Report - www--wellsfargo--com--5w49329d48d6c.wsipv6.com/

Report Overview

Submitted URL
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
IP
163.171.131.129
ASN
#54994 QUANTILNETWORKS
Submitted
2022-12-04 17:16:50
Access
Website Title
Final URL
Tags
None
urlquery detections
Phishing - Wells Fargo

Detections

urlquery
18
Network Intrusion Detection
0
Threat Detection Systems
100

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	4.4 kB	23.36.77.32
www17.wellsfargomedia.com	76964	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	14 kB	486 kB	104.110.27.78
rubicon.wellsfargo.com	11786	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	2.9 kB	95.101.10.203
www.facebook.com	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	591 B	349 B	31.13.72.36
googleads.g.doubleclick.net	42	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	873 B	1.4 kB	142.250.74.66
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
ocsp.dcocsp.cn	33518	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	338 B	1.1 kB	79.133.177.228
www--wellsfargo--com--5w49329d48d6c.wsipv6.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	79 kB	560 kB	163.171.131.129
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.89.136.7
wellsfargobankna.demdex.net	10546	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	562 B	1.2 kB	54.217.130.182
connect.secure.wellsfargo.com	11812	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	7.9 kB	1.1 MB	95.101.10.194
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	7.7 kB	216.58.211.3
pdx-col.eum-appdynamics.com	4816	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	1.8 kB	44.239.15.23
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	680 B	1.9 kB	104.18.32.68
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	1.9 kB	142.250.74.14
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	859 B	757 B	142.250.74.163
adservice.google.no	96969	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	745 B	1.1 kB	142.250.74.130
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.1 kB	7.1 kB	93.184.220.29
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
static.wellsfargo.com	12306	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.5 kB	451 kB	95.101.10.152
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	61 kB	34.120.237.76
dpm.demdex.net	204	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	2.3 kB	34.243.172.78

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Wells Fargo & Company

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	Phishing
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js	Phishing
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js	Phishing
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B	Phishing
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single	Phishing
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B	Phishing
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/target/offers/conversations	Phishing
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js	Phishing
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B	Phishing
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B	Phishing
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA	Phishing
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/as/jsLog	Phishing
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/as/target/offers/dispositions	Phishing
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/as/target/offers/dispositions	Phishing
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/as/target/offers/dispositions	Phishing
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/as/target/offers/dispositions	Phishing
2022-12-04	medium	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (30)

	URL	Size	First Seen	Last Seen
	connect.secure.wellsfargo.com/auth/static/prefs/atadun.js	1.2 kB	2023-03-07	2024-04-19
Pretty URL connect.secure.wellsfargo.com/auth/static/prefs/atadun.js IP 95.101.10.194 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-19 19:43:46 Times Seen4753 Hash 566dda94252f1860a7a28665c715b530 6aa0455dc8ea41441b1f3a733985758dc40af736 43dd833f33570535401d009e6b6f9cde54bdac4e210fc6c89cfdcfcbaa9fc903 Loading...

	connect.secure.wellsfargo.com/AIDO/glu.js	69 kB	2023-03-08	2023-03-08
Pretty URL connect.secure.wellsfargo.com/AIDO/glu.js IP 95.101.10.194 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:12:58 Last Seen2023-03-08 16:12:58 Times Seen1 Hash 9c953d57b58cded843bc98ab4abb2554 ebf052061dfb843f0e14faf3de46ee8391c10559 2801253d4909e8cbb9acd197ae6b7e695206eb72bb09a9159aab83185441b49e Loading...

	static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js	32 kB	2023-03-07	2023-11-04
Pretty URL static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2023-11-04 00:29:39 Times Seen29 Hash 162100f507af8b50f1406bf3fc405ce5 cf0a2bf9b914710962e0dd7899b93ba5ceb5134d e9a598a5cc23c24a8ecc364ed7413961e416f5e9ec3df513ad9a12cda625a279 Loading...

	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	252 B	2023-03-07	2024-04-24
Pretty URL www--wellsfargo--com--5w49329d48d6c.wsipv6.com/ IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-24 01:46:25 Times Seen2499 Hash 4f6526fc5cfbf8f77c674e5cb40c36d6 94bb860d263ab388eea733a7a0e7fc00717d0637 06249a30772721e1f681be4a0d74c05a58b36a266c273eafdbe86ebcca83aabc Loading...

	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	114 B	2023-03-08	2023-04-13
Pretty URL www--wellsfargo--com--5w49329d48d6c.wsipv6.com/ IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:59:53 Last Seen2023-04-13 08:50:12 Times Seen270 Hash 365ddb72c37cebb912aa0592fee6d67b 4db151969054fda826b478c23c47ca594d1aefdf 3ee0b2776fac2745ea071d2476528f6190f67abe0491ce74aedbb02f2bd7e0b6 Loading...

	static.wellsfargo.com/tracking/hp/utag.js	205 kB	2023-03-08	2023-03-13
Pretty URL static.wellsfargo.com/tracking/hp/utag.js IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:19:07 Last Seen2023-03-13 03:25:42 Times Seen1 Hash c49f02d7e266f43a86d049fb03ec2e84 81f75202544d483a0ec714ddf4d90470c09f4a72 a1c2d9ec5a1e85656556a423d105950bf1ba6c71324ba02fa3b3358f1cb4bd65 Loading...

	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AICOFN6EAQAAxI3ksSFgO61iMb-_K2lwXK8IeYWjWZmZHLRJVAXdDEhhp3kN&X-G2Q3kxs3--z=q	267 kB	2023-03-08	2023-03-08
Pretty URL www--wellsfargo--com--5w49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AICOFN6EAQAAxI3ksSFgO61iMb-_K2lwXK8IeYWjWZmZHLRJVAXdDEhhp3kN&X-G2Q3kxs3--z=q IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:12:23 Last Seen2023-03-08 16:13:17 Times Seen1 Hash 9aaff31f7a7fefccebfc2eb1ee5f82d9 50ab2375150a072610b0ec41086a9b19fb379bea 5d024d1f359131763927d2c651b8ee84a1eecd076dd7c1342a5b9828ba8fb256 Loading...

	static.wellsfargo.com/tracking/ga/ga.js	49 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/tracking/ga/ga.js IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-08 03:26:09 Times Seen4882 Hash 8402e9ebdf9290c018b0617018227681 2d840fcd6c3008d9aca747ba0ce056b496db8e1b 0b2af045acafbdf14516bf55f310568036ace959946d16edb1acebcd58029d22 Loading...

	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	199 B	2023-03-07	2024-03-28
Pretty URL www--wellsfargo--com--5w49329d48d6c.wsipv6.com/ IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-03-28 17:41:48 Times Seen2469 Hash e086f28166bf73bc94e3cd49222ba6b3 e672fcd875785616f34372b6dd2a8245edbd0ca6 268683f78bf540a4628d352b35364a4405e8f1693eaee6a34e081045b1f95e54 Loading...

	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	691 B	2023-03-07	2024-03-28
Pretty URL www--wellsfargo--com--5w49329d48d6c.wsipv6.com/ IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-03-28 17:41:49 Times Seen2441 Hash 48aed8d68c7d2fffc25f5635f592d555 910339ea378c481f21efced8b39c292816bc2fbd 54900b733cd406a3d2232358c17db394d9c2b5118167fbdf4f769a105635a6e2 Loading...

	static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js	45 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-08 03:26:09 Times Seen4864 Hash 5f310e2e2a558d76b916e137aee73462 c7ff0190c9c2c414321211f3863e9e27f32b713e 385196f0fce7cea80c2c99d971780ecb73df9dea6e5b2d95d19df3aa849c7b1f Loading...

	connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js	1.2 kB	2023-03-08	2023-03-11
Pretty URL connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js IP 95.101.10.194 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:30:44 Last Seen2023-03-11 23:20:27 Times Seen1 Hash fa823dda3487ea3a417d3ad5b50d3935 ad04532540057015fc7be77347fbf87667b21d00 f54c913d6ddcd3045d36cc3ea868b9c0bb3a76afd37675cbd60c7825c7a4c8a5 Loading...

	connect.secure.wellsfargo.com/jenny/nd	52 kB	2023-03-08	2023-03-08
Pretty URL connect.secure.wellsfargo.com/jenny/nd IP 95.101.10.194 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:12:23 Last Seen2023-03-08 16:14:18 Times Seen1 Hash 2c44a5b3c83ab7fc2938ff8df57dabdc 490d6d4796586090c71b110caa97ad4743523639 aae9746d485abbc1e350b3a88d8326f8b6ee8e58e6bfcac72f1c680aedd52efa Loading...

	connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.9818382768225052	88 kB	2023-03-08	2023-03-08
Pretty URL connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.9818382768225052 IP 95.101.10.194 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:12:58 Last Seen2023-03-08 16:12:58 Times Seen1 Hash ec76089b24440362f92844e40a9f1fc1 097e03cd3fdfab7b7190ae5a245e6d33550e9223 ca918e0e4146703ac28ce1516b8a3ba811603097b101684fd2aca40970f4ca25 Loading...

	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single	11 kB	2023-03-08	2023-03-08
Pretty URL www--wellsfargo--com--5w49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:12:58 Last Seen2023-03-08 16:12:58 Times Seen1 Hash de8686608a61beead5030451ce426471 ef1d6cb303551d579ee903903fa997f8313f545e cde8069eaec2a4855f18c162f53e5fb2aa59ac3be6d4a3e80413dc47c856f12b Loading...

	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	126 B	2023-03-07	2024-03-28
Pretty URL www--wellsfargo--com--5w49329d48d6c.wsipv6.com/ IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-03-28 17:41:49 Times Seen2471 Hash f1b0375ca8995f583d4f31df97c9e172 d901e5604947f5b57d3bda7a78e92cdcef0439ec a6117a82be9fcdf7e808ce5f2a8b37a4b0dc1dd7052feb6088fc72f32503343d Loading...

	connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js	273 kB	2023-03-08	2023-03-08
Pretty URL connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js IP 95.101.10.194 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:12:58 Last Seen2023-03-08 16:12:58 Times Seen1 Hash b2e838481e1dfeffa83fdb28c9978258 6141f9021abb33bb1f8ef29f2a52ef628699ee24 6dfac47f4e8d643d10132cc331d993f65957b7a1474869113b0f5271ec113646 Loading...

	static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js	48 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-08 03:26:09 Times Seen4875 Hash aeccb854b0a76aa9f478e466c8011b29 625d31cbeb8978cf2419f58d14bba92a42dbb45c 7f0d10bc282c3d7b0eb4d7527303490f8d3b86a1c65e293c2d9f0793006441e6 Loading...

	static.wellsfargo.com/tracking/ga/ec.js	2.8 kB	2023-03-07	2024-03-28
Pretty URL static.wellsfargo.com/tracking/ga/ec.js IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-03-28 17:41:50 Times Seen4661 Hash 0ae62a83927125e9b9dfa97f89af9d3f efb68f49f2b9b6b5567bf26a17015ede289e429d 618688d9849fef712931832c71e01be145d1791d6da917a702ab86a74ce66089 Loading...

	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js	178 kB	2023-03-08	2023-03-13
Pretty URL www--wellsfargo--com--5w49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:30:43 Last Seen2023-03-13 04:06:15 Times Seen1 Hash 5deb588f332291b049ed619e01eb17c1 ce55c2177032ae9964c44587fa759db84102c5be d4ab81c8c717357adca76eef77d6218877c7d039c250c4b6000cce994010e51b Loading...

	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B	196 kB	2023-03-08	2023-04-11
Pretty URL www--wellsfargo--com--5w49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:36:00 Last Seen2023-04-11 09:08:30 Times Seen4 Hash 04a155af57d30ccddf08bd3cf302f078 dfbd480be1295fd57c4bd470c57c84ae76c3349e 6a9384bc8a102c2a5028d05506f54d1f56ebee75b1642fdf2e053dc8d8bc924d Loading...

	static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js	2.0 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-08 03:26:08 Times Seen4778 Hash e7cf4c458b327ab7ed31e0936ccd404f 970bf05073f91ad6b8f21521f7c9886f71f2af1d 52b687a685d2239142be0db5335c5710951ba8c2b39a44431a40f156b4d9312d Loading...

	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	389 B	2023-03-08	2023-03-08
Pretty URL www--wellsfargo--com--5w49329d48d6c.wsipv6.com/ IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:12:58 Last Seen2023-03-08 16:12:58 Times Seen1 Hash 177534eed57eb5664b3513ae30709d67 11e473a9a92e482b994a2aaee0776f760802f67c c6763fe725def193d0dbba29e067719a36db6faebf5c53643e0ebd6559d400a0 Loading...

	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js	56 kB	2023-03-08	2023-03-13
Pretty URL www--wellsfargo--com--5w49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:30:44 Last Seen2023-03-13 04:06:15 Times Seen1 Hash 69d78e2cf9a8928376449948d17e716e 32495fc43cfe023a0441b5ac991168db0de39a98 f9dd179ea0ec98ffe4c687564c30584fe4ef8fcdf03347d8f3657eee6958c61b Loading...

	static.wellsfargo.com/tracking/gb/detector-dom.min.js	440 kB	2023-03-08	2023-04-13
Pretty URL static.wellsfargo.com/tracking/gb/detector-dom.min.js IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:19:07 Last Seen2023-04-13 08:50:50 Times Seen267 Hash d980391562cb88335867228eb62355e0 ee7af0c08ee43ff66f6bba09c08852f7b3859a42 313c07f6e4facc5730db27563c4aeaad1a86126333d448e47c7b29adb1f806fd Loading...

	static.wellsfargo.com/tracking/ga/ga_conversion_async.js	36 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/tracking/ga/ga_conversion_async.js IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-08 03:26:09 Times Seen4900 Hash 0a40602db7616a31c9da4548ee920190 878e01cb0c90cb247aabc137327655a6fcffcbd5 6c771bd1c269646a76015f2f6410a40c031e5adea88f665bfe9ae15a972ab6ab Loading...

	connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEByaUxnbFZsVzFDNmhES1prSUdxVHlHTHY5bmE3eGJ5Zk1UT0NQRXFVSFlWU3ptSmI5SUhyTFpLOFdyM1ltOHBFdWpPRytic2pQNGxrRW9UcDNYaWp6aVdJdUliZ2dXTkdXUmRob2g4aS8wYnZkZ0d2ZDJzWTNoSUZBdnBWOHV3aC9yTm1xZS9LOFRsZisxelRiRVM4M2NEL21BVUgzR2g2MG0wUmhoNkxYYTZGeWZQZkE1ay9iTlVzTytoWXFYSEFWdnRnNFg2U1FacFBxMFBqOW5CSUoyclArZzVKZ1I1OWZFemhoU3JzZkFibE1tcFJaUnFGdW03Q2ttTFhYUVQrZXJKUmhuOXZRQVF6WmhNYmsrbjJ1YzZNakIweUN3d2k2N2ZqbVpzPXw1NzlhNDMwYWVkZDYwZjk4ZmY3ZjQ3YWE4NTlhZTgyYjEyZmQ4MDU5MDIxNGI4ZTMzMTMyMmZjYWIxNjI3ZTFhNzc0OGYxZjFhMDFhYjI5ZThmODI4MzFjMzRhMDMyNDQ0ODVmMjM3NGNkYjA1Njk5Yzg0NzBkODNhMDI2NjY2MGUxYWU3YjZkYTc2ZGEzNjYyMzY5ZDYxNTIwYjBiZTkyZjcyODNkOWYyOTNlMzY5ZThlOTJlODQxN2ZmMmFmMWQ1OGE4YjY2NjQ1NmMzNDU3MDg5N2NjZGI2NjljMWY4YWZjOTg5ODAwM2E4N2QyMzBmYzUyZDcxMDczNWU0NGQzN2YwNjIxYzhhYmQwN2EwNWUwMWJkOTFmMzU5MzQ4YzlmMjgyNzg5YzUzZDNlOWMwZTQxZjhkYzQwZTM4NDYxYjk2YjE4ODVkYjY4ODNiNDUxMzkxMzU2OGM2ZDBlMTNiY2FjM2ZiMjdiYzg3MjBjMjc0NmU2MWUxZjcyMTEyMjVlZTZmY2NmOWI3NDg5MmQ5M2U1YmNlNDBlYzQ4OGQ0NTA3YTI1Zjc1YmQwZWJiODRlZjU0OTNjYjg3Mzg1NzU5YWVkMThkNTM0MTQ4MzViMWI2MmQzZDE4MTRiYzExYTFhZmQ2Y2MxZWRlOTY0YWVlNWU3MzliYTkyMDAxMDcxM3wwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com&t=jsonp&c=t__w_qdpu_aqxsta&eu=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F	90 B	2023-03-08	2023-03-08
Pretty URL connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEByaUxnbFZsVzFDNmhES1prSUdxVHlHTHY5bmE3eGJ5Zk1UT0NQRXFVSFlWU3ptSmI5SUhyTFpLOFdyM1ltOHBFdWpPRytic2pQNGxrRW9UcDNYaWp6aVdJdUliZ2dXTkdXUmRob2g4aS8wYnZkZ0d2ZDJzWTNoSUZBdnBWOHV3aC9yTm1xZS9LOFRsZisxelRiRVM4M2NEL21BVUgzR2g2MG0wUmhoNkxYYTZGeWZQZkE1ay9iTlVzTytoWXFYSEFWdnRnNFg2U1FacFBxMFBqOW5CSUoyclArZzVKZ1I1OWZFemhoU3JzZkFibE1tcFJaUnFGdW03Q2ttTFhYUVQrZXJKUmhuOXZRQVF6WmhNYmsrbjJ1YzZNakIweUN3d2k2N2ZqbVpzPXw1NzlhNDMwYWVkZDYwZjk4ZmY3ZjQ3YWE4NTlhZTgyYjEyZmQ4MDU5MDIxNGI4ZTMzMTMyMmZjYWIxNjI3ZTFhNzc0OGYxZjFhMDFhYjI5ZThmODI4MzFjMzRhMDMyNDQ0ODVmMjM3NGNkYjA1Njk5Yzg0NzBkODNhMDI2NjY2MGUxYWU3YjZkYTc2ZGEzNjYyMzY5ZDYxNTIwYjBiZTkyZjcyODNkOWYyOTNlMzY5ZThlOTJlODQxN2ZmMmFmMWQ1OGE4YjY2NjQ1NmMzNDU3MDg5N2NjZGI2NjljMWY4YWZjOTg5ODAwM2E4N2QyMzBmYzUyZDcxMDczNWU0NGQzN2YwNjIxYzhhYmQwN2EwNWUwMWJkOTFmMzU5MzQ4YzlmMjgyNzg5YzUzZDNlOWMwZTQxZjhkYzQwZTM4NDYxYjk2YjE4ODVkYjY4ODNiNDUxMzkxMzU2OGM2ZDBlMTNiY2FjM2ZiMjdiYzg3MjBjMjc0NmU2MWUxZjcyMTEyMjVlZTZmY2NmOWI3NDg5MmQ5M2U1YmNlNDBlYzQ4OGQ0NTA3YTI1Zjc1YmQwZWJiODRlZjU0OTNjYjg3Mzg1NzU5YWVkMThkNTM0MTQ4MzViMWI2MmQzZDE4MTRiYzExYTFhZmQ2Y2MxZWRlOTY0YWVlNWU3MzliYTkyMDAxMDcxM3wwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com&t=jsonp&c=t__w_qdpu_aqxsta&eu=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F IP 95.101.10.194 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:12:58 Last Seen2023-03-08 16:12:58 Times Seen1 Hash 5c7531a6cb31bbf6f3718d27d25413dc cd6d17dffeca6d4c566447da81973ee570188bcc 3b9211cc5022f2e4c627afefb89b5e105f203911845bec120c7083cea89b3ef2 Loading...

	static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1	117 kB	2023-03-07	2023-03-26
Pretty URL static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1 IP 95.101.10.152 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2023-03-26 09:22:04 Times Seen2 Hash 17324c64926790e7068528ee285677e0 5f7c9d7694dfa9e92d5ae871cb0ea0cc5b4776c3 79f666407709e82d49c80fc330a5a34952fc56f30de257ccc3ae432d87c6fedc Loading...

	www--wellsfargo--com--5w49329d48d6c.wsipv6.com/	306 B	2023-03-07	2023-04-05
Pretty URL www--wellsfargo--com--5w49329d48d6c.wsipv6.com/ IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2023-04-05 02:01:42 Times Seen260 Hash bf7d1aee3b865a6842835bce8c0a0685 c5213d92fbf617eec79bcade5d93355daf5f199f a14e4c94d8fddca88038c337df0f10bc9bc25460c913bdb20c064ac48ca545a8 Loading...

	connect.secure.wellsfargo.com/PIDO/pic.js?r=0.6721920767089669	78 kB	2023-03-08	2023-03-08
Pretty URL connect.secure.wellsfargo.com/PIDO/pic.js?r=0.6721920767089669 IP 95.101.10.194 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:12:58 Last Seen2023-03-08 16:12:58 Times Seen1 Hash 7eb6fe8c9edfd772e3642bfdce51a5f2 bf3a450f2c6706b7509df875a8964c0217798bc9 f7c2c1a1554a9baf33e0845d73e97f7c6f5fd5373d41d9ffeeb7c43ff81bf7ef Loading...

HTTP Transactions (143)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8402
Expires: Sun, 04 Dec 2022 19:36:40 GMT
Date: Sun, 04 Dec 2022 17:16:38 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fb2c0697c6d9a96a5411dd2952947458
79e57f831ec396bbdaa5bfe9472a05e6c9fb31f4
3fd7edcc349ab4402f62e54a142be6b4cecf0e7ee3f431d3168bdf0643ba4d92

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2680
Cache-Control: max-age=151159
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:16:38 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 11:15:57 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 16:18:24 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3494
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7314
Expires: Sun, 04 Dec 2022 19:18:32 GMT
Date: Sun, 04 Dec 2022 17:16:38 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: mKjiSNXnongoDshECf9l9vmd/U1gjApxnHfZ+M2eYgQ86ZlbnKxCdVv3QZOwS82OeKMnlg7tUDI=
x-amz-request-id: DXGV0KKMW3CT4YKB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 16:47:03 GMT
age: 1775
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.dcocsp.cn/

79.133.177.228

200 OK

471 B

URL HTTP/1.1
ocsp.dcocsp.cn/
IP
79.133.177.228:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
471 B (471 bytes)
Hash
598fdaf985470cd137b72602323b510d
85aae93841e0a7d222d9b689ec5650f0248685ea
4f35c9c40cb6010f2ad4d3c25325c1d760ce8d94f65eac7c11a582866352dd8f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Sun, 04 Dec 2022 16:20:17 GMT
Last-Modified: Sun, 04 Dec 2022 14:24:48 GMT
ETag: "638cadb0-1d7"
Expires: Tue, 06 Dec 2022 14:24:48 GMT
Accept-Ranges: bytes
Ali-Swift-Global-Savetime: 1670170817
Via: cache21.l2de2[0,0,304-0,H], cache14.l2de2[1,0], cache6.de3[0,5,200-0,H], cache6.de3[7,0]
Age: 3381
X-Cache: HIT TCP_HIT dirn:9:862421613
X-Swift-SaveTime: Sun, 04 Dec 2022 16:52:38 GMT
X-Swift-CacheTime: 1659
Timing-Allow-Origin: *
EagleId: 4f85b19a16701741982347775e

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 17:16:38 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 17:11:19 GMT
cache-control: public,max-age=3600
age: 319
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/

163.171.131.129

200 OK

18 kB

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (731), with CRLF line terminators
Size
18 kB (17760 bytes)
Hash
a4baf68fe1419a9fb7457ac626ebc13d
6700c3b7e698e333793074941134a7f71ec6947e
340aaa9df0a547c60aa1b021fec641f453ae8842ef34674b889b8b267d6bcb2f

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:6$_ss:0$_st:1670175957975$ses_id:1670171736608%3Bexp-session$_pn:3%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778958%7C6%7CMCAAMB-1670778958%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1831438549%7CMCOPTOUT-1670181358s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:38 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 17760
Connection: keep-alive
Expires: -1
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-58545638-1833-492b-a9ec-fbcf74cc61f4' 'self' https://*.wellsfargo.com https://*.wfinterface.com;report-uri https://ort.wellsfargo.com/reporting/csp
Content-Language: en-US
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Akamai-Transformed: 9 21440 0 pmb=mTOE,1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:301e67db-aa29-420d-9cc9-f225abc9769d; Expires=Sun, 04-Dec-2022 17:17:08 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:0|g:301e67db-aa29-420d-9cc9-f225abc9769d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 04-Dec-2022 17:17:08 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 04-Dec-2022 17:17:08 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894; Expires=Sun, 04-Dec-2022 17:17:08 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:67; Expires=Sun, 04-Dec-2022 17:17:08 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=1120221204091638483324829; domain=.wellsfargo.com; path=/; expires=1 Dec 2032 17:16:38 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==; path=/; Httponly; Secure
WesdAksn=A5HKI96EAQAAicVczflzNLdH1jOpdWLk0BimPFLteEKBkOVMuvNXUTs5oCC7AaOrg2CcuDv8wH8AAEB3AAAAAA|1|0|c3e2d152831f0bdecfa5adffc5df05c27e9092b4; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=9ow7JWYEBVwh2k%2fXpCGQg2AFFnhsyHhKg2uqsXuCz9JqsWdpKCVNlLB61ZegUgV0; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:38 GMT;Httponly; Secure
_abck=E3352ED15602E9E87347951AB7F195AD~-1~YAAQIK7dWOyNHdiEAQAAC8wj3glfl0KtSLvtEhsCLzkJ8/Yne7m7Tugnn7rs0vA7GmZsawNfs/x1CAqPyrdo6tesa0Y8s1Abv4W+a4N1XMqvCs/Eo+DfB6bCPQAVwiHUg+WnQzfRRHdzKnACwN/WXi4GdTTcl7bYJos/MO54VRfTY27rF8cEbuEiGN6Mcu8N+Tk8tqyTWvzpyTovjs9R43usXiTO6m/VuF2bIU1edHIYq45Uo3CqQhOH8Mbhxt1AyQ7BGCGaQgn5k3dBX9+Kcz7nuwskw9V7rHGzNdvPinADCho/QfERwqe0m16I0OzD4tHuH/5jBeyceBAW8UCjX9al8MkEj3mb7WFyW+gEW6VcQ12K2toCutxoYXJvX4u9uw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:16:38 GMT; Max-Age=31536000; Secure
bm_sz=01DBCDC9A5AC6B475180F3C44D421CC9~YAAQIK7dWO2NHdiEAQAAC8wj3hKuzrdJvEKy2pqeNqsGhIQlRV8/fkjg8h+6Ci2W/3F6onpAQHocjLkjvCJx+lYdVHb0PKfkijiPNUHilJzzS6p/+DJn4PsmjJRzvKT85nEWGHxP0KzG2dejkeNkhjulByjbukysz9WIRrOW4fRaPXNc8RHlkpUrJDibrsl3y7kRuLpqPAoVuPHyhQfqoG5sm51/bMtBiaSr4Nihy6w3T37B90AOh23vnyMgW5+YwkzM5+gOD9bH3EJXSHmG1F5SuNfyCGn2+HkylVMXiuzkiP63Ck40~3491385~4604209; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:16:38 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl22:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f6_bl21_14239-27993

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
31b129c94a90b1e695b21395cb54e378
a3cae46b48d469cc61ab0581303bcd5f5b654db9
fac3f681be358a20f78958dff10c89b7a91365c5114c81246c1bc34c1362ba1e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2670
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:16:38 GMT
Last-Modified: Sun, 04 Dec 2022 16:32:08 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png

104.110.27.78

200 OK

2.5 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.5 kB (2496 bytes)
Hash
e3dfb8e67322de6a7be8c293043e69e1
9c2339e0b48afdfdcd908f78777be88c133d2aef
ea103ea932d2ebdd8e57887e4beabb394c21b6f260f49adfa8be4772cb61faec

HTTP Headers

GET /assets/images/rwd/first_time_experience-account_summary.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "618287e9-14da"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 2496
content-type: image/webp
cache-control: private, no-transform, max-age=1845933
expires: Mon, 26 Dec 2022 02:02:12 GMT
date: Sun, 04 Dec 2022 17:16:39 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png

104.110.27.78

200 OK

562 B

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
562 B (562 bytes)
Hash
dffe59af45e3b6e5d78ffcb4a1a5386a
f273b4eded463939c9a9ec7944a892d2a3921ed2
9bd4d77dfdadd6574d42e469c1968fffce0422134f4487f1d785367752743f96

HTTP Headers

GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61a93697-769"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 562
content-type: image/webp
cache-control: private, no-transform, max-age=1793246
expires: Sun, 25 Dec 2022 11:24:05 GMT
date: Sun, 04 Dec 2022 17:16:39 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png

104.110.27.78

200 OK

1.0 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.0 kB (1004 bytes)
Hash
2700367e62982f99dbdb7efa2e11328c
7db153f43a4bc9d95eb94e0d07404440b92ec129
8e16030cdf2d91809d0540f79aa3a3be4b83e4a9bf13bd91def3962f1484406f

HTTP Headers

GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61a93697-f60"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 131
x-check-cacheable: YES
content-length: 1004
content-type: image/webp
cache-control: private, no-transform, max-age=1690776
expires: Sat, 24 Dec 2022 06:56:15 GMT
date: Sun, 04 Dec 2022 17:16:39 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png

104.110.27.78

200 OK

1.7 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.7 kB (1710 bytes)
Hash
c5f6eb132665afa77e8ac7a1a707e951
70d65ab0dcfaace4c1d8bbb772af4fd7c6f66c80
0d7727e08780a04f9c86fca16ed264664eea2b161744cfb70836880bf04fc1ac

HTTP Headers

GET /assets/images/rwd/wf_logo_220x23.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61bcfcce-10c2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 853
x-check-cacheable: YES
content-length: 1710
content-type: image/webp
cache-control: private, no-transform, max-age=1607875
expires: Fri, 23 Dec 2022 07:54:34 GMT
date: Sun, 04 Dec 2022 17:16:39 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_check_mark_gradient_64x64.png

104.110.27.78

200 OK

1.3 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_check_mark_gradient_64x64.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.3 kB (1344 bytes)
Hash
20cf7cbf9f523ea23270f0140672e57d
61c40fed4a85b0ff069f6361f87ee77ff4207c2d
9d7f1fe0833268a6a9468b9fc19436ffe00b8596c67131b09361467deaed1b76

HTTP Headers

GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_check_mark_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61a93697-12d2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 1344
content-type: image/webp
cache-control: private, no-transform, max-age=1380387
expires: Tue, 20 Dec 2022 16:43:06 GMT
date: Sun, 04 Dec 2022 17:16:39 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg

104.110.27.78

200 OK

35 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x423, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
35 kB (35078 bytes)
Hash
b4461eb744601a2ca1764ee8245185fe
8666c2c62e249f94da9721df78c7ce0cfbb587b5
e04eef1b087076cfd56ee5728e50ef2993dc739f5d1934c3196c7bf88019d386

HTTP Headers

GET /assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "62057fd1-14ef3"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 35078
content-type: image/webp
cache-control: private, no-transform, max-age=1674301
expires: Sat, 24 Dec 2022 02:21:40 GMT
date: Sun, 04 Dec 2022 17:16:39 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_g_1199830824_1600x700.jpg

104.110.27.78

200 OK

52 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_g_1199830824_1600x700.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x502, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
52 kB (51474 bytes)
Hash
67a063a06589a4e40465cffe34adf460
83bd779eab37f708db097c28d9eb4295c3ebdc13
e037cf255bed27ebd83c682b368532fc925848a9ff0e42d97132ac995e43bbdf

HTTP Headers

GET /assets/images/contextual/responsive/lpromo/wfi_ph_g_1199830824_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61a7e46d-172e2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 51474
content-type: image/webp
cache-control: private, no-transform, max-age=1690659
expires: Sat, 24 Dec 2022 06:54:18 GMT
date: Sun, 04 Dec 2022 17:16:39 GMT
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0916e9b925325c11254232ad4cdf6cec
def537535bf7b923a7b0dd3ddd08f9abab88a03a
6afe957dbca140e9c78bce87bd43087108f9672b8627f8e58d51cf32d3dae4bf

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1206
Cache-Control: max-age=139276
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:16:39 GMT
Etag: "638c4e4d-1d7"
Expires: Tue, 06 Dec 2022 07:57:55 GMT
Last-Modified: Sun, 04 Dec 2022 07:37:49 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js

163.171.131.129

200 OK

18 kB

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
Unicode text, UTF-8 text, with very long lines (31354), with NEL line terminators
Size
18 kB (17883 bytes)
Hash
59e9efb0258fa77e22ba60cebadda375
14d20bc503649a3b3275eb229e8a965069d74253
7e28a89f68d98388e4f1b5d76b6770fbc175df1c3545d54ba6c67b1abda5b97b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

GET /ui/javascript/homepage-ui/homepage_iaoffer.js HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:6$_ss:0$_st:1670175957975$ses_id:1670171736608%3Bexp-session$_pn:3%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778958%7C6%7CMCAAMB-1670778958%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1831438549%7CMCOPTOUT-1670181358s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; ADRUM_BTa=R:0|g:301e67db-aa29-420d-9cc9-f225abc9769d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:67; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:39 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 17883
Connection: keep-alive
Expires: Sun, 04 Dec 2022 12:30:38 GMT
Last-Modified: Wed, 19 Oct 2022 17:27:48 GMT
ETag: "63503394-d905"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Age: 1
X-Via: 1.1 VM-CDG-01uY9168:5 (Cdn Cache Server V2.0), 1.1 bl22:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f7_bl21_14239-28078

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0916e9b925325c11254232ad4cdf6cec
def537535bf7b923a7b0dd3ddd08f9abab88a03a
6afe957dbca140e9c78bce87bd43087108f9672b8627f8e58d51cf32d3dae4bf

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1206
Cache-Control: max-age=139276
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:16:39 GMT
Etag: "638c4e4d-1d7"
Expires: Tue, 06 Dec 2022 07:57:55 GMT
Last-Modified: Sun, 04 Dec 2022 07:37:49 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js

95.101.10.152

200 OK

901 B

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (1952), with no line terminators
Size
901 B (901 bytes)
Hash
5dcc7c101ced74367609685d577093f6
f0d8214335e3c33b634048b992afd536f5bd3e43
10aab16ccfb5374425dc6ee64453a7fe6d7b6dfa47ab65779f42c7db740da1ef

HTTP Headers

GET /assets/js/wfui/appdynamics/appdEUMConfig.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 20 Jan 2022 02:38:25 GMT
Vary: Accept-Encoding
ETag: W/"61e8cb21-7a0"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 901
Date: Sun, 04 Dec 2022 17:16:39 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=oz+Rg0eBKK4qc+LrqZEh3w%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css

163.171.131.129

200 OK

24 kB

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
ASCII text, with very long lines (65536), with no line terminators
Size
24 kB (23639 bytes)
Hash
ab14fc94e9e3eda1147b33096ce78036
d2dc912ef40215c52466a63f55b3fcb274b1a3b9
fbdda4705c51998c24e57f486500422fdf801052b612b7d43272a0895e245207

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /ui/css/homepage-ui/ps-homepage.css HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:6$_ss:0$_st:1670175957975$ses_id:1670171736608%3Bexp-session$_pn:3%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778958%7C6%7CMCAAMB-1670778958%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1831438549%7CMCOPTOUT-1670181358s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; ADRUM_BTa=R:0|g:301e67db-aa29-420d-9cc9-f225abc9769d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:67; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:39 GMT
Content-Type: text/css
Content-Length: 23639
Connection: keep-alive
Expires: Sun, 04 Dec 2022 14:59:58 GMT
Last-Modified: Wed, 19 Oct 2022 17:27:48 GMT
ETag: "63503394-29ee7"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:5 (Cdn Cache Server V2.0), 1.1 bl21:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f7_bl21_14484-3597

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js

163.171.131.129

200 OK

57 kB

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
Unicode text, UTF-8 text, with very long lines (65500), with no line terminators
Size
57 kB (57297 bytes)
Hash
bf3200896bd105e86dc947dfa3c7fbf3
f39afea6027114a0d0378fd02736b71ff2f86df8
39472107f9bee2c7bd46249baa5b90c51bef93f866685c418f2a9b7175d5ed64

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

GET /ui/javascript/homepage-ui/ps-homepage.js HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:6$_ss:0$_st:1670175957975$ses_id:1670171736608%3Bexp-session$_pn:3%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778958%7C6%7CMCAAMB-1670778958%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1831438549%7CMCOPTOUT-1670181358s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; ADRUM_BTa=R:0|g:301e67db-aa29-420d-9cc9-f225abc9769d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:67; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:39 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 57297
Connection: keep-alive
Expires: Sun, 04 Dec 2022 14:59:58 GMT
Last-Modified: Wed, 19 Oct 2022 17:27:48 GMT
ETag: W/"63503394-2b951"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01cV0174:5 (Cdn Cache Server V2.0), 1.1 bl21:7 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f7_bl21_14229-32672

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B

163.171.131.129

200 OK

75 kB

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
data
Size
75 kB (74731 bytes)
Hash
3f4f3e9315bd945fe0f900f9743a8a45
2b7b36c12168e07dea9f1d61088a8f074f56550e
5d0b60cfe321510c4cd896ede7407c74e3b7eafcd24683d2b042a7c424074d6c

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

GET /f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:6$_ss:0$_st:1670175957975$ses_id:1670171736608%3Bexp-session$_pn:3%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778958%7C6%7CMCAAMB-1670778958%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1831438549%7CMCOPTOUT-1670181358s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; ADRUM_BTa=R:0|g:301e67db-aa29-420d-9cc9-f225abc9769d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:67; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:39 GMT
Content-Type: application/javascript
Content-Length: 74731
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 15:58:54 GMT
ETag: "37a4b009e7ae076e7f3325379f971e6bf5df836d1f31841d88898cd782d66a2a"
Content-Encoding: gzip
Cache-Control: max-age=21600
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=DIrMC9ZNG4dc45kTxv6Cxw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=AE3F611DED932202F51B716EF8C0CDDA~-1~YAAQMa7dWDcUf3WEAQAAIs0j3gmkJxJUOrq/gs8w+li8IhDrEnq383WWz+DnjJMZgdIUzKLfuvPpeHQssRqeOdIPy+oJh0A9uxA4vF9fVl3uysYZmZFN/WcB081o3QzKInqP2/xPpsQJ/xRgyspiA0kiI1GOkvKe+IEcta44rvL71CMSYK3duAoyg8iCbmNSky8TUvssj86mMxNY29EhbTRk3z7MmbuP+hezo5RPmsgjfjO080whqCAON3SRYP8Utu2a8D7LsA8GGUJeDki3JQJ+avbFEehp4E4/ytLgb1DEs924drIYkAH+GEQFix/Yd8e3XjwsUkUwNkcxWsoSKc59l+VRszOlDKhPTqNMevCIog1TKVBDSuTYhJW9CDjEjw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:16:39 GMT; Max-Age=31536000; Secure
bm_sz=A404F4560CDD1D027D28CB2BAFA69139~YAAQMa7dWDgUf3WEAQAAI80j3hI0anej55cbsfBmqQLRo1c+xWe0NjhGn54T7IpPrOeVCvDWDHR5y7xxI3yTbbujpSKszGXBq6TR7OxfSNprwwavE/1WSRCHbPk/TMQF9k8dJzSXhl2zeN9UzasRSIv/P9oAQxjCm7Cuid6FM1lIsJxkAg0dAqOEb9BMRcwm7nWNK3t/+dAn8BkPny4t0bsiskdfmOjOeMle+3vcIwZA2/vSSXRR/LldUJ1aqHR/qeT/iLpvTacZmmrMCv2cTLsNC09dK/Mbv1EhknSo0LBOVgxF2BIM~3360069~3359300; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:16:39 GMT; Max-Age=14400
X-Via: 1.1 bl21:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f7_bl21_14709-52858

push.services.mozilla.com/

52.89.136.7

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.89.136.7:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: o6SYssdW5HdTYBpNzbz8Ng==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9+rvvSJXxejdAinY21OFyTV+2gE=

static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js

95.101.10.152

200 OK

11 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
Unicode text, UTF-8 text, with very long lines (31790)
Size
11 kB (11076 bytes)
Hash
6d79a0dbc6ea2602aa38bbf53e43124e
8b53e45df3e4aea81cbfaa90081f6795bcfe39fc
d2aa003ecdd6c31e12964104bd23498a60e94fa2d163c6d1ff285db59f61bb6a

HTTP Headers

GET /assets/js/wfui/container/wfui-container-bottom.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Sat, 12 Feb 2022 17:58:28 GMT
Vary: Accept-Encoding
ETag: W/"6207f544-7c61"
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 11076
Date: Sun, 04 Dec 2022 17:16:39 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=%2feB2MJnPX4CXBtevdelboA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single

163.171.131.129

200 OK

4.3 kB

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
ASCII text, with very long lines (9269)
Size
4.3 kB (4287 bytes)
Hash
7ac55e0793673198fde75776a157a995
66a642dfe1511334463efdf864890a3e9b4a408f
372a46afd830d109408749a1d704ea4291216b8721d63861c3dcb6f2ca85f930

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

GET /auth/login/static/js/general_alt.js?single HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:6$_ss:0$_st:1670175957975$ses_id:1670171736608%3Bexp-session$_pn:3%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778958%7C6%7CMCAAMB-1670778958%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1831438549%7CMCOPTOUT-1670181358s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; ADRUM_BTa=R:0|g:301e67db-aa29-420d-9cc9-f225abc9769d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:67; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:39 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 4287
Connection: keep-alive
Content-Encoding: gzip
Expires: Sun, 04 Dec 2022 17:16:39 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=Ay7NI96EAQAA7TdwO24gb-zkt0DQFx0XRfmoBfVxzUs5ERTT1FK8TMBwjqdJAaOrg1-cuDv8wH8AAEB3AAAAAA|1|0|1a8e4beee469c9a99400738d4068a394a55c57fc; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=LNhuxzMyB%2fBrpW24tylsvzjGPVla8t+nK8stw1Hc+4RvczaxPwRMi8Llb6ihgTrw; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:39 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f6_bl21_14239-28067

www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png

104.110.27.78

200 OK

49 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 1187 x 406, 8-bit colormap, non-interlaced\012- data
Size
49 kB (48569 bytes)
Hash
4576998e5446061faba47c4c609823e0
3beff60a8beab6ef65403e7bc02f996509c737a2
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39

HTTP Headers

GET /assets/images/sprite/responsive-sprite-v7.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 48569
last-modified: Thu, 21 Jul 2022 20:04:58 GMT
etag: "62d9b16a-bdb9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=7988589
expires: Tue, 07 Mar 2023 04:19:48 GMT
date: Sun, 04 Dec 2022 17:16:39 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2

104.110.27.78

200 OK

22 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Size
22 kB (22424 bytes)
Hash
0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc

HTTP Headers

GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=2129439
expires: Thu, 29 Dec 2022 08:47:18 GMT
date: Sun, 04 Dec 2022 17:16:39 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2

104.110.27.78

200 OK

23 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Size
23 kB (22600 bytes)
Hash
83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba

HTTP Headers

GET /assets/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5848"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=2039298
expires: Wed, 28 Dec 2022 07:44:57 GMT
date: Sun, 04 Dec 2022 17:16:39 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2

104.110.27.78

200 OK

22 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Size
22 kB (22172 bytes)
Hash
f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704

HTTP Headers

GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=2106233
expires: Thu, 29 Dec 2022 02:20:32 GMT
date: Sun, 04 Dec 2022 17:16:39 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2

104.110.27.78

200 OK

22 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107\012- data
Size
22 kB (21636 bytes)
Hash
1a2740c8df445989e4ee5f5396b6474c
a3f8545619fdd5b2a481952cd9e2c7b169bb43a6
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc

HTTP Headers

GET /assets/fonts/wellsfargosans-lt.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 21636
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5484"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=2039018
expires: Wed, 28 Dec 2022 07:40:17 GMT
date: Sun, 04 Dec 2022 17:16:39 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

static.wellsfargo.com/tracking/hp/utag.js

95.101.10.152

200 OK

55 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/hp/utag.js
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (15536), with CRLF line terminators
Size
55 kB (54746 bytes)
Hash
a2ab4b46ad30f60866211f2fe5de68a3
125c39f1a776161eb319a742ae7ce621f4c38933
11f666b297e903717f7f8fb577dca1beb1db6bff324a2a99b4dc0c639f883452

HTTP Headers

GET /tracking/hp/utag.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:06:35 GMT
Vary: Accept-Encoding
ETag: W/"632cc04b-32229"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 54746
Date: Sun, 04 Dec 2022 17:16:39 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=MefTpdTRFz4pqOq1fMYyUw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B

163.171.131.129

201 Created

18 B

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2165
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:6$_ss:0$_st:1670175957975$ses_id:1670171736608%3Bexp-session$_pn:3%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778958%7C6%7CMCAAMB-1670778958%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1831438549%7CMCOPTOUT-1670181358s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; ADRUM_BTa=R:0|g:301e67db-aa29-420d-9cc9-f225abc9769d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:67; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 201 Created
Date: Sun, 04 Dec 2022 17:16:39 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=kz%2fPmsVvneyxp0UpaSs+Aw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=kz%2fPmsVvneyxp0UpaSs+Aw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=C3CE69B1620A60EF3E474438CE23AB4E~-1~YAAQMa7dWGUUf3WEAQAAZc8j3gmO6w6xLAFRz/+M+Z0AY+gfmFy6SPYaZYa8BpIDk5eqGEr1zTuhXcVIacfD5yPeU5VBbq8sAqQ7C+itxcTFDmyEXXBrl9j7tp1jczjfzPx9spjqyhHWcCyymowhQxSclYyk+AoOe85EsT6efmV76tL+ZweMDomxLf4ushFkhaeRgi0XQP14nWcEROpJY0ACtAveX5tTsYPO7L7H94tnsbTJY3LcNuu/L61eHVegagKTqFFrga2tCHA8TXUl5Z7abgaHIzX8Itk+k5c2KTmMOUcb76yXK46GqyjLxgmUY/Ye2qzvvFJa8xJsZtFCXl1cy1FDEINxyMxXvfnM7xKqBAsexWlFtVpDADFT+nVPKA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:16:39 GMT; Max-Age=31536000; Secure
bm_sz=685C7FB3517E2BBBD5615A98F0CBC820~YAAQMa7dWGYUf3WEAQAAZc8j3hJeF7kyJwGH4Q8dxNOxtd/G2pQWFKcOqTbz0jkduAJRaJmymAkEpBsw53iFhH762ioYBsMUq/Tef5w87G8qXb4QGctEf8xvRDnIZDENlBZWDga3HiDimPLRUyVG9F7eXmur38lcNi5M5Ixv135lhbu38eQHD+ijV6d9I5L+0VScX7Spw2O4reL4X+Jpcal085cEVauMhAFLOeHvUKsc+GrDuzj0WQdIUp47TyCb2NRS5EDyz3DUdCqNh00tzyb78ThblT5MIF6LJo8qTmceIEJLSpkr~3360069~3359300; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:16:39 GMT; Max-Age=14400
X-Via: 1.1 bl21:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f7_bl21_14239-28141

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/target/offers/conversations

163.171.131.129

200 OK

2.0 kB

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/target/offers/conversations
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (10157), with no line terminators
Size
2.0 kB (2019 bytes)
Hash
9c9e589c412444701257d950efc9b59a
28bfb3929bfd63917d9081f8395c425373ecf136
a2c0dac3bdb95ab9396525516bfdc31dcf4d8672b0f35e1861b05e1b7c339834

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /target/offers/conversations HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 105
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:6$_ss:0$_st:1670175957975$ses_id:1670171736608%3Bexp-session$_pn:3%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778958%7C6%7CMCAAMB-1670778958%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1831438549%7CMCOPTOUT-1670181358s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; ADRUM_BTa=R:0|g:301e67db-aa29-420d-9cc9-f225abc9769d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:67; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:39 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 2019
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-ee976254-4587-4ad9-88ee-854fe929533e' 'self' https://*.wellsfargo.com https://*.wfinterface.com;report-uri https://ort.wellsfargo.com/reporting/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:301e67db-aa29-420d-9cc9-f225abc9769d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:67; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561; Expires=Sun, 04-Dec-2022 17:17:09 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 04-Dec-2022 17:17:09 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 04-Dec-2022 17:17:09 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893; Expires=Sun, 04-Dec-2022 17:17:09 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:199; Expires=Sun, 04-Dec-2022 17:17:09 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=11202212040916391701770355; domain=.wellsfargo.com; path=/; expires=1 Dec 2032 17:16:39 GMT; secure=true; SameSite=Lax; HttpOnly
wcmcookiehp=EB1AC8E525E1CA0EFF13BA5534607595; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
DCID=zziCLEh2cPjpdRcHJzzrEOUZlcHSD25Nj6otcGAdetThsHwLMmLEw966gHHU1Y0y; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:39 GMT;Httponly; Secure
_abck=C7EFFF0AE6FA73D3DCBE52DF43373ED3~-1~YAAQIK7dWP2NHdiEAQAAwc8j3gmrGxhATQEz0H8OsH1nAgslv/EFAuxCPeNGQgQhV47lwbOfI8qQt72ArlbNTagreGrBJUoRkYIKSIYFO3GJOrgpSLk6UByX/mkyhwek3ooq2FtaXQu/Sw8AJbL206245LxopL+UxrVb6/PzgJzv/m64eZm71xa+Ztnw2v4ZzrQwg9ML0+SrYp9zlhe7a1KvYdKaOfFUDo3Q52Ybwup0qZrFUp/81doX0i9usPgBTDR3Lb+0UI5qH2jOU8BrzGF9LC/xZm1Gq6WRaoQZb3JYWhBi5zF4pCRjdtNSl3JKpdaMx5HnMp8ERs94wzpoJc/M+aNBYd2eSTrS9V822O7CtJrwNQ71/Q1bMavCRvEeHQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:16:39 GMT; Max-Age=31536000; Secure
bm_sz=98B5E255AF0E43E82CDEBE66C7CA01C4~YAAQIK7dWP6NHdiEAQAAwc8j3hLgWREREAh1S/UAkJZOaSDtvf3m1Mq0eeEgmRKrWm38o2kakCWnnZN+TR8s0Sg3O7o9cVJSv/Z+roX0QU+y4/gQjuTMmYgUMsswJewCgcTvhJUWZPJ4uuTwqCCiDw175FmPm5kTSiyasrTm7wyulzUKW+hNLsogKaPs+tKQJWPEyUgJcBiBuTfl0aJr3Cl1ncTtZMPMWA5FieI/jJIlXBlLyrIYwwL76pTplljO7Qnp+sbTYmUSFdp81+tkMpr7j5wNuguJGBuphLuWQzCQqbiYq993~3360069~3359300; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:16:39 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl22:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f7_bl21_14484-3621

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1305630454_616x353.jpg

104.110.27.78

200 OK

24 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1305630454_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
24 kB (24386 bytes)
Hash
cb2701f69033671b5b2f3fec4c80f572
ab6a87369924fa513fa98e04677c2d332d5e25c1
9913aaf46bebf4d41ba3b37f686ba546b41faa33db9dc720a68bebd924121125

HTTP Headers

GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1305630454_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "635162e2-d177"
last-modified: Tue, 01 Nov 2022 22:03:11 GMT
server: Akamai Image Manager
x-serial: 1920
x-check-cacheable: YES
content-length: 24386
content-type: image/webp
cache-control: private, no-transform, max-age=2090716
expires: Wed, 28 Dec 2022 22:01:55 GMT
date: Sun, 04 Dec 2022 17:16:39 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_111661701_616x353.jpg

104.110.27.78

200 OK

55 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_111661701_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
55 kB (55048 bytes)
Hash
f9ab0764029883a1b5fedf81e7a450a1
b1f3593d1bf562f06bff4d9175d7ce10aa294f4f
4d2bd105b932b41bcf770bccfa190341867c5680f95df56ebaf24f6e8d8aefcb

HTTP Headers

GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_111661701_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "63505818-def7"
last-modified: Tue, 25 Oct 2022 21:17:29 GMT
server: Akamai Image Manager
x-serial: 1018
x-check-cacheable: YES
content-length: 55048
content-type: image/webp
cache-control: private, no-transform, max-age=1483159
expires: Wed, 21 Dec 2022 21:15:58 GMT
date: Sun, 04 Dec 2022 17:16:39 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg

104.110.27.78

200 OK

46 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 616x353, components 3\012- data
Size
46 kB (46359 bytes)
Hash
dcf7437b7a206b67e8a55258ceea28ae
88e53c53f0878df1b91a66feaaa14fd8fae4af48
360a07438b52ee265a76b81e252fa33b85d462168d6998b6e35df8df2899e9d3

HTTP Headers

GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "63505819-d82f"
last-modified: Thu, 20 Oct 2022 21:37:57 GMT
server: Akamai Image Manager
x-serial: 1019
x-check-cacheable: YES
content-length: 46359
content-type: image/jpeg
cache-control: private, no-transform, max-age=1052527
expires: Fri, 16 Dec 2022 21:38:46 GMT
date: Sun, 04 Dec 2022 17:16:39 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png

104.110.27.78

200 OK

1.6 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.6 kB (1570 bytes)
Hash
9bab6d4f56255c3eb509223b9e20a4e4
9dab7ff41b34eb5a3ac57e0b09e6215b549b7136
e68a77a05fe5ce16c4f6aa3590d99909ddb57e180a0741736debbe26fd98233b

HTTP Headers

GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "633eedca-e69"
last-modified: Tue, 25 Oct 2022 20:39:05 GMT
server: Akamai Image Manager
content-length: 1570
content-type: image/webp
cache-control: private, no-transform, max-age=1481042
expires: Wed, 21 Dec 2022 20:40:41 GMT
date: Sun, 04 Dec 2022 17:16:39 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/active_cash_refresh_hplp_1600x700.jpg

104.110.27.78

200 OK

25 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/active_cash_refresh_hplp_1600x700.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x502, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
25 kB (24782 bytes)
Hash
f8f8b797f394dae4b55a85b9f55eea80
d96aada64a87f18da3fbe13e2b9c057a37192ebb
c625c5f31f79968509bb3eb016f3b20a99e44496fb0f691b8ba3bb960e9caef7

HTTP Headers

GET /assets/images/contextual/responsive/lpromo/active_cash_refresh_hplp_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "62d96afb-178fc"
last-modified: Mon, 25 Jul 2022 22:14:15 GMT
server: Akamai Image Manager
x-serial: 1184
x-check-cacheable: YES
content-length: 24782
content-type: image/webp
cache-control: private, no-transform, max-age=392450
expires: Fri, 09 Dec 2022 06:17:29 GMT
date: Sun, 04 Dec 2022 17:16:39 GMT
X-Firefox-Spdy: h2

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js

163.171.131.129

200 OK

306 kB

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
ASCII text, with very long lines (65356)
Size
306 kB (305866 bytes)
Hash
0a73606e47133a2d2a13f7b5e1750e3c
8faaf759f275f0b66491df1c5077939099282044
cadbb05fc74ea8549b09ebed74da9dddf5499847acbcfaf7775b67a48abfc1ed

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

GET /auth/login/static/js/general_alt.js?1js HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:6$_ss:0$_st:1670175957975$ses_id:1670171736608%3Bexp-session$_pn:3%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778958%7C6%7CMCAAMB-1670778958%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1831438549%7CMCOPTOUT-1670181358s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; ADRUM_BTa=R:0|g:301e67db-aa29-420d-9cc9-f225abc9769d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:67; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:39 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Sun, 04 Dec 2022 17:16:39 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: DCID=316ipAGlUdF5vyHZ+0vW1CHMfh7xIzD9r3VtTnM0qbqsIgyiz7NTdvQgtjbH8SZo; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:39 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f7_bl21_14229-32689

www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png

104.110.27.78

200 OK

2.3 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.3 kB (2330 bytes)
Hash
cd43a2d200f1b8eec84495408eb299f0
2eb173b0af9b49b634e0645a96931f5fdf6e3ab3
659ec8c02bafa9c286c39731fb1d2d382a7a8dd2ee8cc4132146558dbe27b6a8

HTTP Headers

GET /assets/images/homepage/position-1-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61619278-9f2c"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 858
x-check-cacheable: YES
content-length: 2330
content-type: image/webp
cache-control: private, no-transform, max-age=1806882
expires: Sun, 25 Dec 2022 15:11:21 GMT
date: Sun, 04 Dec 2022 17:16:39 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png

104.110.27.78

200 OK

2.3 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.3 kB (2340 bytes)
Hash
2f9e97870725142046712437d067b97f
bf8db685193835edea05ac95e5671b24e0f49467
50ce7b0d954443e5fd62e3cd003bc7124bda0b30dd58d6a66485c72be96959c0

HTTP Headers

GET /assets/images/homepage/position-2-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61619278-cf3e"
last-modified: Thu, 14 Jul 2022 02:02:39 GMT
server: Akamai Image Manager
content-length: 2340
content-type: image/webp
cache-control: private, no-transform, max-age=1657812
expires: Fri, 23 Dec 2022 21:46:51 GMT
date: Sun, 04 Dec 2022 17:16:39 GMT
X-Firefox-Spdy: h2

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B

163.171.131.129

201 Created

18 B

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2524
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:7$_ss:0$_st:1670175997317$ses_id:1670171736608%3Bexp-session$_pn:4%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778958%7C6%7CMCAAMB-1670778958%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1831438549%7CMCOPTOUT-1670181358s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; SameSite=None; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==; ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:199
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 201 Created
Date: Sun, 04 Dec 2022 17:16:40 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=hvoHon%2f6LUd2H+lnCHmeRg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=hvoHon%2f6LUd2H+lnCHmeRg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=8D2302B9C7F01691CF1E887DEAAAC6CB~-1~YAAQMa7dWIsUf3WEAQAA0tEj3gkGjKvxOhd9HRzH9rBw9L+FAaCEvsrKD8u8Keye3/idbtH5ULDaoMKzWy0jf6XEKLFhQalcvQbXXJ29Jrxdtygwcmiczlijre2CvObQu/L1if71RM5AOs0fScH3Pxt8jpGXmy8ftwjYt2Hc34QaL82+UA2q1D75hfbaztU7BOjxHOC8eu4D6ljUbblbZDYPPZMRGr2BmKVduDNog37/LV7t+gVHyKYTlC+xxX5H51MNUx1GkceNlfP1xjqIYTI0+RnusIUr7yXlKarALdMyaG2Pgm6FAK8wWlQkvqDLcqdy/pLUleqhGHJAJdirnuMlQsSPOCKeMQLTdsH0SCtgbUQacse70i7SVMvQ21q7wA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:16:40 GMT; Max-Age=31536000; Secure
bm_sz=34C07126AB771A99EF6AF20CCBBD85F3~YAAQMa7dWIwUf3WEAQAA0tEj3hLv0NeKVJKcA/a8odrTJc6DSufcJ+vBRClZuBoYZodaVjTsWPUXaI+a12ukV+BsvMayDBT9Z7cDz79NznaaNY6INYf2Tp3dR3c4xUfP4DzUbWF8hbgSdv1376Kubd+y/HIGkwpSeLw82HmEsJx4amwqf+rRh1GGNP66jgWkYp7fYzdQOgvuWI9xYvTpguwTM1cxDP8g5vmsMn9Vixps7UmB4rV8kuB96dJiFxk8JMEAXhII8p1Sb9KwFN16pGTDOkMVGRVKx8skcu7EQE41gWIprMqR~4535856~3225397; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:16:40 GMT; Max-Age=14400
X-Via: 1.1 bl21:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f8_bl21_14484-3716

www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png

104.110.27.78

200 OK

1.6 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 192x192, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
1.6 kB (1636 bytes)
Hash
b9d2c719de3d6701349f1134e129defe
703a51a2f72672f6b34a3dcf8d07c351143f9151
95ae72a8f3b1f5794802b2704b74bef2f29fe1b8da1f06c97a8e7ab2acb5e435

HTTP Headers

GET /assets/images/icons/icon-hires_192x192.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6116f9a6-dcf"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 1636
content-type: image/webp
cache-control: private, no-transform, max-age=1688286
expires: Sat, 24 Dec 2022 06:14:46 GMT
date: Sun, 04 Dec 2022 17:16:40 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico

104.110.27.78

200 OK

9.2 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
9.2 kB (9198 bytes)
Hash
cd112f1acb59ef6e59e09c0effd8ce2a
bc104cd92adc32a8f695300d2b0cc69c2776f6af
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c

HTTP Headers

GET /assets/images/icons/ico/favicon.ico HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/x-icon
content-length: 9198
last-modified: Fri, 17 Dec 2021 21:10:38 GMT
etag: "61bcfcce-23ee"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=22016
expires: Sun, 04 Dec 2022 23:23:36 GMT
date: Sun, 04 Dec 2022 17:16:40 GMT
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4417
Expires: Sun, 04 Dec 2022 18:30:17 GMT
Date: Sun, 04 Dec 2022 17:16:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4417
Expires: Sun, 04 Dec 2022 18:30:17 GMT
Date: Sun, 04 Dec 2022 17:16:40 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4417
Expires: Sun, 04 Dec 2022 18:30:17 GMT
Date: Sun, 04 Dec 2022 17:16:40 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (16143 bytes)
Hash
14dcca2a9c4792d835ee709bcd947402
1d702df3a64258628f4124eafd580695f2d350af
da01dcd8fef7c50bdb6f7a8a6a4955694092f479df3dba72f7fa69d7280d07b2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 16143
x-amzn-requestid: dc86fad4-4e53-42c9-9b0a-5e4d2cfcd087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGyLGqmoAMFnaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a7-0ea324b31e8c6578098b8ab9;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KHd4ajJWl-8TDH5HGbkuJXI4NL6I83IwSUBKzfq85cxpyRH_LGl6OA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 05:55:20 GMT
age: 40880
etag: "1d702df3a64258628f4124eafd580695f2d350af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (8989 bytes)
Hash
a6e7b32ac999cf3c899a234c621fa91a
fc5d4f3163ebb9faf85968cbb1d194e8e68418be
f12db3aed126006fee00649aba0b3eaae900de200b85b9523866a90b5494f18e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8989
x-amzn-requestid: abce0b01-f70c-42ad-b242-5a24735fe4c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltl4Gk2oAMFSWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc2f2-1cccffff5199dffe70264a95;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:43:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PFl7VUrzRkMFNnTiIw_cbGCyrEFn43eUSlZfT0nUhUmjjyXT7JfjMA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:50:01 GMT
age: 69999
etag: "fc5d4f3163ebb9faf85968cbb1d194e8e68418be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10431 bytes)
Hash
2636f91bb8fa4d9bb7bef114c248a9ae
8637105f41058bc0d2b259d462b560881928adb6
3d93fd8fcf1af31d00ccbd453142dbea5f2b91d7f58373095943ed40a31ed1f7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10431
x-amzn-requestid: f79ab5e7-8c1b-4827-a531-aaa19c1d80aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsCGEwxIAMF34g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc073-6358d2950955884c470c0a89;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PQ7xh995cd1UVi3z42EVZGjQjHLLvtAP5BBC-xLEEGr4mEiXS6fC-w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:47:06 GMT
age: 70174
etag: "8637105f41058bc0d2b259d462b560881928adb6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5681 bytes)
Hash
43309032a892c486f9985ef520df696e
36f4682ca6a33ff80ee02129c77e6f27e996ede0
24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vNP2rQwmWTntetjJyjonO8N_YOBqvQuZUm42BWX7c1GoX7jASOIpCg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:49:42 GMT
age: 70018
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.7 kB (4666 bytes)
Hash
c01fe1cccdb3b672bbade6d98217ffe9
a9a529dc9894827f6243a1bf57f81caa4fe88fc2
c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z5uqgjB-Bsl0U55a8aFi37cpJ65Vnbjm6bJ2GnMpaO7RXsMZsOCbPQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:44:01 GMT
age: 70359
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8315 bytes)
Hash
db1701b7b9d161a0c935bb6e10b17893
22a8c4bd58c729c1abcf794466e8f3231dfb034b
b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JuY0xcLDiERwrVhq33d4PP64liDqFfk9bc9xX1H62o0tOwrt1ek7Pg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:42:39 GMT
age: 70441
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png

104.110.27.78

200 OK

852 B

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
852 B (852 bytes)
Hash
83d5bb1eeca48fd91b76ba78a6033079
795d21b0703fe9606406267cbb1740251f17949c
b5b73fb58b90213e3e94e8bb2f2821ae968e4a14c736940a2a80673c5039919b

HTTP Headers

GET /assets/images/rwd/Active-Cash-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6217f519-1d25"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 852
content-type: image/webp
cache-control: private, no-transform, max-age=1577354
expires: Thu, 22 Dec 2022 23:25:54 GMT
date: Sun, 04 Dec 2022 17:16:40 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg

104.110.27.78

200 OK

1.1 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 79x50, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
1.1 kB (1118 bytes)
Hash
8fc4a7236687f00978c3d3d9c679fa7d
5d7bcfc23ba4a4b58f22f497b214e7b427916b05
c2f04b9277e2158e498ea44ff61a651461ac7bcf0eed712b78fa8e21ae6eabfb

HTTP Headers

GET /assets/images/rwd/wf_autograph_card_79x50.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6286a22a-81c"
last-modified: Thu, 14 Jul 2022 19:31:27 GMT
server: Akamai Image Manager
x-serial: 2010
x-check-cacheable: YES
content-length: 1118
content-type: image/webp
cache-control: private, no-transform, max-age=1906849
expires: Mon, 26 Dec 2022 18:57:29 GMT
date: Sun, 04 Dec 2022 17:16:40 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png

104.110.27.78

200 OK

712 B

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
712 B (712 bytes)
Hash
856ba11ad61b561850f726f3f9bd8c6b
b50337dec6ee97d505a21bdcaa15f4a0d2bb2571
7867b0f1e4d21ebd684268360f820149578a15141a9128b57a97843c0fcb3b72

HTTP Headers

GET /assets/images/rwd/Reflect-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6217f519-1c20"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 712
content-type: image/webp
cache-control: private, no-transform, max-age=1729486
expires: Sat, 24 Dec 2022 17:41:26 GMT
date: Sun, 04 Dec 2022 17:16:40 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/h.com_card_79x50.png

104.110.27.78

200 OK

2.3 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/h.com_card_79x50.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.3 kB (2286 bytes)
Hash
54a0dd5862244507f56e176ecde59056
2d8f7d7e00316c6811ce2552e608260481303898
749d47078866f2ebe0c2b692de339996ede393b570c7f73418ac0ed9a6882539

HTTP Headers

GET /assets/images/rwd/h.com_card_79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6217f519-23fc"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 2286
content-type: image/webp
cache-control: private, no-transform, max-age=1511495
expires: Thu, 22 Dec 2022 05:08:15 GMT
date: Sun, 04 Dec 2022 17:16:40 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png

104.110.27.78

200 OK

1.3 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.3 kB (1348 bytes)
Hash
20395535ccb9d64fc541151586d860d7
791003e66d20380a1925d19a9bb3c4cbaf451073
5220e2267bf1d52810fa37112ed26e7d0d6a6f8cfaaa7d36c032b68562030d05

HTTP Headers

GET /assets/images/rwd/bilt_card_79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6217f519-1be6"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 961
x-check-cacheable: YES
content-length: 1348
content-type: image/webp
cache-control: private, no-transform, max-age=1674019
expires: Sat, 24 Dec 2022 02:16:59 GMT
date: Sun, 04 Dec 2022 17:16:40 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png

104.110.27.78

200 OK

9.7 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
9.7 kB (9652 bytes)
Hash
8b4c65145c9e79c9856c52e2ce603d3b
438a74f7b0422772484641c478e42249dfe67b02
768a1f0d67ab6d887d220ae8500265022bc019d8076b815c8ca7b009556be135

HTTP Headers

GET /assets/images/rwd/Native_App_Phone_Personal_v8.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6328cc17-9829"
last-modified: Tue, 11 Oct 2022 18:46:18 GMT
server: Akamai Image Manager
content-length: 9652
content-type: image/webp
cache-control: private, no-transform, max-age=260244
expires: Wed, 07 Dec 2022 17:34:04 GMT
date: Sun, 04 Dec 2022 17:16:40 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg

104.110.27.78

200 OK

29 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
29 kB (29240 bytes)
Hash
1368994cfb46c8ae169c749459365581
49af26a99885e645354f7b26e123655cdeee159b
a5bcbe6002a1fbae84d43160b1f45c3686d5c35e7fda458e9f4b3fd2dacfe3e5

HTTP Headers

GET /assets/images/rwd/volunteers_cars_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "618017dd-cd21"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 29240
content-type: image/webp
cache-control: private, no-transform, max-age=1686168
expires: Sat, 24 Dec 2022 05:39:28 GMT
date: Sun, 04 Dec 2022 17:16:40 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/woman_in_office_616x353.jpg

104.110.27.78

200 OK

32 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/woman_in_office_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
32 kB (31450 bytes)
Hash
7b5816c180aaf51a1142bd41e53a6ed3
f8dfd3ec8e0fb88ecef0a4b07acda06d280741ab
d7651b47c8d449b7311d15e9625df3514e7c0278ff059392189e608b5a9113a1

HTTP Headers

GET /assets/images/rwd/woman_in_office_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "618017dd-d06e"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 31450
content-type: image/webp
cache-control: private, no-transform, max-age=1845953
expires: Mon, 26 Dec 2022 02:02:33 GMT
date: Sun, 04 Dec 2022 17:16:40 GMT
X-Firefox-Spdy: h2

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B

163.171.131.129

201 Created

18 B

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2584
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:7$_ss:0$_st:1670175997317$ses_id:1670171736608%3Bexp-session$_pn:4%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778958%7C6%7CMCAAMB-1670778958%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1831438549%7CMCOPTOUT-1670181358s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; SameSite=None; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==; ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:199
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 201 Created
Date: Sun, 04 Dec 2022 17:16:40 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=l0PYTX8W4w3LGimYYZtndA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=l0PYTX8W4w3LGimYYZtndA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=141D7F276F215F4E6651D0BC0938EED2~-1~YAAQMa7dWLIUf3WEAQAAdtQj3gkdpmByrpBtTYcHVm9FoE/D9xd5dZERqf/Q+zJNI0Y9ZaXs2wdtDKNszdmBQOwunNtNRpynlWoWCHFT0kU/d0S8P1AQ86z6GB6tMwf0+kWZOaaLbmKsgDb+55+2QkZPASyKokPhxvZ/Ttm5Xhd3rCxH9dZ9wuOwpgfbcxrT8FXXIcW2BJE3B9WOLfi6VQe60QdoSkkj+TlgAwlTkNMbe2wNwYQHu5ZA7DNAQS3uPmZE2pQIA7XFWMFJtm1hk+bh+u0zWR+9yJmrMC9A5oLS3o3en+YkyX1LHgVGWPFz5BVHEuVSdyEHaOmsBHPTUp/kkLjed+0T04kpA42CMLY8FT1o2a9CLOZmUGccBeBR+A==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:16:40 GMT; Max-Age=31536000; Secure
bm_sz=1A6950D8A042454EEEEBB9F41396E73C~YAAQMa7dWLMUf3WEAQAAdtQj3hKXC1M2xX3HtJ3LLVfTvCrdrF5yq/bbPKq67T3qCaXWKg01cKBouiBeGpCNBmfWnZEPdT+rnYO3lPJl5mRHKfPFeUmsWM6T9dcDETCwgcpbAp+cNUFqAMubEgit2pfjp617Du2E4esvCWbPMqjCquecTpJfPw5I42mEhPS1q3DwrMr3GV7PFhp2oYDVhw524apfkIQ7iip0WGlMFUquRbsguOsXS46ccKjtop5sQ2Q6Zncc62jtdY1rcwofySrKQ5U2SMZWx9eeOuEoGhauJhDLaOdH~4535856~3225397; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:16:40 GMT; Max-Age=14400
X-Via: 1.1 bl21:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f8_bl21_14229-32837

static.wellsfargo.com/tracking/gb/detector-dom.min.js

95.101.10.152

200 OK

132 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/gb/detector-dom.min.js
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65434)
Size
132 kB (131829 bytes)
Hash
73ad7a8f8ccda765b898b038f90d8274
756ac35ad2422d93a0b327dfeff7fe9200695883
60ccc38cf175aba7cbe63bf1ec6319b5c1648d9a52014dfefa6ec718476a17b7

HTTP Headers

GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:03:51 GMT
Vary: Accept-Encoding
ETag: W/"632cbfa7-6b8d3"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 131829
Date: Sun, 04 Dec 2022 17:16:41 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=OQl+6uKZk7wZfyj7SJPzRw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1

95.101.10.152

200 OK

45 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65508)
Size
45 kB (45086 bytes)
Hash
f0bce3a74e635ab88b299b1f625c99a4
345faf01029820b11abc73022ece8fb8e51cc321
faebd8dced2c15d37da85427c6e60aecb6a1a5f75e888280d447e93e64102c8e

HTTP Headers

GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-1ca73"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45086
Date: Sun, 04 Dec 2022 17:16:41 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=IhTL%2fbk7DFJHjW6YjwI1OA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e471e4415d227aa6441e48d6543b2f5d
5d31fde87a692fcde1747dfeec56d42caa2338e9
691eac9590299d938d2b2722a1a3ca784a1f2d7b49b2982f372c3becdcb631ca

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2435
Cache-Control: max-age=135050
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:16:41 GMT
Etag: "638c3900-1d7"
Expires: Tue, 06 Dec 2022 06:47:31 GMT
Last-Modified: Sun, 04 Dec 2022 06:06:56 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e471e4415d227aa6441e48d6543b2f5d
5d31fde87a692fcde1747dfeec56d42caa2338e9
691eac9590299d938d2b2722a1a3ca784a1f2d7b49b2982f372c3becdcb631ca

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2435
Cache-Control: max-age=135050
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:16:41 GMT
Etag: "638c3900-1d7"
Expires: Tue, 06 Dec 2022 06:47:31 GMT
Last-Modified: Sun, 04 Dec 2022 06:06:56 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
a97c490a5f57669e4779f159c4dc7c2e
a8cb07e3ef5ff4963a1e303a9770ff752cc62ecc
440bae73a0f989f36ec69b72d2cd21fab3637efc498af4a5e77d74a55ea7fca7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:41 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 01:42:53 GMT
Expires: Sun, 11 Dec 2022 01:42:52 GMT
Etag: "a8cb07e3ef5ff4963a1e303a9770ff752cc62ecc"
Cache-Control: max-age=548170,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774630f48e6d1c12-OSL

dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=69292223251660950920026903601196452734&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%011120221204091638483324829%011&ts=1670174198586

34.243.172.78

200 OK

321 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=69292223251660950920026903601196452734&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%011120221204091638483324829%011&ts=1670174198586
IP
34.243.172.78:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Size
321 B (321 bytes)
Hash
1ea13d3f79f7ccd607485000a6a7fc84
eb4301fac08fb24a05574159671abcc46c7cfa5f
886341c0bb6467af4daa49b376e0694a97859240db712610f32c0ec72a30edfa

HTTP Headers

GET /id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=69292223251660950920026903601196452734&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%011120221204091638483324829%011&ts=1670174198586 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-02cc342ef.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=38701005191206195522500631483432600346; Max-Age=15552000; Expires=Fri, 02 Jun 2023 17:16:41 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: M+PkbaL2RfE=
Content-Length: 321
Connection: keep-alive

dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=69292223251660950920026903601196452734&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&ts=1670174198580

34.243.172.78

200 OK

320 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=69292223251660950920026903601196452734&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&ts=1670174198580
IP
34.243.172.78:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Size
320 B (320 bytes)
Hash
91b4055e87fac6893008026397962f7b
74e9a6cd61c6b2cd4df87da1bc5e374f446b7f39
71d2b4a9b1644efa14cc960d93a2d8b56b17afe84e67e13db6e678a2cb578a98

HTTP Headers

GET /id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=69292223251660950920026903601196452734&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&ts=1670174198580 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-0780584f2.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=61463522014308107070853490895100918524; Max-Age=15552000; Expires=Fri, 02 Jun 2023 17:16:41 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: 8WaAl8euTq8=
Content-Length: 320
Connection: keep-alive

wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1670174198591

54.217.130.182

200 OK

329 B

URL HTTP/1.1
wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1670174198591
IP
54.217.130.182:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (605), with no line terminators
Size
329 B (329 bytes)
Hash
aa14150e080ecbd7619a016befd7f0ac
353be3c38fef662790e60e33038852476557a67c
f1ff667c36e3d90b51a14b70128822851e11663b570e484e33329d6544dd7c2b

HTTP Headers

POST /event?d_dil_ver=9.5&_ts=1670174198591 HTTP/1.1
Host: wellsfargobankna.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 426
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-00fcfd78a.edge-irl1.demdex.com 5 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=69278062560145082630023253874332414317; Max-Age=15552000; Expires=Fri, 02 Jun 2023 17:16:41 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: KTHwG23ISEU=
Content-Length: 329
Connection: keep-alive

connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js

95.101.10.194

200 OK

572 B

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
C source, ASCII text
Size
572 B (572 bytes)
Hash
dfd7990c3700ca8f3a291a2eb2313953
d091406238db6b36e54dfb8f5ad1892cec39d492
d45ab106a5ce4166f107e444928e6971b4978d14139704e042d2d19949c2c836

HTTP Headers

GET /accounts/static/7M/accounts/short/accounts-cache.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Mon, 14 Nov 2022 19:22:52 GMT
Vary: Accept-Encoding
ETag: W/"6372958c-497"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 572
Date: Sun, 04 Dec 2022 17:16:41 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=XjAfvycd2Wt2emJX1BNK5SHEUbecdHgA%2fmPouCKKVBL6PMy4AiCPGIDXsPoQUKn%2f; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:41 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js

95.101.10.152

200 OK

14 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (32088), with CRLF line terminators
Size
14 kB (14304 bytes)
Hash
3aebe41731e9656c48b87e8e8b2d1177
43369d1732f4ad8a5e7a1e9a3e133d96945afe02
6cf0cd136cefa8b4cce2da6ead22c33b83af4af3e87d7e4e9589b60f6ce4e395

HTTP Headers

GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 14304
Date: Sun, 04 Dec 2022 17:16:41 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=HHl45LBqBPgRCysh5qJRXQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/tracking/ga/gtag.js?t=UA-107148943-1

95.101.10.152

200 OK

45 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/gtag.js?t=UA-107148943-1
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65508)
Size
45 kB (45086 bytes)
Hash
f0bce3a74e635ab88b299b1f625c99a4
345faf01029820b11abc73022ece8fb8e51cc321
faebd8dced2c15d37da85427c6e60aecb6a1a5f75e888280d447e93e64102c8e

HTTP Headers

GET /tracking/ga/gtag.js?t=UA-107148943-1 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-1ca73"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45086
Date: Sun, 04 Dec 2022 17:16:41 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=c%2fdVtUDWMER8o6TKLvfNYg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js

95.101.10.194

200 OK

151 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
151 kB (151130 bytes)
Hash
0e199c8a2afe69c8be78f57d1a06cce7
08bf5fa6f2a43292862b6c87da61ad376caefbf3
59272d0eb4556d5aa00a610801fe52a96662fa4956ed18a995e4b50360ead31f

HTTP Headers

GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Allow: GET, POST, OPTIONS
Access-Control-Allow-Methods: POST
X-Frame-Options: SAMEORIGIN
ETag: W/"6369c7b6-172f"
Last-Modified: Tue, 08 Nov 2022 03:06:30 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Sun, 04 Dec 2022 17:16:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
WesdAksn=A4vUI96EAQAAKDRmct7DLXYU9RWX-TPOaXwNpkl_2UkQov1OWk61C7mEL1_eAVtaKpqcuDv8wH8AAEB3AAAAAA|1|0|d8383113d2603855698c6d42572ed5e20b8c25ac; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=+brkhGZ7ObhhAWNmzPvrHIkKWqYOZ08xFUdJizGJZZJSEoL3BnpGJOPT1qgCoIF%2f; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:40 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

static.wellsfargo.com/tracking/ga/gtag.js?t=DC-2549153

95.101.10.152

200 OK

45 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/gtag.js?t=DC-2549153
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65508)
Size
45 kB (45086 bytes)
Hash
f0bce3a74e635ab88b299b1f625c99a4
345faf01029820b11abc73022ece8fb8e51cc321
faebd8dced2c15d37da85427c6e60aecb6a1a5f75e888280d447e93e64102c8e

HTTP Headers

GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-1ca73"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45086
Date: Sun, 04 Dec 2022 17:16:41 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=2jjpivUD+XFNFOXSdxAXKg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.474b8abaa4011f6d1861.chunk.css

95.101.10.194

200 OK

23 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.474b8abaa4011f6d1861.chunk.css
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
23 kB (22810 bytes)
Hash
e925513b14cc5287268d791e5186f2db
63ed2725c5f2c9d312763395b82aecd496536cc4
a2b6ba21b3d0e3291226ddb9a63af8a29ea45d997f1e33b9f1ed459c86e1eb40

HTTP Headers

GET /accounts/static/7M/accounts/public/stylesheets/main.474b8abaa4011f6d1861.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 22810
Last-Modified: Tue, 01 Nov 2022 17:24:00 GMT
Vary: Accept-Encoding
ETag: "63615630-591a"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Sun, 04 Dec 2022 17:16:41 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=F84mF9ZTULKvBr8ipPjOdA%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/tracking/ga/gtag.js?t=AW-984436569

95.101.10.152

200 OK

45 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/gtag.js?t=AW-984436569
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65508)
Size
45 kB (45086 bytes)
Hash
f0bce3a74e635ab88b299b1f625c99a4
345faf01029820b11abc73022ece8fb8e51cc321
faebd8dced2c15d37da85427c6e60aecb6a1a5f75e888280d447e93e64102c8e

HTTP Headers

GET /tracking/ga/gtag.js?t=AW-984436569 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-1ca73"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45086
Date: Sun, 04 Dec 2022 17:16:41 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=+8Jq2KkI+ro5H9TKXnu3rw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
a97c490a5f57669e4779f159c4dc7c2e
a8cb07e3ef5ff4963a1e303a9770ff752cc62ecc
440bae73a0f989f36ec69b72d2cd21fab3637efc498af4a5e77d74a55ea7fca7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:41 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 01:42:53 GMT
Expires: Sun, 11 Dec 2022 01:42:52 GMT
Etag: "a8cb07e3ef5ff4963a1e303a9770ff752cc62ecc"
Cache-Control: max-age=548170,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774630f52f281c12-OSL

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.a10feec95c706c7622ce.chunk.css

95.101.10.194

200 OK

37 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.a10feec95c706c7622ce.chunk.css
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
37 kB (37175 bytes)
Hash
6b223f2a2042495f2ae0e100fbee5e56
0e8039397d7e1261e8be70a3cc176f2e69a055c3
ff5708f9e1596bd5699f3581ebb6df1f4e1d1dd17cfed38024cd34ec7a74c3f4

HTTP Headers

GET /accounts/static/7M/accounts/public/stylesheets/wfui.a10feec95c706c7622ce.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 37175
Last-Modified: Tue, 01 Nov 2022 17:24:00 GMT
Vary: Accept-Encoding
ETag: "63615630-9137"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Sun, 04 Dec 2022 17:16:41 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=2v90LIKAEdRHEIKD318TVQ%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea%3A1&_cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a&pv=2&f_cls_s=true

95.101.10.203

200 OK

76 B

URL HTTP/1.1
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea%3A1&_cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a&pv=2&f_cls_s=true
IP
95.101.10.203:0
ASN
#20940 Akamai International B.V.

File type
JSON data\012- , ASCII text, with no line terminators
Size
76 B (76 bytes)
Hash
d5c9c3e1ff268d3e1b021f9933370686
c202a0751909c10d20595bea8d574f3c53a1d77f
36e8b394d27036c8f3e63cc0715a6ff0b5ab7709325932ec6329971ce55d5660

HTTP Headers

GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea%3A1&_cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 76
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sun, 04 Dec 2022 17:16:41 GMT
Connection: keep-alive
Set-Cookie: _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; Secure; SameSite=None;HttpOnly;Secure
_cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea:1; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!MIU8iobYEEWNkGYR0YpcGl4FPg9joXf3xkvgAhjsBl7gqBD/cctu/n1Wql9/ye5zvw4O6L6iJq5A2A==; path=/; Httponly; Secure
DCID=aFIQipQbK3TjRpRJmAmCqFB8mZ2pjBUBfWZXfDh8Z+x8qoHyzemv4eBwSc9veMZk; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:41 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.29e4788f2cfe76a24f62.js

95.101.10.194

200 OK

3.6 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.29e4788f2cfe76a24f62.js
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (7300), with no line terminators
Size
3.6 kB (3644 bytes)
Hash
1e7b7bc2faf9ddec913fb6dbcd09efea
4c39ec1469e86b2d6db9e36872a9173383fdae78
d85d6e6a7093cfed80ef8808cb1e3d9a61db19d8508e118da57852c9baf3db65

HTTP Headers

GET /accounts/static/7M/accounts/public/js/runtime.29e4788f2cfe76a24f62.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Mon, 14 Nov 2022 19:22:52 GMT
Vary: Accept-Encoding
ETag: W/"6372958c-1c84"
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Content-Encoding: gzip
Content-Length: 3644
Date: Sun, 04 Dec 2022 17:16:41 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=vTxZcD0QKlEjG6xDvZZhsz2bpgsngEklzQ++y75ROMG2dtBIUu5fs5%2fp3%2fC20BnA; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:41 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA

163.171.131.129

200 OK

175 B

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
175 B (175 bytes)
Hash
3fa8a8dd787591ceab7eed6ee3fdccf9
63ef721393a9096d659a9dbcec825f4205c33037
1594c6ace1c806ba1a9551fd9beb3d9b58fc9bee829dbff71902cfe45b0d05a5

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Content-Type: multipart/form-data; boundary=---------------------------67725171833926265831171431929
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Content-Length: 169
Connection: keep-alive
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:7$_ss:0$_st:1670175997317$ses_id:1670171736608%3Bexp-session$_pn:4%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778958%7C6%7CMCAAMB-1670778958%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1831438549%7CMCOPTOUT-1670181358s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; SameSite=None; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==; ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:199
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:41 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 175
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
x-envoy-decorator-operation: ingress DeviceCategoryPost4
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=b%2fMWUz06FWvLRgNJwvMSwWqGQY94GreY4nlu8qXWbpxgc6RDEnRIEYNHWvGq0Nra; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:41 GMT;Httponly; Secure
_abck=32C8F8EED88DB6CF2E881BFC1D45FF2C~-1~YAAQMa7dWNcUf3WEAQAAhNYj3gkRJVlG6n0bABThK9UFY0ZsgG6y+S2Mm5DnHtExfMmz006Pfj/om31zeWJfQeMT55YI+W3P++UoKzl16eD7JdWeOYZWssElwkOdCTJjf6Maq+jKUH3dQjLQWMwBLk2CT0R9wvKGsbZA8w8Da7eVpU624Qn/j4qtcQu5kx1pfDuTAdvjqis0AmjARzWyOCpDFk4ZZpi6xW7iVJvderGj768p5UX0UiGA/wOCBfX2vTb/Q2tIe/rQGh4YMvzdy8J54IiQbfnBjXU9XlHge7S0IBCL/nV4BNIt7Yj5aiIRrDTZ0GwjKNGdnpyURzXwq9xRQkaWDlJ4LzWppHtdar9VXJsDZgHOn39ksI4z9NIcQw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:16:41 GMT; Max-Age=31536000; Secure
bm_sz=509403E264083D762056A84D4136678F~YAAQMa7dWNgUf3WEAQAAhNYj3hIIvM6Yy2dvzvPxTX0G3rPAQ31H2wrQv8AZ1DGzDOm/zv8GfT1z7K9IHIh4QiKIMz0LVmTngLiFjWg5MNZQd3zm7S6OPYIR2P7xR6TKXB8H/qHR5hn0z5aoe5tVn9XT4/kRlEdCnAYg8uKDZqTM8zpdP/KJS7SUZioXO6/XSXUeCv8X6UOJiPRsPIYBcAMyWBGqNv+xLnrFB5wq+M7jtK6E6v+lMZVpco+cBfIZY+S+I+v/vR4LEMEV0BQY8KpgjK9Q5p2Pqp31v62/k+hkta57efao~3618630~4470832; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:16:41 GMT; Max-Age=14400
X-Via: 1.1 bl21:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f9_bl21_14229-32863

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198908&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198908&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198908&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32 HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:8$_ss:0$_st:1670175998895$ses_id:1670171736608%3Bexp-session$_pn:4%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778998%7C6%7CMCAAMB-1670778998%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-719121218%7CMCOPTOUT-1670181398s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; SameSite=None; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==; ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:199; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:41 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 03 Dec 2022 17:16:41 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=55n%2f+BVwKjhBC5CT5cbakuPp7EeCtdes5dYOrgPs6AL4YWQ8CtzIEG1u5gJy6Dxk; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:41 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f9_bl21_14484-3819

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.2b02911676d4125b4453.chunk.js

95.101.10.194

200 OK

365 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.2b02911676d4125b4453.chunk.js
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
Unicode text, UTF-8 text, with very long lines (65439)
Size
365 kB (364972 bytes)
Hash
db2d951851111099d0b1d41a96e96e7d
21c16602937154772e851a518480db96b3ea3de0
b15fc7e3a585705c0171abf000b5df1846b2cbed0f5871d3a4dda39d6dee9508

HTTP Headers

GET /accounts/static/7M/accounts/public/js/vendor.2b02911676d4125b4453.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 364972
Last-Modified: Mon, 14 Nov 2022 19:22:52 GMT
Vary: Accept-Encoding
ETag: "6372958c-591ac"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Sun, 04 Dec 2022 17:16:41 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=Fg7SWQcxWVaW80PaMc3fy2k6uFfMTWeFjx9oW56I5PljSFOfRfY1PbnPW8sNY2cN; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:41 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.4856c00bca7b11d138e6.chunk.js

95.101.10.194

200 OK

310 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.4856c00bca7b11d138e6.chunk.js
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
Unicode text, UTF-8 text, with very long lines (65446)
Size
310 kB (310426 bytes)
Hash
76d01c51742efeae9f4202180ecdb404
a08317d6ee581ea7bc9d5510fc575a32d824ab93
bf7773850b24ec98357d76540fc7ec792794a857727d2fc76cbbd56a261a4fd4

HTTP Headers

GET /accounts/static/7M/accounts/public/js/wfui.4856c00bca7b11d138e6.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 310426
Last-Modified: Mon, 14 Nov 2022 19:22:52 GMT
Vary: Accept-Encoding
ETag: "6372958c-4bc9a"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Sun, 04 Dec 2022 17:16:41 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=rVHkCRMM91uqfXE1f+MkmRWiJpHdXLPr9xdejnyzTYolENH+5tO5DatAq9YvEFrg; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:41 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198861&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198861&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198861&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:7$_ss:0$_st:1670175997317$ses_id:1670171736608%3Bexp-session$_pn:4%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778998%7C6%7CMCAAMB-1670778998%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-719121218%7CMCOPTOUT-1670181398s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; SameSite=None; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==; ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:199; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:41 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 03 Dec 2022 17:16:41 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=ZwyiO2z5q+KUuwUDNB88YLSI5m3h3%2fMZKpqYXrGmEffvE2UUvIUYv%2fMaI+jrob4P; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:41 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f9_bl21_14709-53027

connect.secure.wellsfargo.com/auth/static/prefs/atadun.js

95.101.10.194

200 OK

607 B

URL HTTP/1.1
connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with CRLF line terminators
Size
607 B (607 bytes)
Hash
00c66df208db2e1ba86a1bf44853001c
703b030e21167b9bbb52ae54bca96921a886c2dc
ab1989dd07ba1ed256db9131647ea9cb1b3735fac736fd27fb73b4b44c6e45b9

HTTP Headers

GET /auth/static/prefs/atadun.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 08 Nov 2022 03:06:30 GMT
Vary: Accept-Encoding
ETag: W/"6369c7b6-4a0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Content-Encoding: gzip
Content-Length: 607
Date: Sun, 04 Dec 2022 17:16:41 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=ajv4HS8IlmCbvTBQpsOPXHx0L8F7MwwzOgcD2Dcqvzdad2gedRkevncOi2nvse3a; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:41 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

static.wellsfargo.com/tracking/ga/ga_conversion_async.js

95.101.10.152

200 OK

14 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/ga_conversion_async.js
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (35846)
Size
14 kB (13593 bytes)
Hash
42c817a7b5f9583b2bc70f742dc950c9
ff75711716f8605860abe551b0235f7194e4348e
881b430ac699f32b3b5234582494d1f4fc0d22be1e6ac797847d66bc5ebc250f

HTTP Headers

GET /tracking/ga/ga_conversion_async.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-8c31"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 13593
Date: Sun, 04 Dec 2022 17:16:41 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=RBS1k4pCOxhuwG91VXd0fQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198926&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_chk_everydaycheckingrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228529-16%7Etcm%3A91-223657-32

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198926&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_chk_everydaycheckingrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228529-16%7Etcm%3A91-223657-32
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198926&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_chk_everydaycheckingrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228529-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:8$_ss:0$_st:1670175998895$ses_id:1670171736608%3Bexp-session$_pn:4%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778998%7C6%7CMCAAMB-1670778998%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-719121218%7CMCOPTOUT-1670181398s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; SameSite=None; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==; ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:199; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:41 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 03 Dec 2022 17:16:41 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=+a3X7HCSNfD2dPKxsRY6%2fZuhyoFDG6QiYh3xrcyVEW3fj+CL9jgBCtJTJNVbrKWe; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:41 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f9_bl21_14484-3841

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198913&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198913&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198913&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32 HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:8$_ss:0$_st:1670175998895$ses_id:1670171736608%3Bexp-session$_pn:4%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778998%7C6%7CMCAAMB-1670778998%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-719121218%7CMCOPTOUT-1670181398s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; SameSite=None; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==; ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:199; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:41 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 03 Dec 2022 17:16:41 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=h8s1STos0PHHY7VxmEqVmcBvOYkCC7h78XWoMa%2fu5QCa1VneN1%2f0O6vappHMofXI; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:41 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f9_bl21_14239-28281

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/as/jsLog

163.171.131.129

200 OK

0 B

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/as/jsLog
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /as/jsLog HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 166
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:8$_ss:0$_st:1670175998895$ses_id:1670171736608%3Bexp-session$_pn:4%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778998%7C6%7CMCAAMB-1670778998%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-719121218%7CMCOPTOUT-1670181398s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; SameSite=None; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==; ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:199; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:41 GMT
Content-Length: 0
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-a7a91cf9-210c-4e8f-97ce-ed1c0b1fe0b7' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/reporting/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Set-Cookie: ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:199; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:b52d3a8b-ee2f-456e-8732-be51a8783ee1; Expires=Sun, 04-Dec-2022 17:17:11 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:b52d3a8b-ee2f-456e-8732-be51a8783ee1|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 04-Dec-2022 17:17:11 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 04-Dec-2022 17:17:11 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=13D8B6F18183F933E3FA977B4D51D6F3; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Mon, 04-Dec-2023 17:16:41 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120221204091641494330149; domain=.wellsfargo.com; path=/; expires=1 Dec 2032 17:16:41 GMT; secure=true; SameSite=Lax; HttpOnly
ADRUM_BT1=R:27|i:206915; Expires=Sun, 04-Dec-2022 17:17:11 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206915|e:5; Expires=Sun, 04-Dec-2022 17:17:11 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206915|e:5|d:0; Expires=Sun, 04-Dec-2022 17:17:11 GMT; Path=/; Secure; SameSite=Lax; Httponly
ISD_WCM_COOKIE=!MyyRNGycY3vc0JMCM1DtwKm8Wrr896ojxiT3jBJ6cmWhixRCwc/uD/k+hH/2BkByFUPcFf1zioeWNLA=; path=/; Httponly; Secure
DCID=rUTbt7D6WZQvXRdyOvSNlE46TstIgE4E9ARzqMr8Mx%2f0oiUZW+0i7wbOkkl+r74j; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:41 GMT;Httponly; Secure
_abck=F7994BC66697BBC6D381C05BED210862~-1~YAAQIK7dWDyOHdiEAQAAadcj3gkeUGZVFi3wpD8KvcgzW9sbeTTjfDRdGYsYHsmMzDLlv0RShdnmcu3ahBO7vUTF9QPZtrBUcF6Bjndd+9PEatbZ8bWePfvqG6j1O/K9cabWCv7STgSuvAPwqx9/N2IlWej7YOAbreImGakAraj0JPv/HwYvZ9Fy8tnysIsuKtHKxYx+PLXwoTNa6SwGKMyVP+Da4u8Y6N1axq+mPXVTYEiq9mpLD98bsddblPsLECO4o5nWHmjZj1k0X2Qf09fiCrJCm7oq7Pat7jXPmjKUn3EXJcRqWvwp7RoREfYuLw2h6GQDeWLFQdvt7mcNzIV5izwGu9+NZVYgNVyU2K1t8/3B+uS77qYTDRAuwa5Cbw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:16:41 GMT; Max-Age=31536000; Secure
bm_sz=EB3E418E52E3EAD182F2A2217920748D~YAAQIK7dWD2OHdiEAQAAadcj3hLrUaj0DbgnCc56U6s5rPROcgLUR+Wfa0q/3lZG02WBLvpcfsHpYgZr7BPe9zExLMm7NNu1ggrRdLawdwDwbfy+bkmwE94JyeTIHExgvLg/MJAsBqTIrV4JK004uUErbuN+gX6lMikN4XtK87EoZvPUhePxfLxKAs5bpGlRs4EJoQPXMMF12gKAu8Jfmv9NLXk3pIfAagrdAdFYV1y5Nisccz+4mG1kgcrLE6iKzpzP978WtAOgLG/PLWA2SkewQx607gTaS1WKIXh5P4ljVmLGbh4K~3618630~4470832; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:16:41 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl22:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f9_bl21_14229-32885

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198921&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-228529-16%7Etcm%3A91-223657-32

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198921&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-228529-16%7Etcm%3A91-223657-32
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198921&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-228529-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:8$_ss:0$_st:1670175998895$ses_id:1670171736608%3Bexp-session$_pn:4%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778998%7C6%7CMCAAMB-1670778998%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-719121218%7CMCOPTOUT-1670181398s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; SameSite=None; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==; ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:199; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:41 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 03 Dec 2022 17:16:41 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=fl4Y09dmO80n6wLSbFY80hutEc8y4F2Y0tG0%2f3f4Iq4eT+HH%2fgfBX2rB6x%2fSGSCW; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:41 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f9_bl21_14229-32880

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198917&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198917&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198917&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8 HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:8$_ss:0$_st:1670175998895$ses_id:1670171736608%3Bexp-session$_pn:4%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778998%7C6%7CMCAAMB-1670778998%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-719121218%7CMCOPTOUT-1670181398s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; SameSite=None; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==; ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:199; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:41 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 03 Dec 2022 17:16:41 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=lpBpjFLODmNZgJfIjHFkEFpDo1B42tU95jw+XOQ0cjM0EvIMWXS7AksSiz5jy2vY; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:41 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f9_bl21_14239-28282

connect.secure.wellsfargo.com/AIDO/glu.js

95.101.10.194

200 OK

37 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/AIDO/glu.js
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
37 kB (36991 bytes)
Hash
e4cec902af496a430450eaee5359640a
6bc1f0aea73894c671f7acd102e90350008ec8c1
d826c9009154c5a63120d3268b35a2d4db7eba9afa4f8c91cd3941d58d376dc8

HTTP Headers

GET /AIDO/glu.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 36991
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, OPTIONS
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Encoding: gzip
Date: Sun, 04 Dec 2022 17:16:41 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=mVchD13viNY5MNwtgBlp2BNxxVVoUS7d9y89+EuJ7LJwvSvrbA2Wh+VdfcFDyEWM; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:41 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
68570b7de13c7dfdf686da25ce10d668
61c1304152f11e6a83c383fff8d5e498c4385e6f
537302c07522f4bf1e766fbb1a8da346f59526715a5fcecd3f6aa4817b6b32ed

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:16:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

static.wellsfargo.com/tracking/ga/ga.js

95.101.10.152

200 OK

20 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/ga.js
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (49163)
Size
20 kB (19477 bytes)
Hash
d76c07f3794667edfb1c8ac0df3aac66
23e1915175dad06223c692b49c7b3c2aad1a5820
e0a246ff71144016a26e53493b8275a3a02b9386c690a169801840072851136b

HTTP Headers

GET /tracking/ga/ga.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-c025"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 19477
Date: Sun, 04 Dec 2022 17:16:41 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=haOReor+E7gyxDSpiFZ0Zg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
68570b7de13c7dfdf686da25ce10d668
61c1304152f11e6a83c383fff8d5e498c4385e6f
537302c07522f4bf1e766fbb1a8da346f59526715a5fcecd3f6aa4817b6b32ed

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:16:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

static.wellsfargo.com/tracking/ga/ec.js

95.101.10.152

200 OK

1.3 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/ec.js
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (2771)
Size
1.3 kB (1313 bytes)
Hash
8a1d22ba0de1104dcdc02a582b407ed2
e4d90fd13a73c7379c46b197ded523a5d33c69b9
4a44a1a7efd65360f31e0b1842ad06b7fedc7c0373c69c0077c696cd49cc35de

HTTP Headers

GET /tracking/ga/ec.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-aed"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1313
Date: Sun, 04 Dec 2022 17:16:41 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=bhnJJt8%2fZuQaXM43SEvGNA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198936&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198936&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198936&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:8$_ss:0$_st:1670175998895$ses_id:1670171736608%3Bexp-session$_pn:4%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778998%7C6%7CMCAAMB-1670778998%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-719121218%7CMCOPTOUT-1670181398s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; SameSite=None; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==; ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:199; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:41 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 03 Dec 2022 17:16:41 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=W8weHpXRp5vBmrgrxRhQwi5G0GAIscFarb+rUXnoT1I09vN1detRJxLpeHSocGbX; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:41 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f9_bl21_14239-28332

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198944&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198944&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198944&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:8$_ss:0$_st:1670175998895$ses_id:1670171736608%3Bexp-session$_pn:4%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778998%7C6%7CMCAAMB-1670778998%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-719121218%7CMCOPTOUT-1670181398s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; SameSite=None; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==; ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:199; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:41 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 03 Dec 2022 17:16:41 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=BzdwTALHe9bLflZ83c4w3E37AYA432n1vTLGLiN+Lm5efHOhmwbfEt+sKsHp7C%2fY; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:41 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f9_bl21_14229-32908

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198940&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_mtg_prequalificationbrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32&promoSlot=2

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198940&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_mtg_prequalificationbrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32&promoSlot=2
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198940&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_mtg_prequalificationbrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32&promoSlot=2 HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:8$_ss:0$_st:1670175998895$ses_id:1670171736608%3Bexp-session$_pn:4%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778998%7C6%7CMCAAMB-1670778998%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-719121218%7CMCOPTOUT-1670181398s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; SameSite=None; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==; ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:199; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:41 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 03 Dec 2022 17:16:41 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=ediWkMP4OPSCq%2f26lCaw%2f8L1DwlYPASfPx7dp9qle71HyYEWthElSguaT7Zvef9k; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:41 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f9_bl21_14229-32907

static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js

95.101.10.152

200 OK

16 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
IP
95.101.10.152:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (599)
Size
16 kB (15970 bytes)
Hash
18a9dcc7cee831010cf1647c8e39088a
731f39c30835414c6e165dd4687bf4071fe0eb10
1dc439a17ef08f995584c4869ccc397120b2502b57ba40240887df28e347be9b

HTTP Headers

GET /assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 Mar 2021 23:46:24 GMT
Vary: Accept-Encoding
ETag: W/"60401fd0-bbed"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15970
Date: Sun, 04 Dec 2022 17:16:41 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=efMrEX4nh%2f5GTVkycQ4GaA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea:1&_cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a&pid=774de5fa-2562-4d0e-97b8-38e203cb9759&sn=1&cfg&pv=2&aid=

95.101.10.203

200 OK

969 B

URL HTTP/1.1
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea:1&_cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a&pid=774de5fa-2562-4d0e-97b8-38e203cb9759&sn=1&cfg&pv=2&aid=
IP
95.101.10.203:0
ASN
#20940 Akamai International B.V.

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (4597), with no line terminators
Size
969 B (969 bytes)
Hash
f3f62861b191c56cac5d3ad0d5f43e0f
95de5c861ffe75480dd901b006e741a9c5c17680
112a55e6868ee09689b2963f15f03e7eb471623b9c3f8947912a785a70ae5ff4

HTTP Headers

POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea:1&_cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a&pid=774de5fa-2562-4d0e-97b8-38e203cb9759&sn=1&cfg&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 2838
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Cookie: _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; _cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 969
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sun, 04 Dec 2022 17:16:41 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=18d2c6f2; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!bA1kaMZeWIQi7tTjbMKMZ0gdoDa2eT2q3pa2wZN03gPVIGULRrACYomnc7zBHK8w80DsEtQ88FHCTig=; path=/; Httponly; Secure
DCID=b2Qtu70m44rgp7VgM514d7pbAbqAaJw+wQjEFIzbaqY%3d; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:41 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198933&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=1

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198933&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=1
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198933&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=1 HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:8$_ss:0$_st:1670175998895$ses_id:1670171736608%3Bexp-session$_pn:4%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778998%7C6%7CMCAAMB-1670778998%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-719121218%7CMCOPTOUT-1670181398s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; SameSite=None; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==; ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:199; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:41 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 03 Dec 2022 17:16:41 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=vPlphalcmMENM5qsHPbqRhUI2WmJqkBk1K4SHLGfS5%2f1rakBX2c2bROO6kNVFRLM; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:41 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f9_bl21_14484-3861

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198949&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198949&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198949&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3 HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:8$_ss:0$_st:1670175998895$ses_id:1670171736608%3Bexp-session$_pn:4%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778998%7C6%7CMCAAMB-1670778998%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-719121218%7CMCOPTOUT-1670181398s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; SameSite=None; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==; ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:199; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:41 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 03 Dec 2022 17:16:41 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=cHlxxnWGq0LeWQwYF2S%2fWXDjf+MJ+4PwAIf4MATyC1M7avcnEGEuhpMjr%2fMfHDTn; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:41 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f9_bl21_14239-28335

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198953&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198953&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198953&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32 HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:8$_ss:0$_st:1670175998895$ses_id:1670171736608%3Bexp-session$_pn:4%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778998%7C6%7CMCAAMB-1670778998%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-719121218%7CMCOPTOUT-1670181398s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; SameSite=None; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==; ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:199; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:42 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 03 Dec 2022 17:16:42 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=ZfJDHsM3FDzUzX0gFWw41MLtRDvqehBrwUexvAp8DxEAWoyTaej53t8t3IAVb+tp; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:42 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f9_bl21_14239-28351

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f54a71942ab5d7fdc54672cf84aa76db
e03db706ad371c93ddd3cc4a3e4c329777bb5f4b
87453ee6a206085c9b82594123a30bf59f7354733d19f21e388dea70768198c9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:16:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

connect.secure.wellsfargo.com/PIDO/pic.js?r=0.6721920767089669

95.101.10.194

200 OK

42 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/PIDO/pic.js?r=0.6721920767089669
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
42 kB (42457 bytes)
Hash
342c5a977e7880653957ba4bb5b9f7cd
cd3a5b5c7a5f1ce570adee649b2f86ba51e38730
26d31ad034e644f3e0aa7463cd4ea6ef938d4de0a152a63a3c0a2ed0b6492508

HTTP Headers

GET /PIDO/pic.js?r=0.6721920767089669 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 42457
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sun, 04 Dec 2022 17:16:42 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=UxlJ%2fZE2WMcRK9VHfrtKPxwh0UinT9ZATR0bMhB9t58oLn5zCVIq2GJoiivUPQhk; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:42 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198930&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198930&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&cb=1670174198930&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:8$_ss:0$_st:1670175998895$ses_id:1670171736608%3Bexp-session$_pn:4%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778998%7C6%7CMCAAMB-1670778998%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-719121218%7CMCOPTOUT-1670181398s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; SameSite=None; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==; ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:199; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:42 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 03 Dec 2022 17:16:41 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=ZfMIDzuNYw7+6AN0geY6K4IWqO7wIio6rMkDWGMfFndOWUiyfjhQPZtzCUEJIrlb; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:41 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f9_bl21_14709-53057

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/as/target/offers/dispositions

163.171.131.129

200 OK

971 B

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with very long lines (2440), with no line terminators
Size
971 B (971 bytes)
Hash
20b39c2378a8de2efa536f79d005eee5
732f676c9f183cf135a482a8fef5ed78d7a25117
278cc8c6a3d26c135c40c93719ff481a6fc07417201c8a8f82efd550fd04da15

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Content-Length: 265
Connection: keep-alive
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:8$_ss:0$_st:1670175998895$ses_id:1670171736608%3Bexp-session$_pn:4%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778998%7C6%7CMCAAMB-1670778998%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-719121218%7CMCOPTOUT-1670181398s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; SameSite=None; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==; ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:199; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:42 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 971
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-1d82af21-9244-42bc-ac3a-96f3cb123fa8' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/reporting/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:199; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:48fcee16-df7a-4ce7-b752-637f91bf0d80; Expires=Sun, 04-Dec-2022 17:17:12 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:48fcee16-df7a-4ce7-b752-637f91bf0d80|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 04-Dec-2022 17:17:12 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 04-Dec-2022 17:17:12 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sun, 04-Dec-2022 17:17:12 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:92; Expires=Sun, 04-Dec-2022 17:17:12 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=6CFAD4F91FF554187A6144BAE7EBD869; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Mon, 04-Dec-2023 17:16:42 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202212040916421821080551; domain=.wellsfargo.com; path=/; expires=1 Dec 2032 17:16:42 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!r5Z2LXeN/sQN6QhM7jMSAF8jYk3iBonzCbn19cwokh+rs3iScYLyFRFYxCWxjgf33Knuikc60pgBIts=; path=/; Httponly; Secure
DCID=uhLdY8ofHiedom7Egtjksr6PR1yo3U351eoApkdqiqITeG3Qyyayhm5eFZnaDGCU; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:42 GMT;Httponly; Secure
_abck=96E901A77CB0DA0B0E1AF3401A47535E~-1~YAAQIK7dWEyOHdiEAQAAntkj3gmWBKBNGYlCtR5PWPu+iSgPN3oHoHUob16gda+C7HugdQu0cN8B/z50kUCfqpuAduPOzqGWZKnLq5kknXjhbATZpX/pgD+3LpIglAAdOz7SNBmC0yHfNqr4JRPCfpGlhTUxcKimfiXd2daQShw5GdYIfIdIe9MrHaSm5+HDffBCoc9qopaJoa5Xma1ZMT4qbOTawDiEtYSPJ441spzK+Ha7xG23LXhkybdQmqTwpPFa3qHpdjhTOUJqoHDi82UTKO+7EA7fIEUu7ICI7itBHfMGSNW4DYYQik4XIJ3k6SAqGTht7Gd2qou6tbbrbZrX9+PFaPwt6AaH6OFg2JopkKGDqNDnDTnYmrw+2jgR/w==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:16:42 GMT; Max-Age=31536000; Secure
bm_sz=F3C6F7149BCB072F2465B1BF58F96254~YAAQIK7dWE2OHdiEAQAAntkj3hLM8mmtgbMXY1dxsTb+TGPSOvuuqTa9r/I2wVbGl5oD7PEQDNTeqtYSr+qw0W2glF9CuTMe5dlfxIfg/k8XiyTxbC6gVx0om5D9hVdensV6PSneJO5VesPuHGXxG2hcbrt5ZFYvTxjiXn5v44ga13n2LIVb3ctVOrtDYuOFI7vCn6h0k4ooXsp/Sj7CCOchZPyTBwYdefpryICPJIu3raS5yOlnRorfOS3Tss4eC0H+QmVAwuVd8i9B49i/w8Th+kXxFQcDAlsIadbo8Z7V+nBhQhKR~3618630~4470832; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:16:41 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:10 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f9_bl21_14229-32923

connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEByaUxnbFZsVzFDNmhES1prSUdxVHlHTHY5bmE3eGJ5Zk1UT0NQRXFVSFlWU3ptSmI5SUhyTFpLOFdyM1ltOHBFdWpPRytic2pQNGxrRW9UcDNYaWp6aVdJdUliZ2dXTkdXUmRob2g4aS8wYnZkZ0d2ZDJzWTNoSUZBdnBWOHV3aC9yTm1xZS9LOFRsZisxelRiRVM4M2NEL21BVUgzR2g2MG0wUmhoNkxYYTZGeWZQZkE1ay9iTlVzTytoWXFYSEFWdnRnNFg2U1FacFBxMFBqOW5CSUoyclArZzVKZ1I1OWZFemhoU3JzZkFibE1tcFJaUnFGdW03Q2ttTFhYUVQrZXJKUmhuOXZRQVF6WmhNYmsrbjJ1YzZNakIweUN3d2k2N2ZqbVpzPXw1NzlhNDMwYWVkZDYwZjk4ZmY3ZjQ3YWE4NTlhZTgyYjEyZmQ4MDU5MDIxNGI4ZTMzMTMyMmZjYWIxNjI3ZTFhNzc0OGYxZjFhMDFhYjI5ZThmODI4MzFjMzRhMDMyNDQ0ODVmMjM3NGNkYjA1Njk5Yzg0NzBkODNhMDI2NjY2MGUxYWU3YjZkYTc2ZGEzNjYyMzY5ZDYxNTIwYjBiZTkyZjcyODNkOWYyOTNlMzY5ZThlOTJlODQxN2ZmMmFmMWQ1OGE4YjY2NjQ1NmMzNDU3MDg5N2NjZGI2NjljMWY4YWZjOTg5ODAwM2E4N2QyMzBmYzUyZDcxMDczNWU0NGQzN2YwNjIxYzhhYmQwN2EwNWUwMWJkOTFmMzU5MzQ4YzlmMjgyNzg5YzUzZDNlOWMwZTQxZjhkYzQwZTM4NDYxYjk2YjE4ODVkYjY4ODNiNDUxMzkxMzU2OGM2ZDBlMTNiY2FjM2ZiMjdiYzg3MjBjMjc0NmU2MWUxZjcyMTEyMjVlZTZmY2NmOWI3NDg5MmQ5M2U1YmNlNDBlYzQ4OGQ0NTA3YTI1Zjc1YmQwZWJiODRlZjU0OTNjYjg3Mzg1NzU5YWVkMThkNTM0MTQ4MzViMWI2MmQzZDE4MTRiYzExYTFhZmQ2Y2MxZWRlOTY0YWVlNWU3MzliYTkyMDAxMDcxM3wwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com&t=jsonp&c=t__w_qdpu_aqxsta&eu=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F

95.101.10.194

200 OK

90 B

URL HTTP/1.1
connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEByaUxnbFZsVzFDNmhES1prSUdxVHlHTHY5bmE3eGJ5Zk1UT0NQRXFVSFlWU3ptSmI5SUhyTFpLOFdyM1ltOHBFdWpPRytic2pQNGxrRW9UcDNYaWp6aVdJdUliZ2dXTkdXUmRob2g4aS8wYnZkZ0d2ZDJzWTNoSUZBdnBWOHV3aC9yTm1xZS9LOFRsZisxelRiRVM4M2NEL21BVUgzR2g2MG0wUmhoNkxYYTZGeWZQZkE1ay9iTlVzTytoWXFYSEFWdnRnNFg2U1FacFBxMFBqOW5CSUoyclArZzVKZ1I1OWZFemhoU3JzZkFibE1tcFJaUnFGdW03Q2ttTFhYUVQrZXJKUmhuOXZRQVF6WmhNYmsrbjJ1YzZNakIweUN3d2k2N2ZqbVpzPXw1NzlhNDMwYWVkZDYwZjk4ZmY3ZjQ3YWE4NTlhZTgyYjEyZmQ4MDU5MDIxNGI4ZTMzMTMyMmZjYWIxNjI3ZTFhNzc0OGYxZjFhMDFhYjI5ZThmODI4MzFjMzRhMDMyNDQ0ODVmMjM3NGNkYjA1Njk5Yzg0NzBkODNhMDI2NjY2MGUxYWU3YjZkYTc2ZGEzNjYyMzY5ZDYxNTIwYjBiZTkyZjcyODNkOWYyOTNlMzY5ZThlOTJlODQxN2ZmMmFmMWQ1OGE4YjY2NjQ1NmMzNDU3MDg5N2NjZGI2NjljMWY4YWZjOTg5ODAwM2E4N2QyMzBmYzUyZDcxMDczNWU0NGQzN2YwNjIxYzhhYmQwN2EwNWUwMWJkOTFmMzU5MzQ4YzlmMjgyNzg5YzUzZDNlOWMwZTQxZjhkYzQwZTM4NDYxYjk2YjE4ODVkYjY4ODNiNDUxMzkxMzU2OGM2ZDBlMTNiY2FjM2ZiMjdiYzg3MjBjMjc0NmU2MWUxZjcyMTEyMjVlZTZmY2NmOWI3NDg5MmQ5M2U1YmNlNDBlYzQ4OGQ0NTA3YTI1Zjc1YmQwZWJiODRlZjU0OTNjYjg3Mzg1NzU5YWVkMThkNTM0MTQ4MzViMWI2MmQzZDE4MTRiYzExYTFhZmQ2Y2MxZWRlOTY0YWVlNWU3MzliYTkyMDAxMDcxM3wwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com&t=jsonp&c=t__w_qdpu_aqxsta&eu=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with no line terminators
Size
90 B (90 bytes)
Hash
5c7531a6cb31bbf6f3718d27d25413dc
cd6d17dffeca6d4c566447da81973ee570188bcc
3b9211cc5022f2e4c627afefb89b5e105f203911845bec120c7083cea89b3ef2

HTTP Headers

GET /AIDO/vyHb?d=ZW5jZEByaUxnbFZsVzFDNmhES1prSUdxVHlHTHY5bmE3eGJ5Zk1UT0NQRXFVSFlWU3ptSmI5SUhyTFpLOFdyM1ltOHBFdWpPRytic2pQNGxrRW9UcDNYaWp6aVdJdUliZ2dXTkdXUmRob2g4aS8wYnZkZ0d2ZDJzWTNoSUZBdnBWOHV3aC9yTm1xZS9LOFRsZisxelRiRVM4M2NEL21BVUgzR2g2MG0wUmhoNkxYYTZGeWZQZkE1ay9iTlVzTytoWXFYSEFWdnRnNFg2U1FacFBxMFBqOW5CSUoyclArZzVKZ1I1OWZFemhoU3JzZkFibE1tcFJaUnFGdW03Q2ttTFhYUVQrZXJKUmhuOXZRQVF6WmhNYmsrbjJ1YzZNakIweUN3d2k2N2ZqbVpzPXw1NzlhNDMwYWVkZDYwZjk4ZmY3ZjQ3YWE4NTlhZTgyYjEyZmQ4MDU5MDIxNGI4ZTMzMTMyMmZjYWIxNjI3ZTFhNzc0OGYxZjFhMDFhYjI5ZThmODI4MzFjMzRhMDMyNDQ0ODVmMjM3NGNkYjA1Njk5Yzg0NzBkODNhMDI2NjY2MGUxYWU3YjZkYTc2ZGEzNjYyMzY5ZDYxNTIwYjBiZTkyZjcyODNkOWYyOTNlMzY5ZThlOTJlODQxN2ZmMmFmMWQ1OGE4YjY2NjQ1NmMzNDU3MDg5N2NjZGI2NjljMWY4YWZjOTg5ODAwM2E4N2QyMzBmYzUyZDcxMDczNWU0NGQzN2YwNjIxYzhhYmQwN2EwNWUwMWJkOTFmMzU5MzQ4YzlmMjgyNzg5YzUzZDNlOWMwZTQxZjhkYzQwZTM4NDYxYjk2YjE4ODVkYjY4ODNiNDUxMzkxMzU2OGM2ZDBlMTNiY2FjM2ZiMjdiYzg3MjBjMjc0NmU2MWUxZjcyMTEyMjVlZTZmY2NmOWI3NDg5MmQ5M2U1YmNlNDBlYzQ4OGQ0NTA3YTI1Zjc1YmQwZWJiODRlZjU0OTNjYjg3Mzg1NzU5YWVkMThkNTM0MTQ4MzViMWI2MmQzZDE4MTRiYzExYTFhZmQ2Y2MxZWRlOTY0YWVlNWU3MzliYTkyMDAxMDcxM3wwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com&t=jsonp&c=t__w_qdpu_aqxsta&eu=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 90
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Sun, 04 Dec 2022 17:16:42 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=HjJkgZnzLg+wuqnRapk%2f+7MtEN1cKcZ9olBeZ7m9Z169nNwem1oHeV%2fa6TCe37hr; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:42 GMT;Httponly; Secure
_abck=838F08302BA4587DD5BA95E280FE5607~-1~YAAQvgplX/eWFIyEAQAAuNkj3gkowWekDfgRwY1xoNmL2hbI6ZR98Qv2y+EfjjeFVfo9YzvE6j5LYqLK52jCnRgmlqXNsu1lVLiflfJRW8pNoUnY9lNHWWTnIejhIif2LDVvhaMaKxZgyAlEs9K7Ls5U/qoBBtwwNrrsrqgcIE8OlUdb65+pM7pRgUQmNgsfleQkUWz/VIHQVT6Y0GqD+ctrzp3e/c6UZmN6NdGa9iSvMKrDoUKCJiipnvDfFiAaTt/olIsHKZk8fzm0dTl+/kJzf5FEJiaivNQbJjt1XSIh0zF1A7kjVEc7cx4qz7w4B3BnY/j4/GtZ7BUmmzwRpJcKzY8j6CsEio7gXowlM8y8NdppijaT8VmG5ufq+ut2bA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:16:42 GMT; Max-Age=31536000; Secure
bm_sz=DFE4750FA2851FB9F83E4F5854F8ACC5~YAAQvgplX/iWFIyEAQAAuNkj3hK6ax9qOvmruG3RF+VztAa18t3hZUADg4MoaXj+k/l+Q0esdXweBUoV9izPKzGvNm9sJNDqlsNuQsesS+KL2/TtpjSLoBEZ6EUCXGt6uBcRjguaVrLdFikqL1L2C68peQE+VYwDNkvPUpVb/E3rWJtfLNFbTrf1G9lqenzIW45jtVY447SZuEf9ul5HXU3gKWDunX+c6EPTlJ6+v19jbwzkNyFfy2mo00I4ff7JC2PQn986I+Uq6i2T7Xbtbps3VHvlM3Y9/VCKs4uJor3Vmq6+Yh4V~4471096~3683377; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:16:42 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/as/target/offers/dispositions

163.171.131.129

200 OK

971 B

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with very long lines (2439), with no line terminators
Size
971 B (971 bytes)
Hash
e1c07ae1250eb91dcfbe3cc6a99d6d6b
845d2bda046900cf26c750bd560fe70862b91613
3b1f972b49792236be2fae7d81d2508163b97ec50a2a25a447b4c595b1689730

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Content-Length: 264
Connection: keep-alive
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:8$_ss:0$_st:1670175998895$ses_id:1670171736608%3Bexp-session$_pn:4%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778998%7C6%7CMCAAMB-1670778998%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-719121218%7CMCOPTOUT-1670181398s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; SameSite=None; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==; ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:199; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:42 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 971
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-25fc8c99-aba2-4d1a-b74b-1edbeaddb90e' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/reporting/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:199; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:aeed882d-3073-485b-ba1d-a16f465a4f0f; Expires=Sun, 04-Dec-2022 17:17:12 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:aeed882d-3073-485b-ba1d-a16f465a4f0f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 04-Dec-2022 17:17:12 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 04-Dec-2022 17:17:12 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sun, 04-Dec-2022 17:17:12 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:99; Expires=Sun, 04-Dec-2022 17:17:12 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=AD6D001A6919EBB52C1B969B686684CB; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Mon, 04-Dec-2023 17:16:42 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202212040916421744045762; domain=.wellsfargo.com; path=/; expires=1 Dec 2032 17:16:42 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!vP720MWpgRFXlikCM1DtwKm8Wrr893YqKQsEWpLHUnjnkHx+CMKGOE3wyNRSzWozlkPspzrU5BlqSww=; path=/; Httponly; Secure
DCID=FrPFr0m5bYOeknRx1%2fhm+nZz4bBMG6pKxi6wKVrGJmkyCK2peC1WlRsPdiR5UGr0; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:42 GMT;Httponly; Secure
_abck=7F0ADAE4ADDC2C4A94EC2FEEDBD61A01~-1~YAAQMa7dWBQVf3WEAQAAsdkj3glgU3DQEWBp6j75Ih1J/ZxI8oB1YQStcCJOhc/rcTxzoRhqiMP9iosHUetldrf5X85oCrR/nwbcBMKZnzBn2n10DnTHmRtcdpQv7p59Qpx6UgxQEoon8mQMqEYK8PxGTLEAjcWrOd93XLEq0FWvRLJQu9Aw1/WugPnFtuhAerIQJ6Y4ZpH3KukcZzZOd0vgDXKcIqXYUzA+GJiVmBBBjxkaUiG8A9hioCRiKMJplXxBNeaI9QCMmdKNyJPotZDtVCHS1BgOo0TgGq8djn/SpElN/qCMv+tN+F/ktlImZCzQb4X5EWFJDGRYeb6iQ+x8dQC0fLAdgPRGbKH5vNuhhynhZ4sxRmW2x+TNObmDaA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:16:42 GMT; Max-Age=31536000; Secure
bm_sz=C7FF175A585146CAF9A2403AC43CFA46~YAAQMa7dWBUVf3WEAQAAsdkj3hJ1Nfpu0h6mPUuovEkTjJxQCGARdyiqKkRfKq9Oak5W90wiAC/uwEEhaeyj/ZqVPhBU/0NMmjWdMJK5BLLgk6xVL7idumQ+xPUx44/hpCkXe6OnaN8dvgwTdC4VrDJkKpREKCNKgc+YhIshRFHTL7myoVzqYK2HxCVQZxhNVYL0I177aB0plGSYVYe7J0IT6oDAgpCH5PcdHKwzRQl449Hu8LFhv4IqHi2AJ5Ykw1zK6mkzNbi7TJvD9Mk6/GLamXkpJWn/xL7gelD9UJJ/SHkf7nIT~3618630~4470832; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:16:41 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:10 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f9_bl21_14229-32926

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/as/target/offers/dispositions

163.171.131.129

200 OK

966 B

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with very long lines (2440), with no line terminators
Size
966 B (966 bytes)
Hash
ae3a0eacb52ac442f21e7a434ddae01c
68684188e3bba2961b1f401110def0adb8860e94
be8b8a1f3e949909d01cc82c29811177a9feaa0cf207a2baf89b34d1b5733e15

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Content-Length: 267
Connection: keep-alive
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:8$_ss:0$_st:1670175998895$ses_id:1670171736608%3Bexp-session$_pn:4%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778998%7C6%7CMCAAMB-1670778998%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-719121218%7CMCOPTOUT-1670181398s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; SameSite=None; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==; ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:199; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:42 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 966
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-f9551f5d-7c03-446d-86e5-a71b322e1ea6' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/reporting/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:199; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:b5ecf390-c4c9-4f02-ad62-73504032a1b5; Expires=Sun, 04-Dec-2022 17:17:12 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:b5ecf390-c4c9-4f02-ad62-73504032a1b5|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 04-Dec-2022 17:17:12 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 04-Dec-2022 17:17:12 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sun, 04-Dec-2022 17:17:12 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:97; Expires=Sun, 04-Dec-2022 17:17:12 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=B99678025084CEC14D4B3DB65B07CF71; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Mon, 04-Dec-2023 17:16:42 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120221204091642991669721; domain=.wellsfargo.com; path=/; expires=1 Dec 2032 17:16:42 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!zVU1OEEYFFQOYbwCM1DtwKm8Wrr892sQzHQ5gDt+ONRUGNXpHy3S+RAYU3u7zDCsiFN1eBVrfLQ05os=; path=/; Httponly; Secure
DCID=d+dNTacFe9fS%2f7EBeGMuYpr0pHn4ATJN0+UYbKPA3NFF4LVa7lC8atGWR5FAz1Ao; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:42 GMT;Httponly; Secure
_abck=03E43C68D794C5B5D2977477B7DC6920~-1~YAAQMa7dWBcVf3WEAQAAudkj3gnDFSG9GW1pRuT3IPLHazLmIqW+HXQmWGkcpHMN26G8jbi9xtWR3Zu5/dWe6g7gGlSxjZCexGapuj4REveMW8h2yO7g8Dk8xI8WrfaAM1jUR27TO3f0nPgcgosIhnW2XHWABUhqTuT6iIFXDTeyp4k9fWyn6JJmhgCHY34GphwIqV7Z4+6vd/qN1BWdIRjGuUm1NrlGz89dKNrIlLURCoMRm8JBlqGKq36Qg7N6px1zxFLY2r3vP3YzQS5aXE9gwLb5nKWX2uVqt5h0hM0GfkJRQh3wT+92JMxC32CYzKhH+9QsOSOK049mUDUZTbJZnzLJLAxydNPH96Kgt3Cz9+UkYA36Djv7DwlvyPu8NQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:16:42 GMT; Max-Age=31536000; Secure
bm_sz=EF926FBCF3BFB8A9B500A991185B3362~YAAQMa7dWBgVf3WEAQAAudkj3hLaEVgnFpZ8/YLdIffTOyxwY+NPiHpBetjycuUbH5rOKE0s1BrKwZXyU/+d6oiSht32evnWdUKslWW68AVIkujTiROXkwcpZTQiqiJhZqY9zQuqka/1QiysPSf+hO44MboTvpn80oLzPUv0mmdQ2Pn8gixFJCAPQDqrVVE1dnPEto/rZdyyUGsr5TUinf5T5qBPnxty7NyUZPHB/viANk+xxB7gEiO5nTz/g6H2gCBNhYZGkYsPEzXHlbJ7XoTzxlw+cX+p02Y7P/MS9lmJot9mpr77~4338736~4407865; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:16:42 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:10 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5fa_bl21_14484-3891

connect.secure.wellsfargo.com/jenny/nd

95.101.10.194

200 OK

17 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/jenny/nd
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (2285)
Size
17 kB (17126 bytes)
Hash
61f40782ee07be75f4b0e72c72f51c88
c8e3aecd15e2addcd9e872cf1be55326b94200c1
003d9bbbfa8d30012f0758d01b46103bb2e59790ddc5e9237905aa01f42e8d15

HTTP Headers

GET /jenny/nd HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/javascript;charset=ISO-8859-1
Content-Length: 17126
Date: Sun, 04 Dec 2022 17:16:42 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:55|g:a5b66981-3c13-4349-a4b8-c7649dd5f29a; Expires=Sun, 04-Dec-2022 17:17:12 GMT; Path=/; Secure
ADRUM_BTa=R:55|g:a5b66981-3c13-4349-a4b8-c7649dd5f29a|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 04-Dec-2022 17:17:12 GMT; Path=/; Secure
SameSite=None; Expires=Sun, 04-Dec-2022 17:17:12 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812; Expires=Sun, 04-Dec-2022 17:17:12 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812|e:3; Expires=Sun, 04-Dec-2022 17:17:12 GMT; Path=/; Secure
ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=HKqJdkRrRgBil3fZNJOJBVzolc9oKYZw0t38CsMJCPZnioJFw20VAz95P69KVU4J; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:42 GMT;Httponly; Secure
_abck=640FB9D52547A3D1F1CF23DD682616B0~-1~YAAQvgplX/mWFIyEAQAA2Nkj3gm8luOBJGP6rCLNqBu2U1yDO2B8pz4YrKleI8Y6ZveJDtpnzruEq66j6mEEOvgJrbKaqwqgSMqW6orQSY0zbB7D2vgsR6cPv08Qsj/XTF6U4eDeEjR/x9U2+BvGdy+MT35sYETwJfFNt45JbstFUmAWJQ8ciSdPLpeP2W7NpcJSuG+Ic0MyrPya+ORTqSC8sAQpOcddxpO96eMmugJSlS3zLqVozlA3JeidkO8+AhzZggUrw3hpY/2v9DBsOgLgQm6AUgJiZsCPdA1N1CnXlHU51Jg/0VQmShrnZorj+XK6MFaHaoLSYeexoG2e6gdFaw2wisyMR/XNZ6udYDLtqL4c0VaJ1GYdPndG5CK57g==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:16:42 GMT; Max-Age=31536000; Secure
bm_sz=D76BB37DD3C9A6F30D844DA19E67FA50~YAAQvgplX/qWFIyEAQAA2Nkj3hKNoF7UuNgUcDL0D4+J/X8IcGywiRb4UwFarmxfusEJAJlof14IYqd0PSveZGhZocjgvpyNg2HX5/vj1e/9pkBwMLvGaRpMug54Yfus/LfsBHKYgagTeeVkb9DCDf3ahdYusASSAtrcluSyaRXlfRt1zuybnnTOHkGHe6Dhhw6MDlwW6772SCIcli70jxzJjlifauBgYGdiQ+A3txeBlP8f2LAsG99OMevKSkkevLv49/VaOzBss/2JGW2hxaTFsGZV1o+p0Essz1yq6npVtP+qbc8c~4471096~3683377; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:16:42 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/as/target/offers/dispositions

163.171.131.129

200 OK

967 B

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with very long lines (2437), with no line terminators
Size
967 B (967 bytes)
Hash
eb54df15067ca97bc11894ea34a49ebf
d74cfb3d37d8c50bf999064334820bf0c21c6c84
3d977dce8949bcb8052076edbceb9534ac142aa75195561b5d92263e1ad47d66

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Content-Length: 262
Connection: keep-alive
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:8$_ss:0$_st:1670175998895$ses_id:1670171736608%3Bexp-session$_pn:4%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778998%7C6%7CMCAAMB-1670778998%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-719121218%7CMCOPTOUT-1670181398s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; SameSite=None; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==; ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:199; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:42 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 967
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-9fe92f90-e795-4b32-ad8c-3a46c23876a5' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/reporting/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:1785ae0f-097a-457c-a096-4206f6f04561|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:199; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:3f7ba90b-164f-46d8-9fd7-bc6efe2064e5; Expires=Sun, 04-Dec-2022 17:17:12 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:3f7ba90b-164f-46d8-9fd7-bc6efe2064e5|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 04-Dec-2022 17:17:12 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 04-Dec-2022 17:17:12 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sun, 04-Dec-2022 17:17:12 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:94; Expires=Sun, 04-Dec-2022 17:17:12 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=BC0656A5F6788FC99FB17022CD1681DB; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Mon, 04-Dec-2023 17:16:42 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202212040916421802232944; domain=.wellsfargo.com; path=/; expires=1 Dec 2032 17:16:42 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!Wi+SR6Njmb47h8pM7jMSAF8jYk3iBjSCxP4CvthjZ5De6PiTxQqn9BfIwfK1fq5Ooj3Ta6i9XkKaJMY=; path=/; Httponly; Secure
DCID=0fABKEpoxP+ivsj1cCH1VKCZrPsoIrCjfs4ADxet91nmuga9fmYKQiMftf7rnmml; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:42 GMT;Httponly; Secure
_abck=C87A2CDB1C3B735FFC04B89230EF229C~-1~YAAQIK7dWE+OHdiEAQAAFdoj3gnDr33HhYXbH0SSehYFpoxMaQCPpfwRyvSaJ8f4ifiK+mpl7ebAUeLpm1S85MBxAbLnKKINyqVy48qX0J1mneIii00NK3/la7JJRnhElyVrWLyDq86TaKmAEbESfs6uLiZbNvUg87x6fEeozhOgY6ztgriLE3H7+cP8HYp8//jDd7x19+YQcHpcVToPhaw2WGAZgb5WM4UC+S1RemoK9u7TFAh1VaSpY5+M4G69QS57ZUhkTFofMYars/1NHCUruhLWy15Y/PQCtOJDdqA4R8AIENszM3iuFwcunJG8gvO0EiIlyuY6FMUT1czwxO0IIEOnhf7IrmuOforYAW02IQ0WzPCFKluN1wOJJLAjBA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:16:42 GMT; Max-Age=31536000; Secure
bm_sz=BD8C5203012FDE5707EF16A9933A7512~YAAQIK7dWFCOHdiEAQAAFdoj3hJOBRJMK2tc98iYVT/EQ1KdairGPNNMMYF6sMMLD3o4Jpgpnk1skfxiYf9UR3gjtmrCDEwzwRFscjTpNUnmyXGVLceSlJCF8rGWfyqerFummp4BVXsRVxtL3ipfEi7PSaw2K+XLnNCP64OS0qVNJk683K3bftI6U60YVuNyLP5Bk8Vyr0+H/WENacOlwbTS54CEEF8jtWStyGyHmUBNk4yHBx7C83hK1A5ZyRgqN+6fuQ0u5XV0AuZonNj2xzIxPJORuk+LQXxyegPTUvazj8m8exs5~4338736~4407865; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:16:42 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:10 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5fa_bl21_14239-28356

connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.9818382768225052

95.101.10.194

200 OK

56 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.9818382768225052
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
56 kB (55566 bytes)
Hash
37d3e6c625b09d8b4cb8aed4e139d8f5
ad8454b91409185f3c8259f9239a56c41fd5a7f4
747d56c6eac0af94ba2ed90012c702a79f6c88fd3e5eff4a05bcb8ecec1d7060

HTTP Headers

GET /AIDO/mint.js?dt=login&r=0.9818382768225052 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 55566
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sun, 04 Dec 2022 17:16:42 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=EAzDQiRtGakyt0gA2AuwYZovvobzc3BwdXdoVlmIMpHPCwLG1Ypd6+7P0He3NEhq; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:42 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:16:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
33002e87ed87cec83ec76bdfe55cb33a
a2dafcefab949833412ab20508096c9974b9e359
f73d30247eb325d9dc9531381224e8942b39b56c264ade1618855f1fad9eda2a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3805
Cache-Control: max-age=157663
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:16:42 GMT
Etag: "638c8bfc-1d7"
Expires: Tue, 06 Dec 2022 13:04:25 GMT
Last-Modified: Sun, 04 Dec 2022 12:01:00 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

www.google-analytics.com/collect?v=1&_v=j92&aip=1&a=785073482&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=wCCACUALB~&jid=&gjid=&cid=1843580345.1670171739&tid=UA-107148943-1&_gid=1131569450.1670171739&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120221204091638483324829&cd12=BROWSER&cd22=hp&cd23=4.48.0&gtm=2ou8g0&cd35=1843580345.1670171739&z=1181974306

142.250.74.14

200 OK

35 B

URL HTTP/2
www.google-analytics.com/collect?v=1&_v=j92&aip=1&a=785073482&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=wCCACUALB~&jid=&gjid=&cid=1843580345.1670171739&tid=UA-107148943-1&_gid=1131569450.1670171739&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120221204091638483324829&cd12=BROWSER&cd22=hp&cd23=4.48.0&gtm=2ou8g0&cd35=1843580345.1670171739&z=1181974306
IP
142.250.74.14:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /collect?v=1&_v=j92&aip=1&a=785073482&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=wCCACUALB~&jid=&gjid=&cid=1843580345.1670171739&tid=UA-107148943-1&_gid=1131569450.1670171739&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120221204091638483324829&cd12=BROWSER&cd22=hp&cd23=4.48.0&gtm=2ou8g0&cd35=1843580345.1670171739&z=1181974306 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Sun, 04 Dec 2022 11:01:41 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 22501
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2dabd839729e9b0fb2558253d850126b
64f617aa0afb52168ef3519a4cf9829ac61ee007
1a47e4d0efdac6fbec990e3e168bfdfe615ff8953158773e8b1940d4d91eee18

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:16:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:16:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:16:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/collect?v=1&_v=j92&aip=1&a=785073482&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&ec=Internal%20Promotions&ea=impressions&el=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&_u=yCCACUALB~&jid=&gjid=&cid=1843580345.1670171739&tid=UA-107148943-1&_gid=1131569450.1670171739&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120221204091638483324829&cd12=BROWSER&cd22=hp&cd23=4.48.0&gtm=2ou8g0&cd35=1843580345.1670171739&promo1id=C_chk_everydaycheckingrspv_hpprimary&promo1nm=C_chk_everydaycheckingrspv_hpprimary&promo1cr=en&promo1ps=WF_CON_HP_PRIMARY_BNR&promo2id=C_ccd_findcreditcardrspv_smlprimary&promo2nm=C_ccd_findcreditcardrspv_smlprimary&promo2cr=en&promo2ps=WF_CON_HP_SML_PRIMARY&promo3id=C_mtg_prequalificationbrspv_smlprimary&promo3nm=C_mtg_prequalificationbrspv_smlprimary&promo3cr=en&promo3ps=WF_CON_HP_SML_PRIMARY&promo4id=C_oth_collegestepsrspv_smlprimary&promo4nm=C_oth_collegestepsrspv_smlprimary&promo4cr=en&promo4ps=WF_CON_HP_SML_PRIMARY&promo5id=C_ccd_tk1activecashlaunchrspv_lpromo&promo5nm=C_ccd_tk1activecashlaunchrspv_lpromo&promo5cr=en&promo5ps=WF_CON_HP_LRG_PROMO&promo6id=C_oth_lifeevents_smlpromo&promo6nm=C_oth_lifeevents_smlpromo&promo6cr=en&promo6ps=WF_CON_HP_SML_PROMO&promo7id=C_oth_homepurchase_smlpromo&promo7nm=C_oth_homepurchase_smlpromo&promo7cr=en&promo7ps=WF_CON_HP_SML_PROMO&promo8id=C_oth_retirementplan_smlpromo&promo8nm=C_oth_retirementplan_smlpromo&promo8cr=en&promo8ps=WF_CON_HP_SML_PROMO&z=1879072396

142.250.74.14

200 OK

35 B

URL HTTP/2
www.google-analytics.com/collect?v=1&_v=j92&aip=1&a=785073482&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&ec=Internal%20Promotions&ea=impressions&el=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&_u=yCCACUALB~&jid=&gjid=&cid=1843580345.1670171739&tid=UA-107148943-1&_gid=1131569450.1670171739&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120221204091638483324829&cd12=BROWSER&cd22=hp&cd23=4.48.0&gtm=2ou8g0&cd35=1843580345.1670171739&promo1id=C_chk_everydaycheckingrspv_hpprimary&promo1nm=C_chk_everydaycheckingrspv_hpprimary&promo1cr=en&promo1ps=WF_CON_HP_PRIMARY_BNR&promo2id=C_ccd_findcreditcardrspv_smlprimary&promo2nm=C_ccd_findcreditcardrspv_smlprimary&promo2cr=en&promo2ps=WF_CON_HP_SML_PRIMARY&promo3id=C_mtg_prequalificationbrspv_smlprimary&promo3nm=C_mtg_prequalificationbrspv_smlprimary&promo3cr=en&promo3ps=WF_CON_HP_SML_PRIMARY&promo4id=C_oth_collegestepsrspv_smlprimary&promo4nm=C_oth_collegestepsrspv_smlprimary&promo4cr=en&promo4ps=WF_CON_HP_SML_PRIMARY&promo5id=C_ccd_tk1activecashlaunchrspv_lpromo&promo5nm=C_ccd_tk1activecashlaunchrspv_lpromo&promo5cr=en&promo5ps=WF_CON_HP_LRG_PROMO&promo6id=C_oth_lifeevents_smlpromo&promo6nm=C_oth_lifeevents_smlpromo&promo6cr=en&promo6ps=WF_CON_HP_SML_PROMO&promo7id=C_oth_homepurchase_smlpromo&promo7nm=C_oth_homepurchase_smlpromo&promo7cr=en&promo7ps=WF_CON_HP_SML_PROMO&promo8id=C_oth_retirementplan_smlpromo&promo8nm=C_oth_retirementplan_smlpromo&promo8cr=en&promo8ps=WF_CON_HP_SML_PROMO&z=1879072396
IP
142.250.74.14:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /collect?v=1&_v=j92&aip=1&a=785073482&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&ec=Internal%20Promotions&ea=impressions&el=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&_u=yCCACUALB~&jid=&gjid=&cid=1843580345.1670171739&tid=UA-107148943-1&_gid=1131569450.1670171739&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120221204091638483324829&cd12=BROWSER&cd22=hp&cd23=4.48.0&gtm=2ou8g0&cd35=1843580345.1670171739&promo1id=C_chk_everydaycheckingrspv_hpprimary&promo1nm=C_chk_everydaycheckingrspv_hpprimary&promo1cr=en&promo1ps=WF_CON_HP_PRIMARY_BNR&promo2id=C_ccd_findcreditcardrspv_smlprimary&promo2nm=C_ccd_findcreditcardrspv_smlprimary&promo2cr=en&promo2ps=WF_CON_HP_SML_PRIMARY&promo3id=C_mtg_prequalificationbrspv_smlprimary&promo3nm=C_mtg_prequalificationbrspv_smlprimary&promo3cr=en&promo3ps=WF_CON_HP_SML_PRIMARY&promo4id=C_oth_collegestepsrspv_smlprimary&promo4nm=C_oth_collegestepsrspv_smlprimary&promo4cr=en&promo4ps=WF_CON_HP_SML_PRIMARY&promo5id=C_ccd_tk1activecashlaunchrspv_lpromo&promo5nm=C_ccd_tk1activecashlaunchrspv_lpromo&promo5cr=en&promo5ps=WF_CON_HP_LRG_PROMO&promo6id=C_oth_lifeevents_smlpromo&promo6nm=C_oth_lifeevents_smlpromo&promo6cr=en&promo6ps=WF_CON_HP_SML_PROMO&promo7id=C_oth_homepurchase_smlpromo&promo7nm=C_oth_homepurchase_smlpromo&promo7cr=en&promo7ps=WF_CON_HP_SML_PROMO&promo8id=C_oth_retirementplan_smlpromo&promo8nm=C_oth_retirementplan_smlpromo&promo8cr=en&promo8ps=WF_CON_HP_SML_PROMO&z=1879072396 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Sun, 04 Dec 2022 11:01:41 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 22501
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0

31.13.72.36

200 OK

0 B

URL HTTP/2
www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0
IP
31.13.72.36:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin: 
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Sun, 04 Dec 2022 17:16:42 GMT
X-Firefox-Spdy: h2

www.google-analytics.com/collect?v=1&_v=j92&aip=1&a=785073482&t=timing&_s=3&dl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&plt=3187&pdt=2&dns=0&srt=559&tcp=530&dit=1959&clt=2015&_gst=4000&_gbt=4196&_cst=2060&_cbt=3788&_u=yCCACUALB~&jid=&gjid=&cid=1843580345.1670171739&tid=UA-107148943-1&_gid=1131569450.1670171739&gtm=2ou8g0&z=924042197

142.250.74.14

200 OK

35 B

URL HTTP/2
www.google-analytics.com/collect?v=1&_v=j92&aip=1&a=785073482&t=timing&_s=3&dl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&plt=3187&pdt=2&dns=0&srt=559&tcp=530&dit=1959&clt=2015&_gst=4000&_gbt=4196&_cst=2060&_cbt=3788&_u=yCCACUALB~&jid=&gjid=&cid=1843580345.1670171739&tid=UA-107148943-1&_gid=1131569450.1670171739&gtm=2ou8g0&z=924042197
IP
142.250.74.14:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /collect?v=1&_v=j92&aip=1&a=785073482&t=timing&_s=3&dl=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&plt=3187&pdt=2&dns=0&srt=559&tcp=530&dit=1959&clt=2015&_gst=4000&_gbt=4196&_cst=2060&_cbt=3788&_u=yCCACUALB~&jid=&gjid=&cid=1843580345.1670171739&tid=UA-107148943-1&_gid=1131569450.1670171739&gtm=2ou8g0&z=924042197 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Sun, 04 Dec 2022 11:01:41 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 22501
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1670174199470&cv=9&fst=1670174199470&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1

142.250.74.66

302 Found

42 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1670174199470&cv=9&fst=1670174199470&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1
IP
142.250.74.66:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/viewthroughconversion/984436569/?random=1670174199470&cv=9&fst=1670174199470&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 17:16:42 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-user-list/984436569/?random=1670174199470&cv=9&fst=1670173200000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=312689857&resp=GooglemKTybQhCsO
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 04-Dec-2022 17:31:42 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:16:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
33002e87ed87cec83ec76bdfe55cb33a
a2dafcefab949833412ab20508096c9974b9e359
f73d30247eb325d9dc9531381224e8942b39b56c264ade1618855f1fad9eda2a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3805
Cache-Control: max-age=157663
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:16:42 GMT
Etag: "638c8bfc-1d7"
Expires: Tue, 06 Dec 2022 13:04:25 GMT
Last-Modified: Sun, 04 Dec 2022 12:01:00 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2dabd839729e9b0fb2558253d850126b
64f617aa0afb52168ef3519a4cf9829ac61ee007
1a47e4d0efdac6fbec990e3e168bfdfe615ff8953158773e8b1940d4d91eee18

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:16:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
663979bbd831a40bec8611cfac8d77af
aa43c96676a33100f244e6772e37adc2b6f89b76
60c21027da288e857f546b531dd226d81206bfa85a35985b0e1587a68dec4d5b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:16:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/pagead/1p-user-list/984436569/?random=1670174199470&cv=9&fst=1670173200000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=312689857&resp=GooglemKTybQhCsO&ipr=y

142.250.74.163

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/984436569/?random=1670174199470&cv=9&fst=1670173200000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=312689857&resp=GooglemKTybQhCsO&ipr=y
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/984436569/?random=1670174199470&cv=9&fst=1670173200000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=312689857&resp=GooglemKTybQhCsO&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 17:16:42 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=3204904932549;gtm=2od8g0;auiddc=389735399.1670171739;u1=1120221204091638483324829;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.1843580345.1670171739;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F

142.250.74.130

200 OK

85 B

URL HTTP/2
adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=3204904932549;gtm=2od8g0;auiddc=389735399.1670171739;u1=1120221204091638483324829;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.1843580345.1670171739;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F
IP
142.250.74.130:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
85 B (85 bytes)
Hash
4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb

HTTP Headers

GET /ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=3204904932549;gtm=2od8g0;auiddc=389735399.1670171739;u1=1120221204091638483324829;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.1843580345.1670171739;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--5w49329d48d6c.wsipv6.com%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 17:16:42 GMT
expires: Sun, 04 Dec 2022 17:16:42 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
663979bbd831a40bec8611cfac8d77af
aa43c96676a33100f244e6772e37adc2b6f89b76
60c21027da288e857f546b531dd226d81206bfa85a35985b0e1587a68dec4d5b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:16:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip

163.171.131.129

200 OK

164 B

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
164 B (164 bytes)
Hash
c94760c9c8fa6cd19f01b071a1efada1
6b353c64479ea9775014da5b13ad75286feef193
68102fd933ebf931171fa40e077f8e15ab0a3e70083491aa63c6271365f2ea53

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /dti_apg/api/dip/v1/dip HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
ADRUM: isAjax:true
Content-Length: 2038
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:8$_ss:0$_st:1670175998895$ses_id:1670171736608%3Bexp-session$_pn:4%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtONc9S6CrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22aUFuaHBTNGxraGdXUXU4SA%3D%3DTxCfu7TT-1X_I0cfubk8Zt5P8XKJj2kPxkAzTLoBlTVVjr9CmYGg0uf7Avzw1xA1EHXpQdKwgXGmBhRwTBAIx2iaVPB8OmSLGOI%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778998%7C6%7CMCAAMB-1670778998%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-719121218%7CMCOPTOUT-1670181398s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; SameSite=None; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea:1; ISD_WCM_COOKIE=!Wi+SR6Njmb47h8pM7jMSAF8jYk3iBjSCxP4CvthjZ5De6PiTxQqn9BfIwfK1fq5Ooj3Ta6i9XkKaJMY=; LSESSIONID=eyJpIjoiZXptUm5HZ2ZLb1FNOHl0cEREbEtOdz09IiwiZSI6Im5iZThUUFwvQkR3Tmcwem1NZGZxVHR0d0o4cjNiZm1RWXFpTXA5VUpWaml2bG9VbGpka1pNdlJjK2V2ZXFnOVJuZ0RFRzE5NkxPTnFFUWxSQkxwRXZtd1RLbUhHaVJQRk44cXM3VkpIQ3NiOVNqWDVmZkk0dEd2U1Zubm1XXC90aTZqSEVuVnBcL29DNXV0U2JnaEVMdDdsUT09In0%3D.50c1782af6b89cdf.YTRmMmMxMzljMGE2OWJjNzAxMmMyMjZhODliZmJlMDQxNGU5NzllMDIxYWU1ZjQ3ZmZlZDUwMGMwZjQyOTk5Mw%3D%3D; ADRUM_BTa=R:27|g:3f7ba90b-164f-46d8-9fd7-bc6efe2064e5|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:94
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:43 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 164
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
x-envoy-upstream-service-time: 23
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=2XB7JWG7Zwf6ruu+XnvUrLKPFfd633mwxjMBvgOYnw+uLhlzE127kqyPYlt8X%2fSd; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:43 GMT;Httponly; Secure
_abck=60FD9E4ED5B472BF7CB60F0873DBAA1D~-1~YAAQIK7dWGiOHdiEAQAAmt4j3gnUzEWPV3Jx/5CdFGYlO+LA6AD3S96wYESgbqIM+1MLT5VP9SWaPD5oQb+/oZ/yROrWdkv7ReOUmm0d+C6xCT1GJDSmyAbX5XAQbLiwsFRX83JaFqmCMybQovCWQlqUaK0ylz/kihz4V9abijyCYP3uRVTS4j4G33uctKPqdZr/u0F9nG9t+gGj+u44/pxvzGA1KhcjaqpbxqArFYGdnlxvT8qOiPMKOzraBuNJPSgz39UskUNBU2EJ8IdreYAJMhOnVizGYqWp2vRhWNyHz4piH6rJWPlGovFcGUL32ZmvOKBHexuCk5TR0eKx9e/sLnz2CKiHXmlTqJeeAlh811KPZw3NUm2RXiM9wez8nA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:16:43 GMT; Max-Age=31536000; Secure
bm_sz=319B11239028A9369E96E38D81DEA2C0~YAAQIK7dWGmOHdiEAQAAmt4j3hKje+ljcQcvvprYB71LiXenpK4/GucM+KxJrskRO91LpYdi7rEYclBgGClRq9rNGks9LIL2l1I8PZ17Lhoi0DMQxUiGbSft8zKQm5qupgcSBwBzl+JQjeljt4CGvTYg+JTuzqNrViT1h3CF+Kt4XdrfT0NCpL98+tFUMtPiFLQKGWG5foCuV3t4EOMtDY5MBcYArGuryIdk/DCJwfQYEQ9lKbIitq+dI6Di82Bb0r25vpDN+8AofSN+2d2rKnmUrCPY1ZqHy6UGNorXp41Y857gH5b7~4340025~3687477; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:16:43 GMT; Max-Age=14400
X-Via: 1.1 bl22:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5fb_bl21_14229-33027

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
ddb75db50c854f27d611cadc8e6b000d
551a1af8c8015ab2d3baf689507c0e7a841bace0
13a0380063c5aef81673be073e9a452f8ae3e955201193e16cffb95561823e2a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4449
Cache-Control: max-age=87731
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:16:43 GMT
Etag: "638b784d-1d7"
Expires: Mon, 05 Dec 2022 17:38:54 GMT
Last-Modified: Sat, 03 Dec 2022 16:24:45 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load

163.171.131.129

200 OK

265 B

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
265 B (265 bytes)
Hash
6ed2f4ff1c379ee60301e9fcf883a3a0
5291fad2ddb98549c4856db278e675f552965473
6045c04417163f1d6358e840c351ca632e994582cb5ae53f35bbe633f85d818b

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company

HTTP Headers

POST /dti_apg/api/imp/v1.0/report/?m&fq=load HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
content-type: text/plain;charset=UTF-8
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Content-Length: 1424
Connection: keep-alive
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:8$_ss:0$_st:1670175998895$ses_id:1670171736608%3Bexp-session$_pn:4%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtONc9S6CrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22aUFuaHBTNGxraGdXUXU4SA%3D%3DTxCfu7TT-1X_I0cfubk8Zt5P8XKJj2kPxkAzTLoBlTVVjr9CmYGg0uf7Avzw1xA1EHXpQdKwgXGmBhRwTBAIx2iaVPB8OmSLGOI%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A10000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778998%7C6%7CMCAAMB-1670778998%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-719121218%7CMCOPTOUT-1670181398s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; SameSite=None; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_s=25e6becc-b3cd-4d32-b2fb-75a6a5de11ea:1; ISD_WCM_COOKIE=!Wi+SR6Njmb47h8pM7jMSAF8jYk3iBjSCxP4CvthjZ5De6PiTxQqn9BfIwfK1fq5Ooj3Ta6i9XkKaJMY=; LSESSIONID=eyJpIjoiZXptUm5HZ2ZLb1FNOHl0cEREbEtOdz09IiwiZSI6Im5iZThUUFwvQkR3Tmcwem1NZGZxVHR0d0o4cjNiZm1RWXFpTXA5VUpWaml2bG9VbGpka1pNdlJjK2V2ZXFnOVJuZ0RFRzE5NkxPTnFFUWxSQkxwRXZtd1RLbUhHaVJQRk44cXM3VkpIQ3NiOVNqWDVmZkk0dEd2U1Zubm1XXC90aTZqSEVuVnBcL29DNXV0U2JnaEVMdDdsUT09In0%3D.50c1782af6b89cdf.YTRmMmMxMzljMGE2OWJjNzAxMmMyMjZhODliZmJlMDQxNGU5NzllMDIxYWU1ZjQ3ZmZlZDUwMGMwZjQyOTk5Mw%3D%3D; ADRUM_BTa=R:27|g:3f7ba90b-164f-46d8-9fd7-bc6efe2064e5|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:94
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:44 GMT
Content-Type: text/plain
Content-Length: 265
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=vNPCD6TOn4z+ORo1ctTKNFn2zXw7kMpPcCtMDW2eso88aHFXgv6yKTgYNDmeLs3G; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:44 GMT;Httponly; Secure
_abck=757B37540577B17499B95B3DCB565B82~-1~YAAQIK7dWHqOHdiEAQAAjeMj3gnO/NDCxDejbKpHwCkK7tSr9ylQ2qewah0aeR8yP/pNUJe5h6D0ruN4enQWY6R8u4Ue23gaXEHQL1526Gg2YbMoaiV5dbUsoYrzl5TpIFnLEinTQg1CVNCWb8wlaKnJu53NtlQ1mwIzv6qMcqjYE2JkPafX/37nWKLLchVBaGgH3TE3NP16yRTaulRG8kqv4Z/wXxG96cPsqSOA59q+midv90GZIkVoijBlMcfHBGu0wkDfZKYva9JJxVpnPclUXV1bNPak7J76El6ycEIG2jqmdAYtFdJBNsNtoiiXxr6Qzjea0YBWh+nYCL7Zzp//IzozroQb/mDtxjIPpWguHYkyT1HR8DuXUARu4Ifs+Q==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:16:44 GMT; Max-Age=31536000; Secure
bm_sz=FE44016A58BDEC1FF1A4B3E3A9A902A3~YAAQIK7dWHuOHdiEAQAAjeMj3hKk03w1S19EDbfv22uWAXYRLxY8peKgJqTglQ3FzgWdGjbXxXh3OE6kakeyXihw9euhJ2oRpKOKndmAJ75ACzncu3tI+CyXH4DF7W+G2eTTes8ULDrut54db4atwAeFL0BSe5WysitVhOV+gpvYJmf83iOd59lnk0eK4ALBLNAb/UeqYMB+YNd7CB/igH/6uuJ0DB6gOBO7sF5HXeJLYFmp89FnFcIggD+seTyTO3g/QOEDuKdrfk63M0/nMjSCPklnp3InXP/wTbygYBLLxfph2YnM~4408641~3553347; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:16:44 GMT; Max-Age=14400
X-Via: 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5fc_bl21_14229-33100

www--wellsfargo--com--5w49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AICOFN6EAQAAxI3ksSFgO61iMb-_K2lwXK8IeYWjWZmZHLRJVAXdDEhhp3kN&X-G2Q3kxs3--z=q

163.171.131.129

200 OK

0 B

URL HTTP/1.1
www--wellsfargo--com--5w49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AICOFN6EAQAAxI3ksSFgO61iMb-_K2lwXK8IeYWjWZmZHLRJVAXdDEhhp3kN&X-G2Q3kxs3--z=q
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company

HTTP Headers

GET /auth/login/static/js/general_alt.js?async&seed=AICOFN6EAQAAxI3ksSFgO61iMb-_K2lwXK8IeYWjWZmZHLRJVAXdDEhhp3kN&X-G2Q3kxs3--z=q HTTP/1.1
Host: www--wellsfargo--com--5w49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184ddfe3a1f00d683d6f68a947000050003e00900918$_sn:1$_se:6$_ss:0$_st:1670175957975$ses_id:1670171736608%3Bexp-session$_pn:3%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQIjGKse8kXJ8Cmqogyyo%2BxpK%2FaFi2XdijljjU%2BVrbM%3D%22%2C%22_s%22%3A%22RhtEXqJK%2FCrPLHuhzQ1BmH7%2BF%2BOk6x2j1XsF9wCBqIge%22%2C%22c%22%3A%22Uk10c0xWNGxLN1pQZnFUUw%3D%3DuQQJVkoFxdXSgVYog2iuxB7kB1lKPCXeMXCfsIxlBmRgh2-6Ulr1iMYCqt35GpONF0DqInfXf8SLt29QcErHySys_PJOIvX6wMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22jOwFcbUCYcZLXRk0COftaw%3D%3DiddpG-6nMJr6l1dsxDOuoHwSoTrw9zN_bI2RmNuLEUcJi6_OOgTMSlzbuPoLskHoosXyVFDVGOYLO1pRihIxB0wiJ6rvQ0S1kHoz_l4YpZ1aWUrW84xFhUlSE6FIn-5VKa_rvmK2LlhfkmaIYxJMBkKqVACCsaT8AaaKhWWRXJbjTRUAFbxaOhue%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xmj0XkJ%2Bkk%3D%22%7D; _cls_v=8db8a235-08d2-448d-a9f2-b07096b7c87a; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C69292223251660950920026903601196452734%7CMCAAMLH-1670778958%7C6%7CMCAAMB-1670778958%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-1831438549%7CMCOPTOUT-1670181358s%7CNONE%7CvVersion%7C5.2.0; _gcl_au=1.1.389735399.1670171739; _ga=GA1.2.1843580345.1670171739; _gid=GA1.2.1131569450.1670171739; ndsid=ndsaa0zpqch17unlb9l4pwi; _imp_di_pc_=AV7MjGMAAAAAQZTzL7UKjrmwXoVzr0nn; _gat_gtag_UA_107148943_1=1; ADRUM_BTa=R:0|g:301e67db-aa29-420d-9cc9-f225abc9769d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:67; ISD_WWWAF_COOKIE=!S3wTi0VsavPaJfz3y5H3Mr4eY+e13W6jWOkpYmmL3QKtLLqvjkEDM0It0arXd9t93HA68di9s9K5eg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:16:39 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Sun, 04 Dec 2022 17:16:39 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A6bOI96EAQAA5UAysALdklcbhhvzdbYB94grSqVZjKM_hwP04SajM6OKva_MAaOrg1-cuDv8wH8AAEB3AAAAAA|1|0|252b734830ad24839f11cfb585086bf7d23ea272; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=R1Ah%2fWHVGlF2DtucJmb2Iu4qOMV%2fbvSCEx30XjgB00JvNVrumGuK4BjEOFMbl08X; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:39 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd5f7_bl21_14709-52882

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.22b3d392defe6fff2c92.chunk.js

95.101.10.194

200 OK

0 B

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.22b3d392defe6fff2c92.chunk.js
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /accounts/static/7M/accounts/public/js/main.22b3d392defe6fff2c92.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 297443
Last-Modified: Mon, 14 Nov 2022 19:22:52 GMT
Vary: Accept-Encoding
ETag: "6372958c-489e3"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Sun, 04 Dec 2022 17:16:42 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=9ozfhRzfnBfTZoRioQY+daXAdck1WuczBsV0w95KSn5vMFky2KTAkbZSWHFkQbOh; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:31:41 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum

44.239.15.23

200 OK

0 B

URL HTTP/2
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP
44.239.15.23:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 12405
Origin: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 17:16:44 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:55|g:eb425d0b-882d-459d-9c29-51e60bf084ec;Path=/;Expires=Sun, 04-Dec-2022 17:17:14 GMT;Max-Age=30
ADRUM_BTa=R:55|g:eb425d0b-882d-459d-9c29-51e60bf084ec|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e;Path=/;Expires=Sun, 04-Dec-2022 17:17:14 GMT;Max-Age=30
SameSite=None;Path=/;Expires=Sun, 04-Dec-2022 17:17:14 GMT;Max-Age=30;Secure
ADRUM_BT1=R:55|i:559461;Path=/;Expires=Sun, 04-Dec-2022 17:17:14 GMT;Max-Age=30
ADRUM_BT1=R:55|i:559461|e:7;Path=/;Expires=Sun, 04-Dec-2022 17:17:14 GMT;Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2

pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51

44.239.15.23

200 OK

0 B

URL HTTP/2
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
IP
44.239.15.23:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 17:16:44 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2

pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50

44.239.15.23

200 OK

0 B

URL HTTP/2
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
IP
44.239.15.23:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5w49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 17:16:44 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (30)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations