005=%7B%22VA%22%3A%5B%5D%2C%22_loy%22%3A1%2C%22_ssQ%22%3A%5B%222023-02-05T00%3A00%3A49.571Z%22%5D%2C%22_slq%22%3A%5B%5D%2C%22_cct%22%3A0%2C%22_sqc%22%3A0%2C%22_slc%22%3A0%2C%22cfl%22%3A9223372036854776000%2C%22t%22%3A28800000%2C%22u%22%3A0%2C%22w%22%3A28800000%2C%22x%22%3A0%2C%22y%22%3A0%2C%22z%22%3A28800000%2C%22aa%22%3A0%2C%22A%22%3A28800000%2C%22LDM%22%3A%7B%22lh%22%3A%5B%7B%22id%22%3A-1%2C%22cg%22%3A%5B%5D%7D%5D%7D%2C%22CHM%22%3A%7B%7D%2C%22fst%22%3A1675555249571%2C%22lst%22%3A1675555249571%2C%22_ist%22%3A%22ELIGIBLE%22%2C%22_sesT%22%3A0%2C%22C2CM%22%3A%7B%7D%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: max-age=3600
P3P: policyref="http://tag-wellsfargo.nod-glb.nuance.com/w3c/p3p.xml", CP="NON DSP LAW CUR ADMi TAIi PSAi PSD TELi OUR SAMi IND
ETag: "+YmUhczVC0A"
Last-Modified: Wed, 18 Jan 2023 03:46:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/javascript
Content-Length: 5926
Date: Sun, 05 Feb 2023 00:35:05 GMT

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c7d887fc3e3b7a68b7872c76802085c0
eb26f820776e7d87a00489eb14f918e5f6945835
915e873e95d8f0276f4763e5596b03cac487f6f8a36c65577c6622fc8560d929

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 00:35:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www--wellsfargo--com--t249329d48d6c.wsipv6.com/as/target/offers/dispositions

163.171.134.56

200 OK

970 B

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with very long lines (2440), with no line terminators
Size
970 B (970 bytes)
Hash
3a784d1f27d01acdc49eb2201ff70b84
9b8c952a72e5ea29f2480c4f72d5a2d632f64172
8398d50896962a83bf6517c876457eec892cddba9e97f486633fd3b120f99d58

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Content-Type: application/json
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Content-Length: 264
Connection: keep-alive
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:2$_se:2$_ss:0$_st:1675559142870$ses_id:1675557341705%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C26536168839272335320436151831218815203%7CMCAAMLH-1676162142%7C6%7CMCAAMB-1676162142%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCCIDH%7C651932546%7CMCOPTOUT-1675564542s%7CNONE%7CvVersion%7C5.2.0; __ts_xfdF3__=431927109; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhsEEsg15SrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22MThjVkhzazVJbEE2UklKRw%3D%3D3kogrVUWHs1IBXHnDVxC1Rn079UJnytcFJ4xYgvbJmd5CL6z2Ekuf3zV3G1KyNWRUu4BnuzkW98c-Yxxz4gt99ZK2pcE8C0iKaE%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==; _cls_s=f30034f2-d307-4ef7-894c-4781c0f10128:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:06 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 970
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-e8e23094-4479-40b4-826f-2f3b9b491582' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:30|g:54298384-1e25-47a1-a8cc-8f210094b671; Expires=Sun, 05-Feb-2023 00:35:35 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:30|g:54298384-1e25-47a1-a8cc-8f210094b671|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 05-Feb-2023 00:35:35 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 05-Feb-2023 00:35:35 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:30|i:206917; Expires=Sun, 05-Feb-2023 00:35:35 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:30|i:206917|e:93; Expires=Sun, 05-Feb-2023 00:35:35 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=404D91C76762AD5C30155ADD4761837D; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Mon, 05-Feb-2024 00:35:05 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120230204163505435506957; domain=.wellsfargo.com; path=/; expires=2 Feb 2033 00:35:05 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!1Y1mhqtZxxlw0DjC7cC95KsSl62XUZuPGo8um9tLakj/p7oiCsc232hj78GcGRLZs9WdF2Irqy+1Ias=; path=/; Httponly; Secure
DCID=puvnplKutyxiPxAOks4VwQX84+MEqFdsbsAnPvw3rIn16t6YRPb2ytGmvgExcoqK; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:05 GMT;Httponly; Secure
_abck=F19E9B1270B3C61B47B13A95D923B4DC~-1~YAAQjGpkX2fjwMKFAQAA9X7/HgkB978fc6npPZ+Z8bMzkfxNH90n9e7q0ibasJ9Iso0mCbhpfIJcwmatsgbXPrbS07JbB8JLQvV1iXZTsCywAscVUGe0jrShSSrMbuMACETx49+F7mhmJeeX0Phegh5OyNq/ybhVW+CfWE0KWksdJAfUkBpt0NXwNSXKnRhxl+DdxUOjh5rLpQNBy2ZXKrFcvbyFsuPTjBRqyMlftxTc7hyKgsiaV3HAJ8lwtwoLRQI1ygbstmKx2jEhT4mM9SDeZQUl2/E38eZqzB30RZNeh9lXfCZzsUVCyzZ/mXcbDQGCinFaWufiwCrL3CQ4jrgGjtViOuEE4q1+V4NFgtqST4L2qKaQC5ducLkLaQ3C8A==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 00:35:06 GMT; Max-Age=31536000; Secure
bm_sz=560017570BF53C8808604BC492AD795E~YAAQjGpkX2jjwMKFAQAA9X7/HhIsElvFsZnhMmZjTLavW0RsZpy1ouQWqTi75JYwYktUD478JTtVdDpA2mNqVhqLVh8QnQMYHhc9Ninbtp6UlPhtLcIq51T7q1Y1J+gjBsNDpmFldR2lIwbVmIdp8H2QeQsGXP9xuZ3hewGByypBY0dKuI2PZcuMv5HTZdVTTaCArdNyFreOn925Zq8KeTz+6Fe0l9e9PGBTeY1lok/+YELch1W1yXwUCVVNZBRY20MBqPMpSTWbL1q2FIj4YYIVxIvunzLljbPVqdiMaL5th23xd3PP~3682629~4534585; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 04:35:05 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b9_VM-ARN-01XDr43_7130-56165

connect.secure.wellsfargo.com/auth/static/prefs/atadun.js

23.36.79.24

200 OK

607 B

URL HTTP/1.1
connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with CRLF line terminators
Size
607 B (607 bytes)
Hash
00c66df208db2e1ba86a1bf44853001c
703b030e21167b9bbb52ae54bca96921a886c2dc
ab1989dd07ba1ed256db9131647ea9cb1b3735fac736fd27fb73b4b44c6e45b9

HTTP Headers

GET /auth/static/prefs/atadun.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 24 Jan 2023 19:34:26 GMT
Vary: Accept-Encoding
ETag: W/"63d032c2-4a0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Content-Encoding: gzip
Content-Length: 607
Date: Sun, 05 Feb 2023 00:35:06 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=4qhLdguY%2fLzOhNemxgs%2f0gFN4GQ3JQ7uBKhkMMjkzQk%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:06 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--t249329d48d6c.wsipv6.com/as/target/offers/dispositions

163.171.134.56

200 OK

971 B

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with very long lines (2442), with no line terminators
Size
971 B (971 bytes)
Hash
befad98adeceb438ba61f2c748deacbf
4abaf750b0fc5eb1899df75f47c23d4fd0afd404
53634ea9510f92a8934a73482729843555d87482cc1122b73c135914dfe9c6bc

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Content-Type: application/json
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Content-Length: 264
Connection: keep-alive
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:2$_se:2$_ss:0$_st:1675559142870$ses_id:1675557341705%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C26536168839272335320436151831218815203%7CMCAAMLH-1676162142%7C6%7CMCAAMB-1676162142%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCCIDH%7C651932546%7CMCOPTOUT-1675564542s%7CNONE%7CvVersion%7C5.2.0; __ts_xfdF3__=431927109; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhsEEsg15SrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22MThjVkhzazVJbEE2UklKRw%3D%3D3kogrVUWHs1IBXHnDVxC1Rn079UJnytcFJ4xYgvbJmd5CL6z2Ekuf3zV3G1KyNWRUu4BnuzkW98c-Yxxz4gt99ZK2pcE8C0iKaE%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==; _cls_s=f30034f2-d307-4ef7-894c-4781c0f10128:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:06 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 971
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-76a0f5e5-55aa-4c3c-8cdb-d15a19812377' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:30|g:d7664864-7fad-41d4-b87a-2fc1ae6d769c; Expires=Sun, 05-Feb-2023 00:35:35 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:30|g:d7664864-7fad-41d4-b87a-2fc1ae6d769c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 05-Feb-2023 00:35:35 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 05-Feb-2023 00:35:35 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:30|i:206917; Expires=Sun, 05-Feb-2023 00:35:35 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:30|i:206917|e:88; Expires=Sun, 05-Feb-2023 00:35:35 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=3DE596B03C282ACDD8B8EF0716D0BB84; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Mon, 05-Feb-2024 00:35:05 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202302041635051024601847; domain=.wellsfargo.com; path=/; expires=2 Feb 2033 00:35:05 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!ltOwf2d/akj/8inC7cC95KsSl62XUcJrpfpHxLRAlFWBVF+UxEMb4y30EcJfXcvWwodmqvP56VRpcNw=; path=/; Httponly; Secure
DCID=PiRJqiWtw4sL8I9vAMfxEpqegwO8JksDpuV+y7zlVL8AF3EXkr2eR0nsaoV7Mx%2fS; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:05 GMT;Httponly; Secure
_abck=0EB22EFA87FA192A72B3909CDBD6CCCA~-1~YAAQjGpkX2njwMKFAQAABn//HgnSrFn8gjK1OhsCF1wjgDo2wHi8zMSD1d1yXo+s7SJv8TSjPGFBL9ydqQQctO7UZzI7XI5tBhidHW74Uo69D62CdaT+YDjTn7QkKo3M/JLw+0Mv+5Jc75YjoWp1e6cSCBuFFvmljnPl9yiQGyRWSkz+oasDHWq/vE2AWrJNO5Dz+CL5hDXHcB3eIzDK9qrNJYYBhzBUBxNOMfZnyDGHt2iXZybmOY3J9ySAXmp6C2V/FAdUuEAMYRgw82Cp3jdlTH027FIXsrLNSflkBouwgpZ4606doMQIy19L41pi2RimKmmmfwRng7FGmnA/T6Fz9Ex4wGEDc8zy0b58DSOi4FSBgzl29owbbKw2qGHAmA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 00:35:06 GMT; Max-Age=31536000; Secure
bm_sz=01A1CEF374C0B037BC586351EF96E471~YAAQjGpkX2rjwMKFAQAABn//HhJsd3jVZsf9iF9rXFJxA2q+l6zEBaS4e7+4FVF+cCnk/Sue88RYH8Odutljb3mBX5C8xLhUdOFiEU77ZSbYH7nr240qb16+vk2FuZbEqHAda7SVM1StEfu5liQUcDRviRlCvAzhuN4k7CK6LV1WYuNo/fkSLvGjNT98ywsAaUpH3xmpWgPC7/uHImct5egpndyLVYPdvjGQdUSm1R1O/vXdX0MI5KOEOr4wjaHOmcderLrxkmxpveBJX248DxXs+KWYHgo3nB7Fs09tTw7i4fqRGZbV~3682629~4534585; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 04:35:05 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b9_VM-ARN-01XDr43_7245-36226

www--wellsfargo--com--t249329d48d6c.wsipv6.com/as/target/offers/dispositions

163.171.134.56

200 OK

972 B

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with very long lines (2442), with no line terminators
Size
972 B (972 bytes)
Hash
13dad1af7fed76c2cf8720190ceebd6f
ed9368e14a8d3b15d3da2cf08acae9b98868ab19
e4a6be59470656dd3d1ea9067de800881ae3dfb3d0e91299c52b554bbc216fc6

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Content-Type: application/json
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Content-Length: 266
Connection: keep-alive
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:2$_se:2$_ss:0$_st:1675559142870$ses_id:1675557341705%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C26536168839272335320436151831218815203%7CMCAAMLH-1676162142%7C6%7CMCAAMB-1676162142%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCCIDH%7C651932546%7CMCOPTOUT-1675564542s%7CNONE%7CvVersion%7C5.2.0; __ts_xfdF3__=431927109; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhsEEsg15SrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22MThjVkhzazVJbEE2UklKRw%3D%3D3kogrVUWHs1IBXHnDVxC1Rn079UJnytcFJ4xYgvbJmd5CL6z2Ekuf3zV3G1KyNWRUu4BnuzkW98c-Yxxz4gt99ZK2pcE8C0iKaE%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==; _cls_s=f30034f2-d307-4ef7-894c-4781c0f10128:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:06 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 972
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-135057be-4335-4309-b57e-aa5f0a356df2' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:30|g:ae04e4ff-c5c0-4a7b-8ad9-bcaf87fce7b2; Expires=Sun, 05-Feb-2023 00:35:35 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:30|g:ae04e4ff-c5c0-4a7b-8ad9-bcaf87fce7b2|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 05-Feb-2023 00:35:35 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 05-Feb-2023 00:35:35 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:30|i:206917; Expires=Sun, 05-Feb-2023 00:35:35 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:30|i:206917|e:88; Expires=Sun, 05-Feb-2023 00:35:35 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=7B35509730ADC9ABA8DB350F9E0849A4; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Mon, 05-Feb-2024 00:35:05 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120230204163505212393219; domain=.wellsfargo.com; path=/; expires=2 Feb 2033 00:35:05 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!izgDBgOKQ67cgCTC7cC95KsSl62XUa4xKQlverLm8xQqCEK6zNhP3IUYb57vmuAMF67A+ijGED+5+lY=; path=/; Httponly; Secure
DCID=Paf6z8Fw4MZFu+SsGBQjB8tGQcLjT5GA55BArR05FrlyeTaHOlHSz1nWr6pIKixD; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:05 GMT;Httponly; Secure
_abck=D15D758C15A1773057522C1755E789CD~-1~YAAQjGpkX2vjwMKFAQAACH//Hgl1don1FCNZ7cRn95/zX+tSv3ct69A8rx304lWcRD5rODD9ZRpnjJSvBWbZcuAUZ8RQxPF1XeYt6KJZX7NUU1s+dLwauW/zYKZQmRzZsHjBy7dm8gQFZCirVHXBRUEJdx4z5am3T1Ac65qMrVcBKK/2F2DBcwx3fxas8PA07QUnQSvZGGHs+2VYbDZfIhfS/1aj2Ws/9GhmfXwDbHis+UvQ75IQkSvW1gg4lK8k0M/UxmS3MothpRLf6RPgCvy/YyHGztRUOcek0eeOo83Vyp1A6V03pQ7cmFYndtgQrZK5qyn6jowSrYxwT1tUKrw5+E5LPE0kgniMbvKDl7F6+K3NtpUhkN3o1TivNMINSA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 00:35:06 GMT; Max-Age=31536000; Secure
bm_sz=448E3AD4BBCB7E2FCADE9C8EAD279DA4~YAAQjGpkX2zjwMKFAQAACH//HhJSO6fH8cIzR73xzNpRlk+AcN00kwILcXYakQBryBzo+JoD5u92LNIvtJ2QpvSJp5pNjEj9Vern2/4LINgeDdDxhGvDZU1H/kfM/effPdYg1uK0HpU+q+Nnz62rpS8OkF6L+ZPLegi+5ZpmfjsutdHvQveYI5RVLTgyuwfvf2KHC2FhvDjOvwiTSOfuUJ7Bu7bNv+enwEWFySWJOLWcPb+Ms3AuJq8oWSUKFShBsgMRG4d7EZKHJaEe3gMH/Ps9CNKPYJJYg1c2q5wNh5OXmH5yICbW~3682629~4534585; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 04:35:05 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b9_VM-ARN-01XDr43_7163-52355

www--wellsfargo--com--t249329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343275&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228918-16%7Etcm%3A91-223671-32

163.171.134.56

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343275&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228918-16%7Etcm%3A91-223671-32
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=703-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F&cb=1675557343275&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228918-16%7Etcm%3A91-223671-32 HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Connection: keep-alive
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:2$_se:2$_ss:0$_st:1675559142870$ses_id:1675557341705%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C26536168839272335320436151831218815203%7CMCAAMLH-1676162142%7C6%7CMCAAMB-1676162142%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCCIDH%7C651932546%7CMCOPTOUT-1675564542s%7CNONE%7CvVersion%7C5.2.0; __ts_xfdF3__=431927109; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhsEEsg15SrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22MThjVkhzazVJbEE2UklKRw%3D%3D3kogrVUWHs1IBXHnDVxC1Rn079UJnytcFJ4xYgvbJmd5CL6z2Ekuf3zV3G1KyNWRUu4BnuzkW98c-Yxxz4gt99ZK2pcE8C0iKaE%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==; _cls_s=f30034f2-d307-4ef7-894c-4781c0f10128:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:06 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 04 Feb 2023 00:35:05 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=n1DlViQSmfiWsLUD4W6NigmI8RwxJ21iXO95rgnYp9qZRuaDkYTG5H6WnEKLwwYd; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:05 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b9_VM-ARN-01XDr43_7132-24689

www--wellsfargo--com--t249329d48d6c.wsipv6.com/as/target/offers/dispositions

163.171.134.56

200 OK

970 B

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with very long lines (2445), with no line terminators
Size
970 B (970 bytes)
Hash
332b06d6dc9b3d49622931db6f1920b8
fda9a0aa4bda3d55d01a7612ac90704666f2a79f
24fd45c152b6b1ac068cfb1cf086f989cdc35ed53ecd2e83673f861f87f4e2df

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Content-Type: application/json
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Content-Length: 267
Connection: keep-alive
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:2$_se:2$_ss:0$_st:1675559142870$ses_id:1675557341705%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C26536168839272335320436151831218815203%7CMCAAMLH-1676162142%7C6%7CMCAAMB-1676162142%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCCIDH%7C651932546%7CMCOPTOUT-1675564542s%7CNONE%7CvVersion%7C5.2.0; __ts_xfdF3__=431927109; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhsEEsg15SrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22MThjVkhzazVJbEE2UklKRw%3D%3D3kogrVUWHs1IBXHnDVxC1Rn079UJnytcFJ4xYgvbJmd5CL6z2Ekuf3zV3G1KyNWRUu4BnuzkW98c-Yxxz4gt99ZK2pcE8C0iKaE%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==; _cls_s=f30034f2-d307-4ef7-894c-4781c0f10128:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:06 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 970
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-7ff890ce-82ea-4954-8f6d-9fe824f48d3c' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:30|g:8bd11bf2-57f7-4b83-92d8-ff77a2939c6a; Expires=Sun, 05-Feb-2023 00:35:35 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:30|g:8bd11bf2-57f7-4b83-92d8-ff77a2939c6a|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 05-Feb-2023 00:35:35 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 05-Feb-2023 00:35:35 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:30|i:206917; Expires=Sun, 05-Feb-2023 00:35:35 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:30|i:206917|e:99; Expires=Sun, 05-Feb-2023 00:35:35 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=7CF925CEA9D068E2D2CB51F2BFB6CE0D; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Mon, 05-Feb-2024 00:35:05 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202302041635051576436251; domain=.wellsfargo.com; path=/; expires=2 Feb 2033 00:35:05 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!1KPCrkXMt+hRQxbXcg3V8rzrEPW+Gaozwacs63ad8I1JAniyCTd+ZDXP+QYcAr4bgPglkoHk/h52Y6g=; path=/; Httponly; Secure
DCID=jx%2fMpnKIY5YZV3Da89ipwjJNpbO+P5hVulcRU73naWgoa5nCk2GzxbE5LKTGH7e1; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:05 GMT;Httponly; Secure
_abck=13CE9B60935E1685E16E2FA120570581~-1~YAAQvWpkX1gpZ8WFAQAAM3//HgmGnDl3Gf/lHt/cw5GFFQho3UQm7VB4P14dnRAkq+22rZg3AeqFSYe222IXtMqU2ai8GlF4dZ5GE+lPsXFL6ykqP+eXgJlW9a/eT7xVxIgn91kqIPS24YW2SbHlqiYhL7K0LAJ+qBG34i9J3VKogAqGa215d7r26LyU2lCzskNtBV0uRw9ompoqFawLjcdwG4R46ofGDmuFM7dNVvq06Y352IJq/lRJ0y+i5QIIfHLMq31Dc+Y8VGgrJVVB9PuterOm9nm0OtQ2PoWbp5lTXtmkOedb7Y825dfNqaMVU3LeC0Iz45JgzeREcURqm/NFEUizy4cwmOAjlNYq0dXxE1DZxE/0nxJP9RsrWQW0qw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 00:35:06 GMT; Max-Age=31536000; Secure
bm_sz=B7DE0977A34475F9D094022C6EDFFC2E~YAAQvWpkX1kpZ8WFAQAAM3//HhI1wqdVpSf7CPuAIgP3aFn/uhJ7/h5GuNnA/e6qlCcQZ8v3akYM8/V/pahBxXQ4SRkNeoNkPTFccmPKJcpueuIF6r3B0Rp9+Lc6IP9k/4LjBTFPD8AaRSAV3+jOJC1GICbZCBaP9uwF0TADh/DPndNyzscJtnP3lPKX/xglVrlvqFRALk7G2TmY9Bs6ZzN+uCezQFypqsUVNEuRuwcoL6S72UTtgFlR/iUByoVnHgtvZsbkA20WZoSWMjVnTzAjzQbF85N6kxFDYO44mvPidtgxBe7H~3682629~4534585; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 04:35:05 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9b9_VM-ARN-01XDr43_7190-28301

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8077210062c315b98902cb06c74d485b
808e94ac31f1b45185103ce25c1bc2afd056b17a
78871f45de0c58bffa6a86b50f6bd0db61932bf6a2b7d8191dba0f0eaab628b1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 00:35:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=6206272430215;gtm=2od8g0;auiddc=61449811.1675555243;u1=1120230204163503127905435;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.1468159124.1675555244;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F

142.250.74.98

200 OK

85 B

URL HTTP/2
adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=6206272430215;gtm=2od8g0;auiddc=61449811.1675555243;u1=1120230204163503127905435;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.1468159124.1675555244;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F
IP
142.250.74.98:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
85 B (85 bytes)
Hash
4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb

HTTP Headers

GET /ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=6206272430215;gtm=2od8g0;auiddc=61449811.1675555243;u1=1120230204163503127905435;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.1468159124.1675555244;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--t249329d48d6c.wsipv6.com%2Fes%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 Feb 2023 00:35:06 GMT
expires: Sun, 05 Feb 2023 00:35:06 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8077210062c315b98902cb06c74d485b
808e94ac31f1b45185103ce25c1bc2afd056b17a
78871f45de0c58bffa6a86b50f6bd0db61932bf6a2b7d8191dba0f0eaab628b1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 00:35:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tag-wellsfargo.nod-glb.nuance.com/chatskins/launch/inqChatLaunch10006005.js?chatVersion=sdk

8.39.193.5

200 OK

2.0 kB

URL HTTP/1.1
tag-wellsfargo.nod-glb.nuance.com/chatskins/launch/inqChatLaunch10006005.js?chatVersion=sdk
IP
8.39.193.5:0
ASN
#54396 NUANCE-MOBILITY

File type
ASCII text, with very long lines (1087)
Size
2.0 kB (2006 bytes)
Hash
787c2eaac73a20043fe07217d36ddc13
ff01a5d9a3e61f191b8e350780615e9c10058a74
348584c41c564866c9dd8cd3358d7ae006c8cb5932d503d8cf9c80ab8563e035

HTTP Headers

GET /chatskins/launch/inqChatLaunch10006005.js?chatVersion=sdk HTTP/1.1
Host: tag-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/tagserver/nuanceChat.html?UUID=WF_10006005
Cookie: inqVital_10006005=%7B%22INQ%22%3A%7B%22custID%22%3A%22-4312649783771889957%22%2C%22clntLag%22%3A-37859%7D%2C%22v%22%3A3%2C%22vcnt%22%3A18%2C%22vtime%22%3A1675555249587%2C%22_acid%22%3A%22-1%22%2C%22_ss%22%3A%22unsold%22%2C%22CHM%22%3A%7B%22lpt%22%3A0%2C%22lastChat%22%3A%7B%7D%2C%22lastCallId%22%3A0%7D%2C%22_is%22%3A1675555249579%2C%22_iID%22%3A%22-43126497837718899571%22%2C%22_ig%22%3A%22CHAT%22%7D; inqSession_10006005=%7B%22tzOf%22%3A28800000%2C%22auu%22%3A0%2C%22_svMs%22%3A-1%2C%22_aTyp%22%3A3%2C%22l%22%3A%5B%5D%2C%22m%22%3A0%2C%22n%22%3A0%2C%22o%22%3A0%2C%22r%22%3A0%2C%22s%22%3A0%2C%22st%22%3A0%2C%22v%22%3A0%2C%22ab%22%3A0%2C%22G%22%3A0%2C%22ss%22%3A0%2C%22T%22%3A0%2C%22U%22%3A0%2C%22ag%22%3A0%2C%22V%22%3A0%2C%22Va%22%3A0%2C%22cA%22%3A2%2C%22cB%22%3A1%2C%22af%22%3A-1%2C%22cnA%22%3A0%2C%22at%22%3A%22WFB-MessengerApp-S%22%2C%22as%22%3A1%2C%22Ac%22%3A0%2C%22sa%22%3A0%2C%22cHn%22%3A0%2C%22hdg%22%3A%22%22%2C%22bcs%22%3A0%2C%22to%22%3A0%2C%22stv%22%3A0%2C%22pi%22%3A%22null%22%2C%22St%22%3A0%2C%22odcr%22%3A0%2C%22scI%22%3A%220%22%2C%22lpb%22%3A0%2C%22ac%22%3A1%2C%22sDLT%22%3A%22%22%2C%22ay%22%3A0%2C%22aya%22%3A0%2C%22f%22%3A0%2C%22j%22%3A0%2C%22ahh%22%3A0%2C%22CDRC%22%3A0%2C%22CHM%22%3A%7B%22pmor%22%3Afalse%7D%2C%22_ssID%22%3A%22-43126497837718899571%22%2C%22rd%22%3A%22www--wellsfargo--com--v949329d%22%2C%22sest%22%3A%22%22%2C%22_sT%22%3A0%2C%22ltt%22%3A1675555249578%2C%22C2CM%22%3A%7B%7D%7D; inqState_10006005=%7B%22VA%22%3A%5B%5D%2C%22_loy%22%3A1%2C%22_ssQ%22%3A%5B%222023-02-05T00%3A00%3A49.571Z%22%5D%2C%22_slq%22%3A%5B%5D%2C%22_cct%22%3A0%2C%22_sqc%22%3A0%2C%22_slc%22%3A0%2C%22cfl%22%3A9223372036854776000%2C%22t%22%3A28800000%2C%22u%22%3A0%2C%22w%22%3A28800000%2C%22x%22%3A0%2C%22y%22%3A0%2C%22z%22%3A28800000%2C%22aa%22%3A0%2C%22A%22%3A28800000%2C%22LDM%22%3A%7B%22lh%22%3A%5B%7B%22id%22%3A-1%2C%22cg%22%3A%5B%5D%7D%5D%7D%2C%22CHM%22%3A%7B%7D%2C%22fst%22%3A1675555249571%2C%22lst%22%3A1675555249571%2C%22_ist%22%3A%22ELIGIBLE%22%2C%22_sesT%22%3A0%2C%22C2CM%22%3A%7B%7D%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: *
Cache-Control: no-cache
ETag: "DmIjl/705ZQ"
Last-Modified: Wed, 18 Jan 2023 04:19:48 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Type: application/javascript
Content-Length: 2006
Date: Sun, 05 Feb 2023 00:35:06 GMT

pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50

52.35.53.194

200 OK

18 kB

URL HTTP/2
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
IP
52.35.53.194:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
18 kB (18015 bytes)
Hash
bd9bb2bab8ea44896227901d778e5159
26c24067909759eefd383cbd53ce1edf2da5b06f
9a6f5f3dff8a04870f605b0169611ba9b5c021cd04d805898df6e854dd57cbe4

HTTP Headers

GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 05 Feb 2023 00:35:06 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2

connect.secure.wellsfargo.com/AIDO/glu.js

23.36.79.24

200 OK

37 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/AIDO/glu.js
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
37 kB (37091 bytes)
Hash
fc91bf1eb9d01e720848efe478db6a09
bf5503a0cc63ef635b889332d2db46262c6e8d9a
2baca6a61a9f5fe73f860abc590dabfacf1d093c0ad6c60ad9c399b1046f97e7

HTTP Headers

GET /AIDO/glu.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 37091
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, OPTIONS
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Encoding: gzip
Date: Sun, 05 Feb 2023 00:35:06 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=z7OGFWSGbdire6GyauVju0zzA6OElLvaDF2IvLjc0pc%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:06 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--t249329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip

163.171.134.56

200 OK

128 B

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
128 B (128 bytes)
Hash
bffda19be748ccb0416394543d2aebe8
1a988107034a9db42901c2ae551ed5904b1ce19e
ce4c76a47f7ade3614988dc0329e1f77bcc8d3a2a328c76a38c5c1db029ad6ed

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /dti_apg/api/dip/v1/dip HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
ADRUM: isAjax:true
Content-Length: 2044
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:2$_se:2$_ss:0$_st:1675559142870$ses_id:1675557341705%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C26536168839272335320436151831218815203%7CMCAAMLH-1676162142%7C6%7CMCAAMB-1676162142%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCCIDH%7C651932546%7CMCOPTOUT-1675564542s%7CNONE%7CvVersion%7C5.2.0; __ts_xfdF3__=431927109; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhsEEsg15SrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22MThjVkhzazVJbEE2UklKRw%3D%3D3kogrVUWHs1IBXHnDVxC1Rn079UJnytcFJ4xYgvbJmd5CL6z2Ekuf3zV3G1KyNWRUu4BnuzkW98c-Yxxz4gt99ZK2pcE8C0iKaE%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==; _cls_s=f30034f2-d307-4ef7-894c-4781c0f10128:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _gat_gtag_UA_107148943_1=1; ISD_WCM_COOKIE=!1KPCrkXMt+hRQxbXcg3V8rzrEPW+Gaozwacs63ad8I1JAniyCTd+ZDXP+QYcAr4bgPglkoHk/h52Y6g=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:06 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 128
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
x-envoy-upstream-service-time: 22
X-Akamai-Transformed: 9 164 0 pmb=mTOE,1
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=XxM20vC5M7QMLKPdrNIzkfHUQwxaNKxubgBJHKhWo8h2QKdO+4fiPr64oHz7RIHg; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:06 GMT;Httponly; Secure
_abck=169C07CB08CE2B02352283EDB9D57605~-1~YAAQjGpkX23jwMKFAQAABYL/HgmHg+O3T/QkhRbFkedRuql/TQP1SGNEjxaNaDfVRiLbIzku9Cm9BwMLZbzXBb+s3FTnpWbLeDvSc47gY8OcP+/Mf0TJHdfn/QAKij432dQkJmFAB+9o6z2L4flqylERoz9iYN//ke49IXEwt5xpHhEI547Ni2WZBpVi4Tp9xELYRDgOOHjFk4KTsOgqTjm+zxVRS0n+zbYNq1ybDATDmQJ2rHJZwDoYK5ym6XtroIYtO5Mw8+qtbN4gXXo2mEdxX8HR1E8e5HaE0YTLTQ8U/4eBxDWOOwT9djkh3cXGd6vJoY/X6NmqL8sak8mCRnVtjph4CEGKJl8UARUF//epc4DfM4WX26p0B43N0YrFCg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 00:35:06 GMT; Max-Age=31536000; Secure
bm_sz=B2A1386FA9CED2A068EE524D7A14EAF6~YAAQjGpkX27jwMKFAQAABYL/HhJzujLnCYQS1naOENDoAViky4MXN8tNm6cbpTujWVgbAEcCmiHwc9u5a1/Wxz/b7erlQOIFe11d+MFZUPTbya0iflByzV73DIIVvbPyuG6P92DgTHw5jmdrs99Yppv6qSMUrBlDhxrsKNT2vpaXrVjTufca1U8NyOGJY9surHARAnIcp3PIDwSfHQLm7ZSMv2aw3+SrGbH3VUj3QSre6eVZY/6/E1dSxXwGUaYMd+FpnzFBnhlGEx6MtphFxqL4DNc7W7m5ZxP2L1dc391sPwdw9xxY~4534342~3158329; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 04:35:06 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01XDr43:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9ba_VM-ARN-01XDr43_7132-24711

connect.secure.wellsfargo.com/PIDO/pic.js?r=0.05585195599527393

23.36.79.24

200 OK

51 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/PIDO/pic.js?r=0.05585195599527393
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
51 kB (51138 bytes)
Hash
8f858a152681af647b1ffaca9a5645e3
7262f9d91bfcbf46e5c0cd3a8a907a5edf937ddd
949f5effbcba958126c1d0d30065389314e25ad6bcf6a116f94aa69776a444ce

HTTP Headers

GET /PIDO/pic.js?r=0.05585195599527393 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 51138
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sun, 05 Feb 2023 00:35:07 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=W8jWeSnVgsJgGBr%2fytMLRUQXiMoZ5d4E+hOjbmpqFuY%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:06 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

media-wellsfargo.nod-glb.nuance.com/media/launch/sdkChatLoader.min.js?codeVersion=1674015550273

8.39.193.5

200 OK

2.3 kB

URL HTTP/1.1
media-wellsfargo.nod-glb.nuance.com/media/launch/sdkChatLoader.min.js?codeVersion=1674015550273
IP
8.39.193.5:0
ASN
#54396 NUANCE-MOBILITY

File type
ASCII text, with very long lines (7108), with no line terminators
Size
2.3 kB (2292 bytes)
Hash
69248df2e4cd19badf361961108eec5e
86054d9394816797a159f91274bf9c97033a9024
4879bdd8f9d0bd0597e5df3170a4164ca2ca3aaab294b91dd49332db9d36f290

HTTP Headers

GET /media/launch/sdkChatLoader.min.js?codeVersion=1674015550273 HTTP/1.1
Host: media-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
ETag: "6Cu8yUJ1UkL"
Last-Modified: Wed, 18 Jan 2023 03:50:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/javascript
Content-Length: 2292
Date: Sun, 05 Feb 2023 00:35:07 GMT

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.8f9cf4ffa67837217dd4.chunk.js

23.36.79.24

200 OK

151 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.8f9cf4ffa67837217dd4.chunk.js
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
data
Size
151 kB (150779 bytes)
Hash
ae71fd5109f6e3d3b999ac7046747304
d3209b0a4d4a77e7fac8426406cfcedd637598aa
cd6668cfabe8dfc13422154b3772e4cab4adc2cf828af2a7c24a6226a0498416

HTTP Headers

GET /accounts/static/7M/accounts/public/js/wfui.8f9cf4ffa67837217dd4.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 310941
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-4be9d"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Sun, 05 Feb 2023 00:35:06 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=HuKG3skFItXTkIMcXxV8hMrP%2fyWj84b7e7+NLMOVJzE%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:05 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.10431191855408595

23.36.79.24

200 OK

149 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.10431191855408595
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
149 kB (149096 bytes)
Hash
ec14578361e030f4a98ee9c874675f59
eb9004b563e32370c62530afa225af1a3122e375
5beb6def40b299a3f6d7846865adcf0264fea2f2386877232d06fd9dda041274

HTTP Headers

GET /AIDO/mint.js?dt=login&r=0.10431191855408595 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 149096
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sun, 05 Feb 2023 00:35:07 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=9agZnZ1tlemDKR%2fXL92KiINRauQBh3ky6+uzNkRMbAo%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:06 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum

52.35.53.194

200 OK

35 B

URL HTTP/2
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP
52.35.53.194:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 15093
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 05 Feb 2023 00:35:07 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:55|g:46dfabd6-b26f-460d-9580-a076d78795c0; Path=/; Expires=Sun, 05-Feb-2023 00:35:37 GMT; Max-Age=30
ADRUM_BTa=R:55|g:46dfabd6-b26f-460d-9580-a076d78795c0|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e; Path=/; Expires=Sun, 05-Feb-2023 00:35:37 GMT; Max-Age=30
SameSite=None; Path=/; Expires=Sun, 05-Feb-2023 00:35:37 GMT; Max-Age=30; Secure
ADRUM_BT1=R:55|i:559461; Path=/; Expires=Sun, 05-Feb-2023 00:35:37 GMT; Max-Age=30
ADRUM_BT1=R:55|i:559461|e:4; Path=/; Expires=Sun, 05-Feb-2023 00:35:37 GMT; Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2

media-wellsfargo.nod-glb.nuance.com/media/launch/site_10006005_default_helper.js?codeVersion=1674015550273

8.39.193.5

200 OK

32 kB

URL HTTP/1.1
media-wellsfargo.nod-glb.nuance.com/media/launch/site_10006005_default_helper.js?codeVersion=1674015550273
IP
8.39.193.5:0
ASN
#54396 NUANCE-MOBILITY

File type
Unicode text, UTF-8 text, with very long lines (59866)
Size
32 kB (32436 bytes)
Hash
d37160d20ada9de097bfe1059ac0d098
f83084b91d72fa47ee334af8cdb6fcc2bb411426
71b1ae42106c2bf91f92ac35c1b310131c5623be24e748c4b6776b1f053dab7f

HTTP Headers

GET /media/launch/site_10006005_default_helper.js?codeVersion=1674015550273 HTTP/1.1
Host: media-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
ETag: "7xBH+KVvHIy"
Last-Modified: Wed, 18 Jan 2023 04:19:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/javascript
Transfer-Encoding: chunked
Date: Sun, 05 Feb 2023 00:35:07 GMT

www--wellsfargo--com--t249329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load

163.171.134.56

200 OK

265 B

URL HTTP/1.1
www--wellsfargo--com--t249329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
IP
163.171.134.56:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
265 B (265 bytes)
Hash
1424be9ba274aec1673a43bc702e7863
99348369083f63f9a0f744d55b6a15b38ba1b248
165624989f35dca857d3f6f38fdef0f1d5dd9ad2c3d354d775a3f9c372a6c2e9

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company

HTTP Headers

POST /dti_apg/api/imp/v1.0/report/?m&fq=load HTTP/1.1
Host: www--wellsfargo--com--t249329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/es/
content-type: text/plain;charset=UTF-8
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Content-Length: 1432
Connection: keep-alive
Cookie: utag_main=v_id:01861ee001c40096679d925caeb800050004600900918$_sn:2$_se:2$_ss:0$_st:1675559142870$ses_id:1675557341705%3Bexp-session$_pn:1%3Bexp-session; _cls_v=68f09d02-7677-4f89-aa45-7adac59db7bc; _gcl_au=1.1.61449811.1675555243; _ga=GA1.2.1468159124.1675555244; _gid=GA1.2.1252100629.1675555244; kndctr_1BAA15F354F731E60A4C98A4_AdobeOrg_identity=CiYyNjUzNjE2ODgzOTI3MjMzNTMyMDQzNjE1MTgzMTIxODgxNTIwM1IRCP_k_fbhMBABGAEqBElSTDHwAf_k_fbhMA==; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C26536168839272335320436151831218815203%7CMCAAMLH-1676162142%7C6%7CMCAAMB-1676162142%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCCIDH%7C651932546%7CMCOPTOUT-1675564542s%7CNONE%7CvVersion%7C5.2.0; __ts_xfdF3__=637501376; dti_apg=%7B%22_rt%22%3A%22DQxUANEzwEPL8Cmqujal1It0OMajtRnB12Yv3Smsjaw%3D%22%2C%22_s%22%3A%22RhsEEsg15SrPT2mguiZtmH7%2BF%2BOk6x2m1H0G9QKFr4gf%22%2C%22c%22%3A%22MThjVkhzazVJbEE2UklKRw%3D%3D3kogrVUWHs1IBXHnDVxC1Rn079UJnytcFJ4xYgvbJmd5CL6z2Ekuf3zV3G1KyNWRUu4BnuzkW98c-Yxxz4gt99ZK2pcE8C0iKaE%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A10000%2C%22fr%22%3A%221fmhktYu9kOr44NsYWwmKA%3D%3Doyr__co17kN1DMiFWbW5nW6bH0ygpDDL7L4cJWJ4ui_nM6__sv-gsgUR8G4sje1csrYPBEG7P1lgKhwGVRCqEYd6Whu7M0QRU2B-vzqWLkDyJbEdH-1eHpHQOLBJf5xD0ZWVctcndjpAn0BhcIBw7EI6bYzUM1cTxlG3uytJy07Guz5xbLOO86_t%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSY7Bum3HQH8Uo%3D%22%7D; _imp_di_pc_=AYfx3mMAAAAAiwdOqucr6tRLOyfjnJC6; ISD_WWWAF_COOKIE=!XaHyk24BrHTw9bpWmr5styL+atqHRwtbkYUJGUsohyJRxe3Fv5A3HPgNwVAkuUthwDMZn0o9dK34+A==; _cls_s=f30034f2-d307-4ef7-894c-4781c0f10128:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _gat_gtag_UA_107148943_1=1; ISD_WCM_COOKIE=!1KPCrkXMt+hRQxbXcg3V8rzrEPW+Gaozwacs63ad8I1JAniyCTd+ZDXP+QYcAr4bgPglkoHk/h52Y6g=; ndsid=ndsaj1po1egedhldqnkxgg; LSESSIONID=eyJpIjoiWXlkV1dWelhqUjRTMndkQWpNeHllUT09IiwiZSI6IllBT1VkN1lQd1EwK0RDQWNoS1R2WCtwUUwzWlFrdmUzejlCT2NUXC84bmVnczFsQ3llSTJJTHhvdit2TldydmU0SUE2MXBYOEFUNkN1amdpWHpvbldRNUFLazBOeGUrbXV0N1dFRmt0RzNVT1hcL2Nna3BIcnNRbjlNRlEwb01Sakc5ZGt0dDcxTytLRXVJU0M4cldwc0JBPT0ifQ%3D%3D.70f626a6d80c1cfc.MDAzZDQxOTA0ZGI0ZjNiMDA5ZmRjMDgwYjhkN2I2NTc3YTc5OWViNTAzNTY5YTk5MGNiMzA4ZDY4YzQ1MzcwYw%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 00:35:07 GMT
Content-Type: text/plain
Content-Length: 265
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=u%2fMLfbUheB1yUmuQay+LSbpUSASszZ2q1dUZtqv4waPaqV6fzgv1k1G2MGQ8lhzb; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:07 GMT;Httponly; Secure
_abck=725CABB53B8B31958606EC6873FF88BD~-1~YAAQjGpkX2/jwMKFAQAAkoX/Hgl1GJvQMcSCfcBP5hhj+1SN6WuiWZDbwqg3dhdehAgZ9LGLYqRxGQvkqjikqJahVwgjKniGGNgBFFlUO2l0K2i1saMl5fxYwmkdJkisTU2EJCn0hUskt5Kra+I9Jk1093od6Ox3lvzEqN/vtL0lvP3T03xENBO0W0BL1Dd4B3R3sl95UaH9EZb8gQSz3kU89zFpD6i8s1XzBdBqDzFIFsQGFuckmD3kEvVF/Rr6zTISEzjokGvFLaot9IhR34CjqDa2tmilz5hOu9F2DAFNERM6s8s0LKh8F1Gmsr+QfPguJwM2zVHFXnvQxiWwPg+HsqnXDkbjFW2Fhzd9bCWPi37Z/wsDy9gLiVwXDZQteA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 00:35:07 GMT; Max-Age=31536000; Secure
bm_sz=D0DFDBD7245C98FD10C9C29DDD8CF290~YAAQjGpkX3DjwMKFAQAAkoX/HhIS2iw78scS+4MdCinP/vlWNGzP5kpmENpibZ0oxLZhV4ScYf20b/i+Jkou+Jshmq1dGc8UdL2LVS4dsHQpyHWvxez35eKbLdpygsmOYaF3HN0ihbogBVcXY5Va21M08wOP9cJ8JlBKcMs9/MHPNQDwBn4KILgLJobIrkgA4eLq/YmgHvz9r3Em5gw+kTwRIP7csLU6E5X5H4cRXLZ5aVTdO7loHz5dIStTQ4Levta39dD+U/dA3O5eo8ee97FOvyRNyRVMbQBa8Zjx/FkiX/FzrtQv~4342082~3356217; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 04:35:07 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01XDr43:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63def9bb_VM-ARN-01XDr43_7132-24722

media-wellsfargo.nod-glb.nuance.com/media/launch/site_10006005_default_jssdk.js?codeVersion=1674015550273

8.39.193.5

200 OK

26 kB

URL HTTP/1.1
media-wellsfargo.nod-glb.nuance.com/media/launch/site_10006005_default_jssdk.js?codeVersion=1674015550273
IP
8.39.193.5:0
ASN
#54396 NUANCE-MOBILITY

File type
ASCII text, with very long lines (5905)
Size
26 kB (25928 bytes)
Hash
e29cf9b589cdfede37fe89e48b01fa3c
07b00bf2034a4047e44acfa6c0f91e768e888026
8a9e8fb783ee16760d24a6d5232b441a855565f66437eb696e0396ef950940b5

HTTP Headers

GET /media/launch/site_10006005_default_jssdk.js?codeVersion=1674015550273 HTTP/1.1
Host: media-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
ETag: "D0yACs/3act"
Last-Modified: Wed, 18 Jan 2023 04:19:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/javascript
Transfer-Encoding: chunked
Date: Sun, 05 Feb 2023 00:35:07 GMT

media-wellsfargo.nod-glb.nuance.com/media/launch/all_10006005.json?codeVersion=1674015550273

8.39.193.5

200 OK

139 kB

URL HTTP/1.1
media-wellsfargo.nod-glb.nuance.com/media/launch/all_10006005.json?codeVersion=1674015550273
IP
8.39.193.5:0
ASN
#54396 NUANCE-MOBILITY

File type
Unicode text, UTF-8 text, with very long lines (327)
Size
139 kB (138822 bytes)
Hash
94471e930ecccb9ab022d921c615ee85
ee117009fbdecde41694b5979e2483d29dcf9adc
004c8e06ea86947a1098505eb2eabfe6631907a7bfcdf74ab8d2e54d3dd8a158

HTTP Headers

GET /media/launch/all_10006005.json?codeVersion=1674015550273 HTTP/1.1
Host: media-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tag-wellsfargo.nod-glb.nuance.com
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
ETag: "9l+6MXWqmIf"
Last-Modified: Wed, 18 Jan 2023 04:19:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/json
Transfer-Encoding: chunked
Date: Sun, 05 Feb 2023 00:35:08 GMT

media-wellsfargo.nod-glb.nuance.com/media/launch/tcFramework_jssdk.min.js?codeVersion=1674015550273

8.39.193.5

200 OK

136 kB

URL HTTP/1.1
media-wellsfargo.nod-glb.nuance.com/media/launch/tcFramework_jssdk.min.js?codeVersion=1674015550273
IP
8.39.193.5:0
ASN
#54396 NUANCE-MOBILITY

File type
ASCII text, with very long lines (65536), with no line terminators
Size
136 kB (136175 bytes)
Hash
59e567c38c35acd8b88471a66cdc80a3
d0479127e1529468017258a6f4464d2ecdff445f
b166b99ff9c03efd887510e4aa8a8491e5bb9992da38c2af2c46b3cd3838448f

HTTP Headers

GET /media/launch/tcFramework_jssdk.min.js?codeVersion=1674015550273 HTTP/1.1
Host: media-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
ETag: "G5Y6vw0fr2n"
Last-Modified: Wed, 18 Jan 2023 03:50:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/javascript
Transfer-Encoding: chunked
Date: Sun, 05 Feb 2023 00:35:09 GMT

tag-wellsfargo.nod-glb.nuance.com/tagserver/postToServer.min.htm?siteID=10006005&codeVersion=1674015550273

8.39.193.5

200 OK

6.5 kB

URL HTTP/1.1
tag-wellsfargo.nod-glb.nuance.com/tagserver/postToServer.min.htm?siteID=10006005&codeVersion=1674015550273
IP
8.39.193.5:0
ASN
#54396 NUANCE-MOBILITY

File type
HTML document text\012- HTML document text\012- HTML document text\012- Java source text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (807)
Size
6.5 kB (6470 bytes)
Hash
92c92a14d7348502d53a96ffb124e505
541bcbda5db19216712a37552092329b09a6301e
9f86b1cce23c8debd8f30ae3d4284689d83fe289f2e006e623e62eb0f90cbf67

HTTP Headers

GET /tagserver/postToServer.min.htm?siteID=10006005&codeVersion=1674015550273 HTTP/1.1
Host: tag-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/tagserver/nuanceChat.html?UUID=WF_10006005
Cookie: inqVital_10006005=%7B%22INQ%22%3A%7B%22custID%22%3A%22-4312649783771889957%22%2C%22clntLag%22%3A-37859%7D%2C%22v%22%3A3%2C%22vcnt%22%3A18%2C%22vtime%22%3A1675555249587%2C%22_acid%22%3A%22-1%22%2C%22_ss%22%3A%22unsold%22%2C%22CHM%22%3A%7B%22lpt%22%3A0%2C%22lastChat%22%3A%7B%7D%2C%22lastCallId%22%3A0%7D%2C%22_is%22%3A1675555249579%2C%22_iID%22%3A%22-43126497837718899571%22%2C%22_ig%22%3A%22CHAT%22%7D; inqSession_10006005=%7B%22tzOf%22%3A28800000%2C%22auu%22%3A0%2C%22_svMs%22%3A-1%2C%22_aTyp%22%3A3%2C%22l%22%3A%5B%5D%2C%22m%22%3A0%2C%22n%22%3A0%2C%22o%22%3A0%2C%22r%22%3A0%2C%22s%22%3A0%2C%22st%22%3A0%2C%22v%22%3A0%2C%22ab%22%3A0%2C%22G%22%3A0%2C%22ss%22%3A0%2C%22T%22%3A0%2C%22U%22%3A0%2C%22ag%22%3A0%2C%22V%22%3A0%2C%22Va%22%3A0%2C%22cA%22%3A2%2C%22cB%22%3A1%2C%22af%22%3A-1%2C%22cnA%22%3A0%2C%22at%22%3A%22WFB-MessengerApp-S%22%2C%22as%22%3A1%2C%22Ac%22%3A0%2C%22sa%22%3A0%2C%22cHn%22%3A0%2C%22hdg%22%3A%22%22%2C%22bcs%22%3A0%2C%22to%22%3A0%2C%22stv%22%3A0%2C%22pi%22%3A%22null%22%2C%22St%22%3A0%2C%22odcr%22%3A0%2C%22scI%22%3A%220%22%2C%22lpb%22%3A0%2C%22ac%22%3A1%2C%22sDLT%22%3A%22%22%2C%22ay%22%3A0%2C%22aya%22%3A0%2C%22f%22%3A0%2C%22j%22%3A0%2C%22ahh%22%3A0%2C%22CDRC%22%3A0%2C%22CHM%22%3A%7B%22pmor%22%3Afalse%7D%2C%22_ssID%22%3A%22-43126497837718899571%22%2C%22rd%22%3A%22www--wellsfargo--com--v949329d%22%2C%22sest%22%3A%22%22%2C%22_sT%22%3A0%2C%22ltt%22%3A1675555249578%2C%22C2CM%22%3A%7B%7D%7D; inqState_10006005=%7B%22VA%22%3A%5B%5D%2C%22_loy%22%3A1%2C%22_ssQ%22%3A%5B%222023-02-05T00%3A00%3A49.571Z%22%5D%2C%22_slq%22%3A%5B%5D%2C%22_cct%22%3A0%2C%22_sqc%22%3A0%2C%22_slc%22%3A0%2C%22cfl%22%3A9223372036854776000%2C%22t%22%3A28800000%2C%22u%22%3A0%2C%22w%22%3A28800000%2C%22x%22%3A0%2C%22y%22%3A0%2C%22z%22%3A28800000%2C%22aa%22%3A0%2C%22A%22%3A28800000%2C%22LDM%22%3A%7B%22lh%22%3A%5B%7B%22id%22%3A-1%2C%22cg%22%3A%5B%5D%7D%5D%7D%2C%22CHM%22%3A%7B%7D%2C%22fst%22%3A1675555249571%2C%22lst%22%3A1675555249571%2C%22_ist%22%3A%22ELIGIBLE%22%2C%22_sesT%22%3A0%2C%22C2CM%22%3A%7B%7D%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: max-age=3600
P3P: policyref="http://tag-wellsfargo.nod-glb.nuance.com/w3c/p3p.xml", CP="NON DSP LAW CUR ADMi TAIi PSAi PSD TELi OUR SAMi IND
ETag: "AN7QOU24IDr"
Last-Modified: Wed, 18 Jan 2023 03:46:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Content-Length: 6470
Date: Sun, 05 Feb 2023 00:35:10 GMT

tag-wellsfargo.nod-glb.nuance.com/tagserver/init/isTrustedDomain

8.39.193.5

200 OK

0 B

URL HTTP/1.1
tag-wellsfargo.nod-glb.nuance.com/tagserver/init/isTrustedDomain
IP
8.39.193.5:0
ASN
#54396 NUANCE-MOBILITY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /tagserver/init/isTrustedDomain HTTP/1.1
Host: tag-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 70
Origin: https://tag-wellsfargo.nod-glb.nuance.com
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/tagserver/postToServer.min.htm?siteID=10006005&codeVersion=1674015550273
Cookie: inqVital_10006005=%7B%22INQ%22%3A%7B%22custID%22%3A%22-4312649783771889957%22%2C%22clntLag%22%3A-37859%7D%2C%22v%22%3A3%2C%22vcnt%22%3A18%2C%22vtime%22%3A1675555249587%2C%22_acid%22%3A%22-1%22%2C%22_ss%22%3A%22unsold%22%2C%22CHM%22%3A%7B%22lpt%22%3A0%2C%22lastChat%22%3A%7B%7D%2C%22lastCallId%22%3A0%7D%2C%22_is%22%3A1675555249579%2C%22_iID%22%3A%22-43126497837718899571%22%2C%22_ig%22%3A%22CHAT%22%7D; inqSession_10006005=%7B%22tzOf%22%3A28800000%2C%22auu%22%3A0%2C%22_svMs%22%3A-1%2C%22_aTyp%22%3A3%2C%22l%22%3A%5B%5D%2C%22m%22%3A0%2C%22n%22%3A0%2C%22o%22%3A0%2C%22r%22%3A0%2C%22s%22%3A0%2C%22st%22%3A0%2C%22v%22%3A0%2C%22ab%22%3A0%2C%22G%22%3A0%2C%22ss%22%3A0%2C%22T%22%3A0%2C%22U%22%3A0%2C%22ag%22%3A0%2C%22V%22%3A0%2C%22Va%22%3A0%2C%22cA%22%3A2%2C%22cB%22%3A1%2C%22af%22%3A-1%2C%22cnA%22%3A0%2C%22at%22%3A%22WFB-MessengerApp-S%22%2C%22as%22%3A1%2C%22Ac%22%3A0%2C%22sa%22%3A0%2C%22cHn%22%3A0%2C%22hdg%22%3A%22%22%2C%22bcs%22%3A0%2C%22to%22%3A0%2C%22stv%22%3A0%2C%22pi%22%3A%22null%22%2C%22St%22%3A0%2C%22odcr%22%3A0%2C%22scI%22%3A%220%22%2C%22lpb%22%3A0%2C%22ac%22%3A1%2C%22sDLT%22%3A%22%22%2C%22ay%22%3A0%2C%22aya%22%3A0%2C%22f%22%3A0%2C%22j%22%3A0%2C%22ahh%22%3A0%2C%22CDRC%22%3A0%2C%22CHM%22%3A%7B%22pmor%22%3Afalse%7D%2C%22_ssID%22%3A%22-43126497837718899571%22%2C%22rd%22%3A%22www--wellsfargo--com--v949329d%22%2C%22sest%22%3A%22%22%2C%22_sT%22%3A0%2C%22ltt%22%3A1675555249578%2C%22C2CM%22%3A%7B%7D%7D; inqState_10006005=%7B%22VA%22%3A%5B%5D%2C%22_loy%22%3A1%2C%22_ssQ%22%3A%5B%222023-02-05T00%3A00%3A49.571Z%22%5D%2C%22_slq%22%3A%5B%5D%2C%22_cct%22%3A0%2C%22_sqc%22%3A0%2C%22_slc%22%3A0%2C%22cfl%22%3A9223372036854776000%2C%22t%22%3A28800000%2C%22u%22%3A0%2C%22w%22%3A28800000%2C%22x%22%3A0%2C%22y%22%3A0%2C%22z%22%3A28800000%2C%22aa%22%3A0%2C%22A%22%3A28800000%2C%22LDM%22%3A%7B%22lh%22%3A%5B%7B%22id%22%3A-1%2C%22cg%22%3A%5B%5D%7D%5D%7D%2C%22CHM%22%3A%7B%7D%2C%22fst%22%3A1675555249571%2C%22lst%22%3A1675555249571%2C%22_ist%22%3A%22ELIGIBLE%22%2C%22_sesT%22%3A0%2C%22C2CM%22%3A%7B%7D%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://tag-wellsfargo.nod-glb.nuance.com
Vary: Origin
Access-Control-Allow-Credentials: true
P3P: policyref="http://tag-wellsfargo.nod-glb.nuance.com/w3c/p3p.xml", CP="NON DSP LAW CUR ADMi TAIi PSAi PSD TELi OUR SAMi IND
Content-Type: text/html; charset=utf-8
Content-Length: 0
Date: Sun, 05 Feb 2023 00:35:10 GMT

tag-wellsfargo.nod-glb.nuance.com/tagserver/init/initFramework

8.39.193.5

200 OK

212 B

URL HTTP/1.1
tag-wellsfargo.nod-glb.nuance.com/tagserver/init/initFramework
IP
8.39.193.5:0
ASN
#54396 NUANCE-MOBILITY

File type
JSON data\012- , ASCII text, with no line terminators
Size
212 B (212 bytes)
Hash
356cd7d040649a3149b3653a869e976f
52c188ea5cd7aabd528354934311856e1ab160ea
b84b5bca69de6b420e8015339b5da68b847f53ca1fe46afb53e3fd03c8515676

HTTP Headers

POST /tagserver/init/initFramework HTTP/1.1
Host: tag-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 181
Origin: https://tag-wellsfargo.nod-glb.nuance.com
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/tagserver/postToServer.min.htm?siteID=10006005&codeVersion=1674015550273
Cookie: inqVital_10006005=%7B%22INQ%22%3A%7B%22custID%22%3A%22-4312649783771889957%22%2C%22clntLag%22%3A-37859%7D%2C%22v%22%3A3%2C%22vcnt%22%3A18%2C%22vtime%22%3A1675555249587%2C%22_acid%22%3A%22-1%22%2C%22_ss%22%3A%22unsold%22%2C%22CHM%22%3A%7B%22lpt%22%3A0%2C%22lastChat%22%3A%7B%7D%2C%22lastCallId%22%3A0%7D%2C%22_is%22%3A1675555249579%2C%22_iID%22%3A%22-43126497837718899571%22%2C%22_ig%22%3A%22CHAT%22%7D; inqSession_10006005=%7B%22tzOf%22%3A28800000%2C%22auu%22%3A0%2C%22_svMs%22%3A-1%2C%22_aTyp%22%3A3%2C%22l%22%3A%5B%5D%2C%22m%22%3A0%2C%22n%22%3A0%2C%22o%22%3A0%2C%22r%22%3A0%2C%22s%22%3A0%2C%22st%22%3A0%2C%22v%22%3A0%2C%22ab%22%3A0%2C%22G%22%3A0%2C%22ss%22%3A0%2C%22T%22%3A0%2C%22U%22%3A0%2C%22ag%22%3A0%2C%22V%22%3A0%2C%22Va%22%3A0%2C%22cA%22%3A2%2C%22cB%22%3A1%2C%22af%22%3A-1%2C%22cnA%22%3A0%2C%22at%22%3A%22WFB-MessengerApp-S%22%2C%22as%22%3A1%2C%22Ac%22%3A0%2C%22sa%22%3A0%2C%22cHn%22%3A0%2C%22hdg%22%3A%22%22%2C%22bcs%22%3A0%2C%22to%22%3A0%2C%22stv%22%3A0%2C%22pi%22%3A%22null%22%2C%22St%22%3A0%2C%22odcr%22%3A0%2C%22scI%22%3A%220%22%2C%22lpb%22%3A0%2C%22ac%22%3A1%2C%22sDLT%22%3A%22%22%2C%22ay%22%3A0%2C%22aya%22%3A0%2C%22f%22%3A0%2C%22j%22%3A0%2C%22ahh%22%3A0%2C%22CDRC%22%3A0%2C%22CHM%22%3A%7B%22pmor%22%3Afalse%7D%2C%22_ssID%22%3A%22-43126497837718899571%22%2C%22rd%22%3A%22www--wellsfargo--com--v949329d%22%2C%22sest%22%3A%22%22%2C%22_sT%22%3A0%2C%22ltt%22%3A1675555249578%2C%22C2CM%22%3A%7B%7D%7D; inqState_10006005=%7B%22VA%22%3A%5B%5D%2C%22_loy%22%3A1%2C%22_ssQ%22%3A%5B%222023-02-05T00%3A00%3A49.571Z%22%5D%2C%22_slq%22%3A%5B%5D%2C%22_cct%22%3A0%2C%22_sqc%22%3A0%2C%22_slc%22%3A0%2C%22cfl%22%3A9223372036854776000%2C%22t%22%3A28800000%2C%22u%22%3A0%2C%22w%22%3A28800000%2C%22x%22%3A0%2C%22y%22%3A0%2C%22z%22%3A28800000%2C%22aa%22%3A0%2C%22A%22%3A28800000%2C%22LDM%22%3A%7B%22lh%22%3A%5B%7B%22id%22%3A-1%2C%22cg%22%3A%5B%5D%7D%5D%7D%2C%22CHM%22%3A%7B%7D%2C%22fst%22%3A1675555249571%2C%22lst%22%3A1675555249571%2C%22_ist%22%3A%22ELIGIBLE%22%2C%22_sesT%22%3A0%2C%22C2CM%22%3A%7B%7D%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://tag-wellsfargo.nod-glb.nuance.com
Vary: Origin
Access-Control-Allow-Credentials: true
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
P3P: policyref="http://tag-wellsfargo.nod-glb.nuance.com/w3c/p3p.xml", CP="NON DSP LAW CUR ADMi TAIi PSAi PSD TELi OUR SAMi IND
Content-Language: en-US
Content-Type: application/json; charset=UTF-8
Content-Length: 212
Date: Sun, 05 Feb 2023 00:35:10 GMT

media-wellsfargo.nod-glb.nuance.com/media/launch/ci/InqFrameworkService.js?codeVersion=1674015550273

8.39.193.5

200 OK

92 kB

URL HTTP/1.1
media-wellsfargo.nod-glb.nuance.com/media/launch/ci/InqFrameworkService.js?codeVersion=1674015550273
IP
8.39.193.5:0
ASN
#54396 NUANCE-MOBILITY

File type
Unicode text, UTF-8 text, with very long lines (39886), with NEL line terminators
Size
92 kB (92513 bytes)
Hash
4aa18006012fd1607c61ee057d338075
01e01b5ae8f170f65fb4cd56c1311ea65ec1da2f
7ffdb6e298ff49bd4f8f663cc10801a074e0ac55a6ae01ced74951dd385efeae

HTTP Headers

GET /media/launch/ci/InqFrameworkService.js?codeVersion=1674015550273 HTTP/1.1
Host: media-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
ETag: "66K7NpaQ3Wx"
Last-Modified: Wed, 18 Jan 2023 03:50:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: application/javascript
Transfer-Encoding: chunked
Date: Sun, 05 Feb 2023 00:35:10 GMT

tag-wellsfargo.nod-glb.nuance.com/tagserver/logging/logline

8.39.193.5

200 OK

43 B

URL HTTP/1.1
tag-wellsfargo.nod-glb.nuance.com/tagserver/logging/logline
IP
8.39.193.5:0
ASN
#54396 NUANCE-MOBILITY

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
07fff40b5dd495aca2ac4e1c3fbc60aa
e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

HTTP Headers

POST /tagserver/logging/logline HTTP/1.1
Host: tag-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 259
Origin: https://tag-wellsfargo.nod-glb.nuance.com
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/tagserver/postToServer.min.htm?siteID=10006005&codeVersion=1674015550273
Cookie: inqVital_10006005=%7B%22INQ%22%3A%7B%22custID%22%3A%22-4312649783771889957%22%2C%22clntLag%22%3A-37971%7D%2C%22v%22%3A3%2C%22vcnt%22%3A0%2C%22vtime%22%3A1675557348637%2C%22_acid%22%3A%22-1%22%2C%22_ss%22%3A%22unsold%22%2C%22CHM%22%3A%7B%22lpt%22%3A0%2C%22lastChat%22%3A%7B%7D%2C%22lastCallId%22%3A0%7D%2C%22_is%22%3A1675555249579%2C%22_iID%22%3A%22-43126497837718899571%22%2C%22_ig%22%3A%22CHAT%22%7D; inqSession_10006005=%7B%22tzOf%22%3A28800000%2C%22auu%22%3A0%2C%22_svMs%22%3A-1%2C%22_aTyp%22%3A3%2C%22l%22%3A%5B%5D%2C%22m%22%3A0%2C%22n%22%3A0%2C%22o%22%3A0%2C%22r%22%3A0%2C%22s%22%3A0%2C%22st%22%3A0%2C%22v%22%3A0%2C%22ab%22%3A0%2C%22G%22%3A0%2C%22ss%22%3A0%2C%22T%22%3A0%2C%22U%22%3A0%2C%22ag%22%3A0%2C%22V%22%3A0%2C%22Va%22%3A0%2C%22cA%22%3A2%2C%22cB%22%3A1%2C%22af%22%3A-1%2C%22cnA%22%3A0%2C%22at%22%3A%22WFB-MessengerApp-S%22%2C%22as%22%3A1%2C%22Ac%22%3A0%2C%22sa%22%3A0%2C%22cHn%22%3A0%2C%22hdg%22%3A%22%22%2C%22bcs%22%3A0%2C%22to%22%3A0%2C%22stv%22%3A0%2C%22pi%22%3A%22null%22%2C%22St%22%3A0%2C%22odcr%22%3A0%2C%22scI%22%3A%220%22%2C%22lpb%22%3A0%2C%22ac%22%3A1%2C%22sDLT%22%3A%22%22%2C%22ay%22%3A0%2C%22aya%22%3A0%2C%22f%22%3A0%2C%22j%22%3A0%2C%22ahh%22%3A0%2C%22CDRC%22%3A0%2C%22CHM%22%3A%7B%22pmor%22%3Afalse%7D%2C%22_ssID%22%3A%22-43126497837718899571%22%2C%22rd%22%3A%22www--wellsfargo--com--v949329d%22%2C%22sest%22%3A%22%22%2C%22_sT%22%3A0%2C%22ltt%22%3A1675555249578%2C%22C2CM%22%3A%7B%7D%7D; inqState_10006005=%7B%22VA%22%3A%5B%5D%2C%22_loy%22%3A1%2C%22_ssQ%22%3A%5B%222023-02-05T00%3A00%3A49.571Z%22%5D%2C%22_slq%22%3A%5B%5D%2C%22_cct%22%3A0%2C%22_sqc%22%3A0%2C%22_slc%22%3A0%2C%22cfl%22%3A9223372036854776000%2C%22t%22%3A28800000%2C%22u%22%3A0%2C%22w%22%3A28800000%2C%22x%22%3A0%2C%22y%22%3A0%2C%22z%22%3A28800000%2C%22aa%22%3A0%2C%22A%22%3A28800000%2C%22LDM%22%3A%7B%22lh%22%3A%5B%7B%22id%22%3A-1%2C%22cg%22%3A%5B%5D%7D%5D%7D%2C%22CHM%22%3A%7B%7D%2C%22fst%22%3A1675555249571%2C%22lst%22%3A1675555249571%2C%22_ist%22%3A%22ELIGIBLE%22%2C%22_sesT%22%3A0%2C%22C2CM%22%3A%7B%7D%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://tag-wellsfargo.nod-glb.nuance.com
Vary: Origin
Access-Control-Allow-Credentials: true
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
P3P: policyref="http://tag-wellsfargo.nod-glb.nuance.com/w3c/p3p.xml", CP="NON DSP LAW CUR ADMi TAIi PSAi PSD TELi OUR SAMi IND
Access-Control-Allow-Headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Authorization, Cookie, Content-Length, Content-Type, content-type, Depth, User-Agent, X-Requested-With, X-Protection-Id
Access-Control-Allow-Methods: OPTIONS, POST, GET
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43
Date: Sun, 05 Feb 2023 00:35:10 GMT

tag-wellsfargo.nod-glb.nuance.com/tagserver/incrementality/onEvent

8.39.193.5

200 OK

0 B

URL HTTP/1.1
tag-wellsfargo.nod-glb.nuance.com/tagserver/incrementality/onEvent
IP
8.39.193.5:0
ASN
#54396 NUANCE-MOBILITY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /tagserver/incrementality/onEvent HTTP/1.1
Host: tag-wellsfargo.nod-glb.nuance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 339
Origin: https://tag-wellsfargo.nod-glb.nuance.com
Connection: keep-alive
Referer: https://tag-wellsfargo.nod-glb.nuance.com/tagserver/postToServer.min.htm?siteID=10006005&codeVersion=1674015550273
Cookie: inqVital_10006005=%7B%22INQ%22%3A%7B%22custID%22%3A%22-4312649783771889957%22%2C%22clntLag%22%3A-37971%7D%2C%22v%22%3A3%2C%22vcnt%22%3A10%2C%22vtime%22%3A1675557348798%2C%22_acid%22%3A%22-1%22%2C%22_ss%22%3A%22unsold%22%2C%22CHM%22%3A%7B%22lpt%22%3A0%2C%22lastChat%22%3A%7B%7D%2C%22lastCallId%22%3A0%7D%2C%22_is%22%3A1675557348791%2C%22_iID%22%3A%22-43126497837718899571%22%2C%22_ig%22%3A%22CHAT%22%7D; inqSession_10006005=%7B%22ay%22%3A0%2C%22aya%22%3A0%2C%22f%22%3A0%2C%22j%22%3A0%2C%22ahh%22%3A0%2C%22CDRC%22%3A0%2C%22_svMs%22%3A-1%2C%22_aTyp%22%3A3%2C%22m%22%3A0%2C%22n%22%3A0%2C%22o%22%3A0%2C%22r%22%3A0%2C%22s%22%3A0%2C%22st%22%3A0%2C%22v%22%3A0%2C%22ab%22%3A0%2C%22G%22%3A0%2C%22ss%22%3A0%2C%22T%22%3A0%2C%22U%22%3A0%2C%22ag%22%3A0%2C%22V%22%3A0%2C%22Va%22%3A0%2C%22cA%22%3A1%2C%22cB%22%3A2%2C%22af%22%3A-1%2C%22cnA%22%3A0%2C%22at%22%3A%22WFB-MessengerApp-S%22%2C%22as%22%3A1%2C%22Ac%22%3A0%2C%22sa%22%3A0%2C%22cHn%22%3A0%2C%22hdg%22%3A%22%22%2C%22bcs%22%3A0%2C%22to%22%3A0%2C%22stv%22%3A0%2C%22pi%22%3A%22null%22%2C%22St%22%3A0%2C%22odcr%22%3A0%2C%22scI%22%3A%220%22%2C%22lpb%22%3A0%2C%22ac%22%3A1%2C%22sDLT%22%3A%22%22%2C%22pcID%22%3A%7B%7D%2C%22tzOf%22%3A0%2C%22C2CM%22%3A%7B%7D%2C%22CHM%22%3A%7B%22pmor%22%3Afalse%7D%2C%22auu%22%3A0%2C%22chat%22%3A%7B%7D%2C%22_ssID%22%3A%22-43126497837718899572%22%2C%22rd%22%3A%22www--wellsfargo--com--t249329d%22%2C%22sest%22%3A%22%22%2C%22_sT%22%3A0%2C%22ltt%22%3A1675557348791%7D; inqState_10006005=%7B%22VA%22%3A%5B%5D%2C%22_loy%22%3A2%2C%22_ssQ%22%3A%5B%222023-02-05T00%3A35%3A48.782Z%22%2C%222023-02-05T00%3A00%3A49.571Z%22%5D%2C%22_slq%22%3A%5B%5D%2C%22_cct%22%3A0%2C%22_sqc%22%3A0%2C%22_slc%22%3A0%2C%22cfl%22%3A9223372036854776000%2C%22t%22%3A28800000%2C%22u%22%3A0%2C%22w%22%3A28800000%2C%22x%22%3A0%2C%22y%22%3A0%2C%22z%22%3A28800000%2C%22aa%22%3A0%2C%22A%22%3A28800000%2C%22LDM%22%3A%7B%22lh%22%3A%5B%7B%22id%22%3A-1%2C%22cg%22%3A%5B%5D%7D%2C%7B%22id%22%3A-1%2C%22cg%22%3A%5B%5D%7D%5D%7D%2C%22CHM%22%3A%7B%7D%2C%22fst%22%3A1675555249571%2C%22lst%22%3A1675557348782%2C%22_ist%22%3A%22ELIGIBLE%22%2C%22_sesT%22%3A0%2C%22C2CM%22%3A%7B%7D%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: TouchCommerce Server
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://tag-wellsfargo.nod-glb.nuance.com
Vary: Origin
Access-Control-Allow-Credentials: true
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
P3P: policyref="http://tag-wellsfargo.nod-glb.nuance.com/w3c/p3p.xml", CP="NON DSP LAW CUR ADMi TAIi PSAi PSD TELi OUR SAMi IND
Content-Language: en-US
Content-Type: application/json; charset=UTF-8
Content-Length: 0
Date: Sun, 05 Feb 2023 00:35:11 GMT

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6202 bytes)
Hash
251f1a5d671fb797fb98e9a71754c341
335425603d9eec146a3c03422dbca91134272e53
74932f07561287e33302aabcf9c639e9df7ae0fbc4bf71f5467310aabafea208

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 6202
x-amzn-requestid: 01b85fcd-69a0-49da-8640-32a3ef19378a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bUFEJoAMFapg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c48-14817e717361e09170714e9d;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1_1mEN4j5cciWEiimz4PRjx3PNGnrSRib9oEJAdYLrrtyjqnz_zvcQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 11:30:27 GMT
age: 47084
etag: "335425603d9eec146a3c03422dbca91134272e53"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.c4eb3419682ffa818284.chunk.js

23.36.79.24

200 OK

0 B

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.c4eb3419682ffa818284.chunk.js
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /accounts/static/7M/accounts/public/js/main.c4eb3419682ffa818284.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 299256
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-490f8"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Sun, 05 Feb 2023 00:35:06 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=MKiDQGJa5Aq+wEt1rgsGQpKy+5+kaKf7grJ3yaHivvU%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:05 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.c8097827d58cdc727a2c.chunk.js

23.36.79.24

200 OK

0 B

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.c8097827d58cdc727a2c.chunk.js
IP
23.36.79.24:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /accounts/static/7M/accounts/public/js/vendor.c8097827d58cdc727a2c.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--t249329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 365187
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-59283"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Sun, 05 Feb 2023 00:35:06 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=99PNZalV2Wdq%2fsBFGiMTr7LzFzeJXcnYvnTzbTrL9Iw%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 00:50:05 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (40)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML