Report - www--wellsfargo--com--5e49329d48d6c.wsipv6.com/

Report Overview

Submitted URL
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
IP
163.171.131.129
ASN
#54994 QUANTILNETWORKS
Submitted
2022-12-04 17:17:39
Access
Website Title
Final URL
Tags
None
urlquery detections
Phishing - Wells Fargo

Detections

urlquery
16
Network Intrusion Detection
0
Threat Detection Systems
94

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
wellsfargobankna.demdex.net	10546	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	562 B	1.2 kB	34.247.44.49
rubicon.wellsfargo.com	11786	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	2.9 kB	95.101.10.104
adservice.google.no	96969	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	747 B	1.1 kB	142.250.74.162
www.facebook.com	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	591 B	349 B	31.13.72.36
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
static.wellsfargo.com	12306	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.5 kB	451 kB	23.36.79.27
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	69 kB	34.120.237.76
connect.secure.wellsfargo.com	11812	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	7.3 kB	1.0 MB	95.101.10.194
dpm.demdex.net	204	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	2.3 kB	34.247.240.197
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	7.0 kB	216.58.211.3
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	95.101.11.115
ocsp.dcocsp.cn	33518	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	338 B	1.1 kB	79.133.177.228
www17.wellsfargomedia.com	76964	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	15 kB	463 kB	104.110.27.78
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.89.136.7
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	680 B	1.9 kB	172.64.155.188
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.9 kB	1.9 kB	142.250.74.14
googleads.g.doubleclick.net	42	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	873 B	1.4 kB	142.250.74.66
pdx-col.eum-appdynamics.com	4816	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	1.8 kB	34.211.174.193
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	8.7 kB	93.184.220.29
www--wellsfargo--com--5e49329d48d6c.wsipv6.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	74 kB	704 kB	163.171.131.129

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Wells Fargo & Company

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	Phishing
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js	Phishing
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js	Phishing
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single	Phishing
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B	Phishing
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B	Phishing
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/target/offers/conversations	Phishing
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js	Phishing
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B	Phishing
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B	Phishing
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA	Phishing
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/as/target/offers/dispositions	Phishing
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/as/target/offers/dispositions	Phishing
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/as/target/offers/dispositions	Phishing
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/as/target/offers/dispositions	Phishing
2022-12-04	medium	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (31)

	URL	Size	First Seen	Last Seen
	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	126 B	2023-03-07	2024-03-28
Pretty URL www--wellsfargo--com--5e49329d48d6c.wsipv6.com/ IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-03-28 17:41:49 Times Seen2471 Hash f1b0375ca8995f583d4f31df97c9e172 d901e5604947f5b57d3bda7a78e92cdcef0439ec a6117a82be9fcdf7e808ce5f2a8b37a4b0dc1dd7052feb6088fc72f32503343d Loading...

	static.wellsfargo.com/tracking/hp/utag.js	205 kB	2023-03-08	2023-03-13
Pretty URL static.wellsfargo.com/tracking/hp/utag.js IP 23.36.79.27 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:19:07 Last Seen2023-03-13 03:25:42 Times Seen1 Hash c49f02d7e266f43a86d049fb03ec2e84 81f75202544d483a0ec714ddf4d90470c09f4a72 a1c2d9ec5a1e85656556a423d105950bf1ba6c71324ba02fa3b3358f1cb4bd65 Loading...

	connect.secure.wellsfargo.com/auth/static/prefs/atadun.js	1.2 kB	2023-03-07	2024-04-19
Pretty URL connect.secure.wellsfargo.com/auth/static/prefs/atadun.js IP 95.101.10.194 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-19 19:43:46 Times Seen4753 Hash 566dda94252f1860a7a28665c715b530 6aa0455dc8ea41441b1f3a733985758dc40af736 43dd833f33570535401d009e6b6f9cde54bdac4e210fc6c89cfdcfcbaa9fc903 Loading...

	connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.5031690185095735	88 kB	2023-03-08	2023-03-08
Pretty URL connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.5031690185095735 IP 95.101.10.194 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:13:02 Last Seen2023-03-08 16:13:02 Times Seen1 Hash dae77e1d206b55377d1ec72f2bfcb519 0a56aed72900af20f58f57637b2cb7cf48ff97f0 c2709b7f00da381fe76839c707ec560117f19cfcdbbd624f2db89d2f4eb14a4b Loading...

	connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js	1.2 kB	2023-03-08	2023-03-11
Pretty URL connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js IP 95.101.10.194 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:30:44 Last Seen2023-03-11 23:20:27 Times Seen1 Hash fa823dda3487ea3a417d3ad5b50d3935 ad04532540057015fc7be77347fbf87667b21d00 f54c913d6ddcd3045d36cc3ea868b9c0bb3a76afd37675cbd60c7825c7a4c8a5 Loading...

	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js	178 kB	2023-03-08	2023-03-13
Pretty URL www--wellsfargo--com--5e49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:30:43 Last Seen2023-03-13 04:06:15 Times Seen1 Hash 5deb588f332291b049ed619e01eb17c1 ce55c2177032ae9964c44587fa759db84102c5be d4ab81c8c717357adca76eef77d6218877c7d039c250c4b6000cce994010e51b Loading...

	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single	11 kB	2023-03-08	2023-03-08
Pretty URL www--wellsfargo--com--5e49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:13:02 Last Seen2023-03-08 16:13:02 Times Seen1 Hash 2ede3e6f5bef2bcbeaca698b4794356d aa929260a18b87180019819cb82145925fe2452e b99b76667a9e9ac2de545f32f39a36f0743a6365fb850ebdfb27fc560e78d0f5 Loading...

	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	199 B	2023-03-07	2024-03-28
Pretty URL www--wellsfargo--com--5e49329d48d6c.wsipv6.com/ IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-03-28 17:41:48 Times Seen2469 Hash e086f28166bf73bc94e3cd49222ba6b3 e672fcd875785616f34372b6dd2a8245edbd0ca6 268683f78bf540a4628d352b35364a4405e8f1693eaee6a34e081045b1f95e54 Loading...

	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	390 B	2023-03-08	2023-03-08
Pretty URL www--wellsfargo--com--5e49329d48d6c.wsipv6.com/ IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:13:02 Last Seen2023-03-08 16:13:02 Times Seen1 Hash 9b70c5196d5b3e0cb48f107623493c89 c0e1e76a9a1a0b8f003acd3929ffeaf6b16e0045 181e0ee83f1a1fd96577960b2df5ef050696494e0a91a1eeb90d09588e172632 Loading...

	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B	196 kB	2023-03-08	2023-04-11
Pretty URL www--wellsfargo--com--5e49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:36:00 Last Seen2023-04-11 09:08:30 Times Seen4 Hash 04a155af57d30ccddf08bd3cf302f078 dfbd480be1295fd57c4bd470c57c84ae76c3349e 6a9384bc8a102c2a5028d05506f54d1f56ebee75b1642fdf2e053dc8d8bc924d Loading...

	static.wellsfargo.com/tracking/gb/detector-dom.min.js	440 kB	2023-03-08	2023-04-13
Pretty URL static.wellsfargo.com/tracking/gb/detector-dom.min.js IP 23.36.79.27 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:19:07 Last Seen2023-04-13 08:50:50 Times Seen267 Hash d980391562cb88335867228eb62355e0 ee7af0c08ee43ff66f6bba09c08852f7b3859a42 313c07f6e4facc5730db27563c4aeaad1a86126333d448e47c7b29adb1f806fd Loading...

	static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1	117 kB	2023-03-07	2023-03-26
Pretty URL static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1 IP 23.36.79.27 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2023-03-26 09:22:04 Times Seen2 Hash 17324c64926790e7068528ee285677e0 5f7c9d7694dfa9e92d5ae871cb0ea0cc5b4776c3 79f666407709e82d49c80fc330a5a34952fc56f30de257ccc3ae432d87c6fedc Loading...

	static.wellsfargo.com/tracking/ga/ga.js	49 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/tracking/ga/ga.js IP 23.36.79.27 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-08 03:26:09 Times Seen4882 Hash 8402e9ebdf9290c018b0617018227681 2d840fcd6c3008d9aca747ba0ce056b496db8e1b 0b2af045acafbdf14516bf55f310568036ace959946d16edb1acebcd58029d22 Loading...

	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	306 B	2023-03-07	2023-04-05
Pretty URL www--wellsfargo--com--5e49329d48d6c.wsipv6.com/ IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2023-04-05 02:01:42 Times Seen260 Hash bf7d1aee3b865a6842835bce8c0a0685 c5213d92fbf617eec79bcade5d93355daf5f199f a14e4c94d8fddca88038c337df0f10bc9bc25460c913bdb20c064ac48ca545a8 Loading...

	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AICOFN6EAQAAxI3ksSFgO61iMb-_K2lwXK8IeYWjWZmZHLRJVAXdDEhhp3kN&X-G2Q3kxs3--z=q	267 kB	2023-03-08	2023-03-08
Pretty URL www--wellsfargo--com--5e49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AICOFN6EAQAAxI3ksSFgO61iMb-_K2lwXK8IeYWjWZmZHLRJVAXdDEhhp3kN&X-G2Q3kxs3--z=q IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:12:23 Last Seen2023-03-08 16:13:17 Times Seen1 Hash 9aaff31f7a7fefccebfc2eb1ee5f82d9 50ab2375150a072610b0ec41086a9b19fb379bea 5d024d1f359131763927d2c651b8ee84a1eecd076dd7c1342a5b9828ba8fb256 Loading...

	static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js	2.0 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js IP 23.36.79.27 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-08 03:26:08 Times Seen4778 Hash e7cf4c458b327ab7ed31e0936ccd404f 970bf05073f91ad6b8f21521f7c9886f71f2af1d 52b687a685d2239142be0db5335c5710951ba8c2b39a44431a40f156b4d9312d Loading...

	static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js	45 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js IP 23.36.79.27 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-08 03:26:09 Times Seen4864 Hash 5f310e2e2a558d76b916e137aee73462 c7ff0190c9c2c414321211f3863e9e27f32b713e 385196f0fce7cea80c2c99d971780ecb73df9dea6e5b2d95d19df3aa849c7b1f Loading...

	static.wellsfargo.com/tracking/ga/ga_conversion_async.js	36 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/tracking/ga/ga_conversion_async.js IP 23.36.79.27 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-08 03:26:09 Times Seen4900 Hash 0a40602db7616a31c9da4548ee920190 878e01cb0c90cb247aabc137327655a6fcffcbd5 6c771bd1c269646a76015f2f6410a40c031e5adea88f665bfe9ae15a972ab6ab Loading...

	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	252 B	2023-03-07	2024-04-24
Pretty URL www--wellsfargo--com--5e49329d48d6c.wsipv6.com/ IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-24 01:46:25 Times Seen2499 Hash 4f6526fc5cfbf8f77c674e5cb40c36d6 94bb860d263ab388eea733a7a0e7fc00717d0637 06249a30772721e1f681be4a0d74c05a58b36a266c273eafdbe86ebcca83aabc Loading...

	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	691 B	2023-03-07	2024-03-28
Pretty URL www--wellsfargo--com--5e49329d48d6c.wsipv6.com/ IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-03-28 17:41:49 Times Seen2441 Hash 48aed8d68c7d2fffc25f5635f592d555 910339ea378c481f21efced8b39c292816bc2fbd 54900b733cd406a3d2232358c17db394d9c2b5118167fbdf4f769a105635a6e2 Loading...

	connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js	273 kB	2023-03-08	2023-03-08
Pretty URL connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js IP 95.101.10.194 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:13:02 Last Seen2023-03-08 16:13:02 Times Seen1 Hash d6a36e23c4bf00c99a62155c1b082ab2 7965dfa3e7c07f76e355caf65822dca6b5de0fbc 9948b744f2edf945ed8817dd1182a25f1e73e909b4fc45b32f57d831b365a011 Loading...

	unknown	0 B	2023-03-07	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 21:20:48 Times Seen37101260 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	connect.secure.wellsfargo.com/PIDO/pic.js?r=0.23494665049642516	78 kB	2023-03-08	2023-03-08
Pretty URL connect.secure.wellsfargo.com/PIDO/pic.js?r=0.23494665049642516 IP 95.101.10.194 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:13:02 Last Seen2023-03-08 16:13:02 Times Seen1 Hash d05f19b5c6c5e2ef50f02f63c10d8915 ea1ed9346e48ed287b4afecbcfe2e4d7eecae8b5 7272644536091ad8c8900bf38e533bc1bf980dce5251bafb058461793c794d41 Loading...

	connect.secure.wellsfargo.com/AIDO/glu.js	69 kB	2023-03-08	2023-03-08
Pretty URL connect.secure.wellsfargo.com/AIDO/glu.js IP 95.101.10.194 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:13:02 Last Seen2023-03-08 16:13:02 Times Seen1 Hash e4c840b6567d2641f421f0380a158810 744eb7faf4b5e7e32e04aa8f1a4e5a7c7634c6da 622790e51301b2fdcb416c25474e9dc3618c0e63725604ab83cce4040fe689ed Loading...

	static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js	32 kB	2023-03-07	2023-11-04
Pretty URL static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js IP 23.36.79.27 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2023-11-04 00:29:39 Times Seen29 Hash 162100f507af8b50f1406bf3fc405ce5 cf0a2bf9b914710962e0dd7899b93ba5ceb5134d e9a598a5cc23c24a8ecc364ed7413961e416f5e9ec3df513ad9a12cda625a279 Loading...

	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/	114 B	2023-03-08	2023-04-13
Pretty URL www--wellsfargo--com--5e49329d48d6c.wsipv6.com/ IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:59:53 Last Seen2023-04-13 08:50:12 Times Seen270 Hash 365ddb72c37cebb912aa0592fee6d67b 4db151969054fda826b478c23c47ca594d1aefdf 3ee0b2776fac2745ea071d2476528f6190f67abe0491ce74aedbb02f2bd7e0b6 Loading...

	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js	538 kB	2023-03-08	2023-03-13
Pretty URL www--wellsfargo--com--5e49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:03:38 Last Seen2023-03-13 19:24:38 Times Seen1 Hash 2527531002b85960239d82afa22c7acb 602fb4f7cec1213a27fca1773c78af27678475e4 58020c2639ef4df91190872d5dda8cb517fbdde491cb2fde718916b58f3b57d1 Loading...

	static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js	48 kB	2023-03-07	2024-04-08
Pretty URL static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js IP 23.36.79.27 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-08 03:26:09 Times Seen4875 Hash aeccb854b0a76aa9f478e466c8011b29 625d31cbeb8978cf2419f58d14bba92a42dbb45c 7f0d10bc282c3d7b0eb4d7527303490f8d3b86a1c65e293c2d9f0793006441e6 Loading...

	www--wellsfargo--com--5e49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js	56 kB	2023-03-08	2023-03-13
Pretty URL www--wellsfargo--com--5e49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js IP 163.171.131.129 ASN #54994 QUANTILNETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:30:44 Last Seen2023-03-13 04:06:15 Times Seen1 Hash 69d78e2cf9a8928376449948d17e716e 32495fc43cfe023a0441b5ac991168db0de39a98 f9dd179ea0ec98ffe4c687564c30584fe4ef8fcdf03347d8f3657eee6958c61b Loading...

	static.wellsfargo.com/tracking/ga/ec.js	2.8 kB	2023-03-07	2024-03-28
Pretty URL static.wellsfargo.com/tracking/ga/ec.js IP 23.36.79.27 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-03-28 17:41:50 Times Seen4661 Hash 0ae62a83927125e9b9dfa97f89af9d3f efb68f49f2b9b6b5567bf26a17015ede289e429d 618688d9849fef712931832c71e01be145d1791d6da917a702ab86a74ce66089 Loading...

	connect.secure.wellsfargo.com/jenny/nd	52 kB	2023-03-08	2023-03-08
Pretty URL connect.secure.wellsfargo.com/jenny/nd IP 95.101.10.194 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:12:23 Last Seen2023-03-08 16:14:18 Times Seen1 Hash 2c44a5b3c83ab7fc2938ff8df57dabdc 490d6d4796586090c71b110caa97ad4743523639 aae9746d485abbc1e350b3a88d8326f8b6ee8e58e6bfcac72f1c680aedd52efa Loading...

HTTP Transactions (143)

URL IP Response Size

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8296
Expires: Sun, 04 Dec 2022 19:35:42 GMT
Date: Sun, 04 Dec 2022 17:17:26 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fb2c0697c6d9a96a5411dd2952947458
79e57f831ec396bbdaa5bfe9472a05e6c9fb31f4
3fd7edcc349ab4402f62e54a142be6b4cecf0e7ee3f431d3168bdf0643ba4d92

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2728
Cache-Control: max-age=151159
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:17:26 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 11:16:45 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9384
Expires: Sun, 04 Dec 2022 19:53:50 GMT
Date: Sun, 04 Dec 2022 17:17:26 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 16:20:08 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3438
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: mKjiSNXnongoDshECf9l9vmd/U1gjApxnHfZ+M2eYgQ86ZlbnKxCdVv3QZOwS82OeKMnlg7tUDI=
x-amz-request-id: DXGV0KKMW3CT4YKB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 16:47:03 GMT
age: 1823
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 17:17:26 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.dcocsp.cn/

79.133.177.228

200 OK

471 B

URL HTTP/1.1
ocsp.dcocsp.cn/
IP
79.133.177.228:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
471 B (471 bytes)
Hash
598fdaf985470cd137b72602323b510d
85aae93841e0a7d222d9b689ec5650f0248685ea
4f35c9c40cb6010f2ad4d3c25325c1d760ce8d94f65eac7c11a582866352dd8f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Sun, 04 Dec 2022 16:20:17 GMT
Last-Modified: Sun, 04 Dec 2022 14:24:48 GMT
ETag: "638cadb0-1d7"
Expires: Tue, 06 Dec 2022 14:24:48 GMT
Accept-Ranges: bytes
Ali-Swift-Global-Savetime: 1670170817
Via: cache21.l2de2[0,0,200-0,H], cache1.l2de2[10,0], cache11.de3[11,10,200-0,M], cache11.de3[12,0]
Age: 3429
X-Cache: MISS TCP_REFRESH_MISS dirn:12:340205614
X-Swift-SaveTime: Sun, 04 Dec 2022 17:17:26 GMT
X-Swift-CacheTime: 171
Timing-Allow-Origin: *
EagleId: 4f85b19f16701742465661692e

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 17:08:58 GMT
cache-control: public,max-age=3600
age: 508
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
31b129c94a90b1e695b21395cb54e378
a3cae46b48d469cc61ab0581303bcd5f5b654db9
fac3f681be358a20f78958dff10c89b7a91365c5114c81246c1bc34c1362ba1e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2707
Cache-Control: max-age=146072
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:17:26 GMT
Etag: "638c632b-1d7"
Expires: Tue, 06 Dec 2022 09:51:58 GMT
Last-Modified: Sun, 04 Dec 2022 09:06:51 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/

163.171.131.129

200 OK

18 kB

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (731), with CRLF line terminators
Size
18 kB (17763 bytes)
Hash
e2dd34530c607ff3a247d54c0b511865
b4afe0367b113c8dc0d2a3071c4900b990203bd4
31f3b3a58a8f7600c893d44f3c4d91deeb5038f573cc5ea8d2a9b5c1c6474308

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:2$_ss:0$_st:1670176005354$ses_id:1670174204135%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22Rht2Wa5T3CrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22TG44WVZBNFR3Y2g4Z2NCZw%3D%3DS37xy8mQKpptsdfmBV7G27a1VmH6Z-_ZcDjouqkUwYuFdLpRcYjPdW-QxIt9dZnI9hSgNTxxRjsBr-wLTBhD7hYqKUdPmRo29w4%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779005%7C6%7CMCAAMB-1670779005%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C875814470%7CMCOPTOUT-1670181405s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:26 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 17763
Connection: keep-alive
Expires: -1
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-5e515916-7f96-42f7-9c60-6f9c3bdffd9b' 'self' https://*.wellsfargo.com https://*.wfinterface.com;report-uri https://ort.wellsfargo.com/reporting/csp
Content-Language: en-US
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Akamai-Transformed: 9 21512 0 pmb=mTOE,1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:a14d489a-b985-486e-8888-9ba06e3e014f; Expires=Sun, 04-Dec-2022 17:17:56 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:0|g:a14d489a-b985-486e-8888-9ba06e3e014f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 04-Dec-2022 17:17:56 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 04-Dec-2022 17:17:56 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894; Expires=Sun, 04-Dec-2022 17:17:56 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:65; Expires=Sun, 04-Dec-2022 17:17:56 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=11202212040917261543587553; domain=.wellsfargo.com; path=/; expires=1 Dec 2032 17:17:26 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=; path=/; Httponly; Secure
WesdAksn=A2KHJN6EAQAA2WEugFFStrHG4reBpOtBIJV3dksCD7nkeKXpfzj8HtpAZTp-AaOrg2CcuDv8wH8AAEB3AAAAAA|1|0|477697d6c441dec65db8869d8a0a0612a5130eed; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=2PdCNhxuq83+QGh3ebxHZDp8acoMx4YaodVnMrTPzb7igaNGoySn%2fxfpE%2fk+UkOY; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:26 GMT;Httponly; Secure
_abck=F57CB120F02D2FA3E1CA6BFD89496559~-1~YAAQIK7dWKiRHdiEAQAARYgk3gmWRhrWZ/sg2iwp2m9GkvikM8ZkuLYCYkYd9gqscMNzS/Pjhw/fvwuHMQwYtCZIlBlRG2Wp1V1E4gyFAYsNjFw+BZTNphwbaxLn7sQJvqFehmqbCK9kCMeaLwUhWbJsjc4xf5DKSZ/QWs0dlceXrC9K1isb/TkNs8OizKQCebFRSAACSIDMab/39pSnQ5o/IfHpdL/cULxm4I2xtH3VinkIggwBbqOL3baxiLtquZf6owQJlhRXtALGidvCW/DadsB6h/G+DKNl6kmHXXVpurguym3IpP0tRQgr6f2f2vEXqO7hMk3XExiuObp3LyUlDxw7l0lZ0Q1pSP2GUkzSbOrk5MBTb0f5v36Zyx539Q==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:17:26 GMT; Max-Age=31536000; Secure
bm_sz=F8FA2B2500957E3F105B90C73D23941C~YAAQIK7dWKmRHdiEAQAARYgk3hIvKZBx/I53MTjaksZnbL0B481Q1mLMS7bt/o/VwO0p76/9hIFPN8DakuFcqzdiqZ/S0ulZkdD8fM3j8yOSlSClx5xnYHR0JM9HXcEVU1wgAbtYLug/DFgJFy7LCvefC5heunBmjslUIiHBjph4TObwZfYDXxs/FoV2BnIgdENjH2L2mMwflFhfrfxk1Hg11srvRteGkr3uzuQUNbmcp5vn3sAs3+D6ryXeKD/6Il8m8wlCvPxMprSr4C2gR40BWzHy2Q2ttNEt+Db/FDkgch3Nz9kW~3687749~3621433; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:17:26 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl22:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd626_bl21_14454-47836

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0916e9b925325c11254232ad4cdf6cec
def537535bf7b923a7b0dd3ddd08f9abab88a03a
6afe957dbca140e9c78bce87bd43087108f9672b8627f8e58d51cf32d3dae4bf

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1043
Cache-Control: max-age=139065
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:17:27 GMT
Etag: "638c4e4d-1d7"
Expires: Tue, 06 Dec 2022 07:55:12 GMT
Last-Modified: Sun, 04 Dec 2022 07:37:49 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0916e9b925325c11254232ad4cdf6cec
def537535bf7b923a7b0dd3ddd08f9abab88a03a
6afe957dbca140e9c78bce87bd43087108f9672b8627f8e58d51cf32d3dae4bf

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1043
Cache-Control: max-age=139065
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:17:27 GMT
Etag: "638c4e4d-1d7"
Expires: Tue, 06 Dec 2022 07:55:12 GMT
Last-Modified: Sun, 04 Dec 2022 07:37:49 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js

23.36.79.27

200 OK

901 B

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
IP
23.36.79.27:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (1952), with no line terminators
Size
901 B (901 bytes)
Hash
5dcc7c101ced74367609685d577093f6
f0d8214335e3c33b634048b992afd536f5bd3e43
10aab16ccfb5374425dc6ee64453a7fe6d7b6dfa47ab65779f42c7db740da1ef

HTTP Headers

GET /assets/js/wfui/appdynamics/appdEUMConfig.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 20 Jan 2022 02:38:25 GMT
Vary: Accept-Encoding
ETag: W/"61e8cb21-7a0"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 901
Date: Sun, 04 Dec 2022 17:17:27 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=MzGypE7%2flZ3DxxLFeWFS5w%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png

104.110.27.78

200 OK

1.7 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.7 kB (1710 bytes)
Hash
c5f6eb132665afa77e8ac7a1a707e951
70d65ab0dcfaace4c1d8bbb772af4fd7c6f66c80
0d7727e08780a04f9c86fca16ed264664eea2b161744cfb70836880bf04fc1ac

HTTP Headers

GET /assets/images/rwd/wf_logo_220x23.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61bcfcce-10c2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 853
x-check-cacheable: YES
content-length: 1710
content-type: image/webp
cache-control: private, no-transform, max-age=1607827
expires: Fri, 23 Dec 2022 07:54:34 GMT
date: Sun, 04 Dec 2022 17:17:27 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png

104.110.27.78

200 OK

562 B

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
562 B (562 bytes)
Hash
dffe59af45e3b6e5d78ffcb4a1a5386a
f273b4eded463939c9a9ec7944a892d2a3921ed2
9bd4d77dfdadd6574d42e469c1968fffce0422134f4487f1d785367752743f96

HTTP Headers

GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61a93697-769"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 562
content-type: image/webp
cache-control: private, no-transform, max-age=1793198
expires: Sun, 25 Dec 2022 11:24:05 GMT
date: Sun, 04 Dec 2022 17:17:27 GMT
X-Firefox-Spdy: h2

static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js

23.36.79.27

200 OK

11 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
IP
23.36.79.27:0
ASN
#20940 Akamai International B.V.

File type
Unicode text, UTF-8 text, with very long lines (31790)
Size
11 kB (11076 bytes)
Hash
6d79a0dbc6ea2602aa38bbf53e43124e
8b53e45df3e4aea81cbfaa90081f6795bcfe39fc
d2aa003ecdd6c31e12964104bd23498a60e94fa2d163c6d1ff285db59f61bb6a

HTTP Headers

GET /assets/js/wfui/container/wfui-container-bottom.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Sat, 12 Feb 2022 17:58:28 GMT
Vary: Accept-Encoding
ETag: W/"6207f544-7c61"
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 11076
Date: Sun, 04 Dec 2022 17:17:27 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=HzC4eu4mzROxI8wtLm2Whw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png

104.110.27.78

200 OK

1.0 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.0 kB (1004 bytes)
Hash
2700367e62982f99dbdb7efa2e11328c
7db153f43a4bc9d95eb94e0d07404440b92ec129
8e16030cdf2d91809d0540f79aa3a3be4b83e4a9bf13bd91def3962f1484406f

HTTP Headers

GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61a93697-f60"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 131
x-check-cacheable: YES
content-length: 1004
content-type: image/webp
cache-control: private, no-transform, max-age=1690728
expires: Sat, 24 Dec 2022 06:56:15 GMT
date: Sun, 04 Dec 2022 17:17:27 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png

104.110.27.78

200 OK

2.5 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.5 kB (2496 bytes)
Hash
e3dfb8e67322de6a7be8c293043e69e1
9c2339e0b48afdfdcd908f78777be88c133d2aef
ea103ea932d2ebdd8e57887e4beabb394c21b6f260f49adfa8be4772cb61faec

HTTP Headers

GET /assets/images/rwd/first_time_experience-account_summary.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "618287e9-14da"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 2496
content-type: image/webp
cache-control: private, no-transform, max-age=1845885
expires: Mon, 26 Dec 2022 02:02:12 GMT
date: Sun, 04 Dec 2022 17:17:27 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_check_mark_gradient_64x64.png

104.110.27.78

200 OK

1.3 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_check_mark_gradient_64x64.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.3 kB (1344 bytes)
Hash
20cf7cbf9f523ea23270f0140672e57d
61c40fed4a85b0ff069f6361f87ee77ff4207c2d
9d7f1fe0833268a6a9468b9fc19436ffe00b8596c67131b09361467deaed1b76

HTTP Headers

GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_check_mark_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61a93697-12d2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 1344
content-type: image/webp
cache-control: private, no-transform, max-age=1380339
expires: Tue, 20 Dec 2022 16:43:06 GMT
date: Sun, 04 Dec 2022 17:17:27 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg

104.110.27.78

200 OK

35 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x423, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
35 kB (35078 bytes)
Hash
b4461eb744601a2ca1764ee8245185fe
8666c2c62e249f94da9721df78c7ce0cfbb587b5
e04eef1b087076cfd56ee5728e50ef2993dc739f5d1934c3196c7bf88019d386

HTTP Headers

GET /assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "62057fd1-14ef3"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 35078
content-type: image/webp
cache-control: private, no-transform, max-age=1674253
expires: Sat, 24 Dec 2022 02:21:40 GMT
date: Sun, 04 Dec 2022 17:17:27 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_g_1199830824_1600x700.jpg

104.110.27.78

200 OK

52 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_g_1199830824_1600x700.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x502, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
52 kB (51474 bytes)
Hash
67a063a06589a4e40465cffe34adf460
83bd779eab37f708db097c28d9eb4295c3ebdc13
e037cf255bed27ebd83c682b368532fc925848a9ff0e42d97132ac995e43bbdf

HTTP Headers

GET /assets/images/contextual/responsive/lpromo/wfi_ph_g_1199830824_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61a7e46d-172e2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 51474
content-type: image/webp
cache-control: private, no-transform, max-age=1690611
expires: Sat, 24 Dec 2022 06:54:18 GMT
date: Sun, 04 Dec 2022 17:17:27 GMT
X-Firefox-Spdy: h2

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js

163.171.131.129

200 OK

18 kB

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
Unicode text, UTF-8 text, with very long lines (31354), with NEL line terminators
Size
18 kB (17883 bytes)
Hash
59e9efb0258fa77e22ba60cebadda375
14d20bc503649a3b3275eb229e8a965069d74253
7e28a89f68d98388e4f1b5d76b6770fbc175df1c3545d54ba6c67b1abda5b97b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

GET /ui/javascript/homepage-ui/homepage_iaoffer.js HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:2$_ss:0$_st:1670176005354$ses_id:1670174204135%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22Rht2Wa5T3CrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22TG44WVZBNFR3Y2g4Z2NCZw%3D%3DS37xy8mQKpptsdfmBV7G27a1VmH6Z-_ZcDjouqkUwYuFdLpRcYjPdW-QxIt9dZnI9hSgNTxxRjsBr-wLTBhD7hYqKUdPmRo29w4%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779005%7C6%7CMCAAMB-1670779005%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C875814470%7CMCOPTOUT-1670181405s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; ADRUM_BTa=R:0|g:a14d489a-b985-486e-8888-9ba06e3e014f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:65; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:27 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 17883
Connection: keep-alive
Expires: Sun, 04 Dec 2022 06:09:40 GMT
Last-Modified: Wed, 19 Oct 2022 17:27:48 GMT
ETag: W/"63503394-d905"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Age: 1
X-Via: 1.1 VM-CDG-01uY9168:5 (Cdn Cache Server V2.0), 1.1 bl22:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd627_bl21_14229-36853

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js

163.171.131.129

200 OK

57 kB

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
Unicode text, UTF-8 text, with very long lines (65500), with no line terminators
Size
57 kB (57297 bytes)
Hash
bf3200896bd105e86dc947dfa3c7fbf3
f39afea6027114a0d0378fd02736b71ff2f86df8
39472107f9bee2c7bd46249baa5b90c51bef93f866685c418f2a9b7175d5ed64

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

GET /ui/javascript/homepage-ui/ps-homepage.js HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:2$_ss:0$_st:1670176005354$ses_id:1670174204135%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22Rht2Wa5T3CrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22TG44WVZBNFR3Y2g4Z2NCZw%3D%3DS37xy8mQKpptsdfmBV7G27a1VmH6Z-_ZcDjouqkUwYuFdLpRcYjPdW-QxIt9dZnI9hSgNTxxRjsBr-wLTBhD7hYqKUdPmRo29w4%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779005%7C6%7CMCAAMB-1670779005%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C875814470%7CMCOPTOUT-1670181405s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; ADRUM_BTa=R:0|g:a14d489a-b985-486e-8888-9ba06e3e014f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:65; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:27 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 57297
Connection: keep-alive
Expires: Sun, 04 Dec 2022 17:47:27 GMT
Last-Modified: Wed, 19 Oct 2022 17:27:48 GMT
ETag: "63503394-2b951"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01cV0174:5 (Cdn Cache Server V2.0), 1.1 bl21:7 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd627_bl21_14484-7721

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single

163.171.131.129

200 OK

4.3 kB

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
ASCII text, with very long lines (9269)
Size
4.3 kB (4286 bytes)
Hash
bc64ee8d24d75ece34e728a85b45b5d2
a7b0dd51fc636d3050b8b3710de9f902bf864c4c
6d014492c3a092a1a1832ee1b97e90f024d7806d49435a22beb5d77b9f6fd302

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

GET /auth/login/static/js/general_alt.js?single HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:2$_ss:0$_st:1670176005354$ses_id:1670174204135%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22Rht2Wa5T3CrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22TG44WVZBNFR3Y2g4Z2NCZw%3D%3DS37xy8mQKpptsdfmBV7G27a1VmH6Z-_ZcDjouqkUwYuFdLpRcYjPdW-QxIt9dZnI9hSgNTxxRjsBr-wLTBhD7hYqKUdPmRo29w4%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779005%7C6%7CMCAAMB-1670779005%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C875814470%7CMCOPTOUT-1670181405s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; ADRUM_BTa=R:0|g:a14d489a-b985-486e-8888-9ba06e3e014f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:65; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:27 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 4286
Connection: keep-alive
Content-Encoding: gzip
Expires: Sun, 04 Dec 2022 17:17:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=AyWJJN6EAQAA1ozgUAv4R56FFcC_LuKbsQqtiWv6aWGm0wlCPcqi1B5OMN-QAaOrg1-cuDv8wH8AAEB3AAAAAA|1|0|d3e86efdf1300a23371a776447606a81f7436733; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=gnvAsXtjOeNek1pGLdQw2CixN6JG%2fhmwIx4XwO1ad4v97VOIonkK3M9bYZVyQ3lJ; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd627_bl21_14454-47875

push.services.mozilla.com/

52.89.136.7

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.89.136.7:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: zYZU/YfzZ90qs68xWujHMg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: RB2iMB3akllSHWdLNV9dJH5gTGk=

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B

163.171.131.129

200 OK

75 kB

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
data
Size
75 kB (74731 bytes)
Hash
3f4f3e9315bd945fe0f900f9743a8a45
2b7b36c12168e07dea9f1d61088a8f074f56550e
5d0b60cfe321510c4cd896ede7407c74e3b7eafcd24683d2b042a7c424074d6c

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

GET /f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:2$_ss:0$_st:1670176005354$ses_id:1670174204135%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22Rht2Wa5T3CrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22TG44WVZBNFR3Y2g4Z2NCZw%3D%3DS37xy8mQKpptsdfmBV7G27a1VmH6Z-_ZcDjouqkUwYuFdLpRcYjPdW-QxIt9dZnI9hSgNTxxRjsBr-wLTBhD7hYqKUdPmRo29w4%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779005%7C6%7CMCAAMB-1670779005%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C875814470%7CMCOPTOUT-1670181405s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; ADRUM_BTa=R:0|g:a14d489a-b985-486e-8888-9ba06e3e014f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:65; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:27 GMT
Content-Type: application/javascript
Content-Length: 74731
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 15:58:54 GMT
ETag: "37a4b009e7ae076e7f3325379f971e6bf5df836d1f31841d88898cd782d66a2a"
Content-Encoding: gzip
Cache-Control: max-age=21600
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=yucknIaC%2f0zWYn2qMda1EQ%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=2DE3522AF630AD72774C3137B31B0249~-1~YAAQMa7dWN4gf3WEAQAAkokk3gn8jW0tSV8CuHbXkzRH37tk4OPfu607X0zHT8F6Mqt07gD8blMy949HljIe1i0NCaVwWPKOvn9Vv7SsDJf94Hr8NU3KcoiT4u7DBxjVCeyWp11IHUJBjHRGnpWEHBTuBG2XbATOPVwbMI5V5FcUfBDACao1oUeqG6BaNadk+i+zGYwHnO/gv1fqB5NELk/cFQ6F0QoGxLq7aKK7fdIgBAu/7h5HpRXdfqHQH8YIEypiEX/CR7wF8aRL30FKOE7uFh3DAeUdD5os5LoFWP/pfu9zp0qC0v6bBqYwlIOuY9IoZotOORurwRHxo/CfajT/LGNcC6EY5bjoYU/dk8fUmIVAt7FsFrmDQKJsOf7QrA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:17:27 GMT; Max-Age=31536000; Secure
bm_sz=A7E10DC1ACF5AB54BCA4C8D40AB6BDD3~YAAQMa7dWN8gf3WEAQAAkokk3hK+PO47cJ2bwsyZ/fMXJX+IOF5zduIlYammV6Yp3l34N8IVKmU5W2CJI+z+JzvfK/GlnQOocXF6Kb8PT99YvfevuI7KCw3mjD0Z59WGtgM09P3TxyfJvX5puB/d/44edCnhJn34VNK7l0MYK71zO/Y97nQ4A2rwFh+Ut9iu9WnzLGQlG36+NJ5fqyhoZqtllScZGHNP3n+z3MEdZ1JYQzhR1HHPqiYyjHesqVQS3PqdpRz/H8sNpxDBLGDX8xTtO23NPa5DIr7paG8Ty0cX6ASvWQPc~3291440~4599877; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:17:27 GMT; Max-Age=14400
X-Via: 1.1 bl21:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd627_bl21_14328-47745

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css

163.171.131.129

200 OK

24 kB

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
ASCII text, with very long lines (65536), with no line terminators
Size
24 kB (23639 bytes)
Hash
ab14fc94e9e3eda1147b33096ce78036
d2dc912ef40215c52466a63f55b3fcb274b1a3b9
fbdda4705c51998c24e57f486500422fdf801052b612b7d43272a0895e245207

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /ui/css/homepage-ui/ps-homepage.css HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:2$_ss:0$_st:1670176005354$ses_id:1670174204135%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22Rht2Wa5T3CrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22TG44WVZBNFR3Y2g4Z2NCZw%3D%3DS37xy8mQKpptsdfmBV7G27a1VmH6Z-_ZcDjouqkUwYuFdLpRcYjPdW-QxIt9dZnI9hSgNTxxRjsBr-wLTBhD7hYqKUdPmRo29w4%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779005%7C6%7CMCAAMB-1670779005%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C875814470%7CMCOPTOUT-1670181405s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; ADRUM_BTa=R:0|g:a14d489a-b985-486e-8888-9ba06e3e014f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:65; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:27 GMT
Content-Type: text/css
Content-Length: 23639
Connection: keep-alive
Expires: Sun, 04 Dec 2022 17:47:27 GMT
Last-Modified: Wed, 19 Oct 2022 17:27:48 GMT
ETag: W/"63503394-29ee7"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:5 (Cdn Cache Server V2.0), 1.1 bl21:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd627_bl21_14521-26199

www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png

104.110.27.78

200 OK

49 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 1187 x 406, 8-bit colormap, non-interlaced\012- data
Size
49 kB (48569 bytes)
Hash
4576998e5446061faba47c4c609823e0
3beff60a8beab6ef65403e7bc02f996509c737a2
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39

HTTP Headers

GET /assets/images/sprite/responsive-sprite-v7.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 48569
last-modified: Thu, 21 Jul 2022 20:04:58 GMT
etag: "62d9b16a-bdb9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=7988541
expires: Tue, 07 Mar 2023 04:19:48 GMT
date: Sun, 04 Dec 2022 17:17:27 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2

104.110.27.78

200 OK

22 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Size
22 kB (22424 bytes)
Hash
0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc

HTTP Headers

GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=2129391
expires: Thu, 29 Dec 2022 08:47:18 GMT
date: Sun, 04 Dec 2022 17:17:27 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2

104.110.27.78

200 OK

23 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Size
23 kB (22600 bytes)
Hash
83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba

HTTP Headers

GET /assets/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5848"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=2039250
expires: Wed, 28 Dec 2022 07:44:57 GMT
date: Sun, 04 Dec 2022 17:17:27 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2

104.110.27.78

200 OK

22 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Size
22 kB (22172 bytes)
Hash
f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704

HTTP Headers

GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=2106185
expires: Thu, 29 Dec 2022 02:20:32 GMT
date: Sun, 04 Dec 2022 17:17:27 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2

104.110.27.78

200 OK

22 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107\012- data
Size
22 kB (21636 bytes)
Hash
1a2740c8df445989e4ee5f5396b6474c
a3f8545619fdd5b2a481952cd9e2c7b169bb43a6
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc

HTTP Headers

GET /assets/fonts/wellsfargosans-lt.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: font/woff2
content-length: 21636
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5484"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=2038970
expires: Wed, 28 Dec 2022 07:40:17 GMT
date: Sun, 04 Dec 2022 17:17:27 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

static.wellsfargo.com/tracking/hp/utag.js

23.36.79.27

200 OK

55 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/hp/utag.js
IP
23.36.79.27:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (15536), with CRLF line terminators
Size
55 kB (54746 bytes)
Hash
a2ab4b46ad30f60866211f2fe5de68a3
125c39f1a776161eb319a742ae7ce621f4c38933
11f666b297e903717f7f8fb577dca1beb1db6bff324a2a99b4dc0c639f883452

HTTP Headers

GET /tracking/hp/utag.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:06:35 GMT
Vary: Accept-Encoding
ETag: W/"632cc04b-32229"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 54746
Date: Sun, 04 Dec 2022 17:17:27 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=YT+ikEFAwxqvi3uBp1GdNg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B

163.171.131.129

201 Created

18 B

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2105
Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:2$_ss:0$_st:1670176005354$ses_id:1670174204135%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22Rht2Wa5T3CrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22TG44WVZBNFR3Y2g4Z2NCZw%3D%3DS37xy8mQKpptsdfmBV7G27a1VmH6Z-_ZcDjouqkUwYuFdLpRcYjPdW-QxIt9dZnI9hSgNTxxRjsBr-wLTBhD7hYqKUdPmRo29w4%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779005%7C6%7CMCAAMB-1670779005%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C875814470%7CMCOPTOUT-1670181405s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; ADRUM_BTa=R:0|g:a14d489a-b985-486e-8888-9ba06e3e014f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:65; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 201 Created
Date: Sun, 04 Dec 2022 17:17:27 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=nX4cPbZC4uf6SmUtAYDj3A%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=nX4cPbZC4uf6SmUtAYDj3A%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=906F93E1771833C5F21F4ABC88E91823~-1~YAAQMa7dWAYhf3WEAQAA4ook3gmajOK6MewT9NK+UWjnam3iPHyObE8kZXGGODe6F/PF4jw6EnMGo60X+4vB7Wv/aNr6UsiluDzBQVQ4zvshYN0pxLGtvZJGs/2lac03ge2blJC6H6XX+t7IOgtf27k/A3JpAXg11QTkOEKI6OEXFRwFhZA4/4rthxThhTZo1oa8lmGVnZrqLmazRVmsj08QvcMEQSjBQsvCQUE2vYs9WLzSLEbq5RCCo42JxlFVhGEXWZC4Uj8lk5g7wtCkVeOY57V06ZfVDxucgVyjIKF8K1g98W0Pg5prHE8hyKl7b7/P3nPnb09t5G/kPN4r4yYGuolTChhPMviYO8FGgS1S0YWgXWl8Z6Qjb8FswTKgiw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:17:27 GMT; Max-Age=31536000; Secure
bm_sz=13E0967240B6C3C8FEAFAAB96DF25B49~YAAQMa7dWAchf3WEAQAA4ook3hK3GXs+gyCKkzurCQ4/GqMzoA6uxa/HopYdPBiGMDDOAn4X3zwu/vZ1qXImzME6c4GvjMs2j9+Cq4Et8pWroV1iV0OApNPMexyz8sBUm785xPCtaaYmloQMu8PmBwmLNRA4uvj+sCllfhdBf+hmVbq/reYy8z0CYFjQWIqx/yAwgAQ/fP1HSTZ6/DA3KvAuntz34bxbRy9iHo83VQJfjZf3lCtRasGj6ZMCdGeKgQ942y3ZBSURZwDCgDLHKHOhRpIboD3YeKlew0ox+Q1v7Nr+ZYRb~3291440~4599877; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:17:27 GMT; Max-Age=14400
X-Via: 1.1 bl21:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd627_bl21_14328-47785

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AICOFN6EAQAAxI3ksSFgO61iMb-_K2lwXK8IeYWjWZmZHLRJVAXdDEhhp3kN&X-G2Q3kxs3--z=q

163.171.131.129

200 OK

149 kB

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AICOFN6EAQAAxI3ksSFgO61iMb-_K2lwXK8IeYWjWZmZHLRJVAXdDEhhp3kN&X-G2Q3kxs3--z=q
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
ASCII text, with very long lines (65536), with no line terminators
Size
149 kB (149203 bytes)
Hash
dff279b6e58ecfbafbdc462de9c6d53f
1ed798ed97981ce3292a025bd834c8f2f8e2b4af
afa1bfd0fa4c01a767484c1c2d2178c2a1372ce7574a8b53a92005c34f77ceb1

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company

HTTP Headers

GET /auth/login/static/js/general_alt.js?async&seed=AICOFN6EAQAAxI3ksSFgO61iMb-_K2lwXK8IeYWjWZmZHLRJVAXdDEhhp3kN&X-G2Q3kxs3--z=q HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:2$_ss:0$_st:1670176005354$ses_id:1670174204135%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22Rht2Wa5T3CrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22TG44WVZBNFR3Y2g4Z2NCZw%3D%3DS37xy8mQKpptsdfmBV7G27a1VmH6Z-_ZcDjouqkUwYuFdLpRcYjPdW-QxIt9dZnI9hSgNTxxRjsBr-wLTBhD7hYqKUdPmRo29w4%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779005%7C6%7CMCAAMB-1670779005%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C875814470%7CMCOPTOUT-1670181405s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; ADRUM_BTa=R:0|g:a14d489a-b985-486e-8888-9ba06e3e014f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:65; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:27 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Sun, 04 Dec 2022 17:17:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A_uJJN6EAQAALCg2RV5ph8ren3KffPxXwgjttSehqwhGEzUSZ56ZQRX2Qm_gAaOrg1-cuDv8wH8AAEB3AAAAAA|1|0|dc9c0a48383b113c65a75f8a6d89c6079e25e551; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=ldDG0OKExah8HtJ3FZt1Ar5WeBH7bKwakcWdWvpPEuPe0PgOEfqu59KTJEmFbspO; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd627_bl21_14484-7733

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/target/offers/conversations

163.171.131.129

200 OK

2.0 kB

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/target/offers/conversations
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with very long lines (10185), with no line terminators
Size
2.0 kB (2019 bytes)
Hash
dcc450836da86254984289722bf00dbd
bc35fab047953858b91e6da5323dd9d135d1e523
bdefcb32f87969735199c569e1c52937b3854c3d7085c96f837726262acf431e

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /target/offers/conversations HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 105
Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:2$_ss:0$_st:1670176005354$ses_id:1670174204135%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22Rht2Wa5T3CrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22TG44WVZBNFR3Y2g4Z2NCZw%3D%3DS37xy8mQKpptsdfmBV7G27a1VmH6Z-_ZcDjouqkUwYuFdLpRcYjPdW-QxIt9dZnI9hSgNTxxRjsBr-wLTBhD7hYqKUdPmRo29w4%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779005%7C6%7CMCAAMB-1670779005%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C875814470%7CMCOPTOUT-1670181405s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; ADRUM_BTa=R:0|g:a14d489a-b985-486e-8888-9ba06e3e014f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:65; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:27 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 2019
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-9f30bebe-9595-4364-849e-b88e1e3a2804' 'self' https://*.wellsfargo.com https://*.wfinterface.com;report-uri https://ort.wellsfargo.com/reporting/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:a14d489a-b985-486e-8888-9ba06e3e014f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:65; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:df967ddf-7f2f-4865-8cfd-193c3ebc3e53; Expires=Sun, 04-Dec-2022 17:17:57 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:df967ddf-7f2f-4865-8cfd-193c3ebc3e53|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 04-Dec-2022 17:17:57 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 04-Dec-2022 17:17:57 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893; Expires=Sun, 04-Dec-2022 17:17:57 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:204; Expires=Sun, 04-Dec-2022 17:17:57 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=11202212040917272069668883; domain=.wellsfargo.com; path=/; expires=1 Dec 2032 17:17:27 GMT; secure=true; SameSite=Lax; HttpOnly
wcmcookiehp=8123B550665721F18870D8E43265DFDD; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
DCID=0pj2PbanMhdOJSPcihwYX%2fgcLo7Vkwl+m0FmVTys9FW0edR7uzm5CsgnxsmtBO%2fq; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:27 GMT;Httponly; Secure
_abck=5D633C5AD9051877D0C15B5E04FD6EA5~-1~YAAQIK7dWL+RHdiEAQAAU4sk3glnHxClOixrMle9tLTAA9sZnXj0Gd6ENjtFiXYhrlCTOaDsHwah6MxLtS+K3KYsWZVE8PlEoxENUrgNpuIDh6htWk/B6Au91YVmvrRPEcsFWMUyjZdC0UsRtXMRBwlDCuUxXhaOEAB2perG6sT53E4mYyphwpDEy5VnFbnLto/2NStIp2yF8wVwf7/07yz3SFH4ztupN5PkNhrn9OmXzLT7STrBz1aBR84GJalnoAQDTKKoTMphyIgeSCf0xJUDDD6g/Skp9tMAk/bwgiGNvEGYdGJaDFBCBl0MuukCldiVtIK64rWoOJ0i8ENAu7cjYgvTIZRTBNkzRpmj170gt7ziFXtDLssgPQidx/fr+g==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:17:27 GMT; Max-Age=31536000; Secure
bm_sz=25ADE0A019912FCB780C42419214CAE2~YAAQIK7dWMCRHdiEAQAAU4sk3hKMmSqAJAu50U5QDBJI5XKMbDLLxRDalVBa2oGAi7dIOvYsxIeyk15trAQkJpduNBmatZurU1aChZsB+fJdPGK05GCuE0zKMNWVlmGUs4CVyJ/ZNyLOKjWtn9lc1H787IaLMbt2RXLsDT/9gvnsl0QwN14AdjNUs/l3bQqQgt8cq2137/dDKWaV28NdTx9Dv7xgIyC+yL3blRImcF2ing/heE/uadhFJvDKkKDRLzRXBVqsBE8yNz3bj2+erqNKj3+q0g9+Zp3K9SQAr/uW00Po6xgx~3291440~4599877; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:17:27 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl22:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd627_bl21_14454-47890

www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png

104.110.27.78

200 OK

1.6 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 192x192, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
1.6 kB (1636 bytes)
Hash
b9d2c719de3d6701349f1134e129defe
703a51a2f72672f6b34a3dcf8d07c351143f9151
95ae72a8f3b1f5794802b2704b74bef2f29fe1b8da1f06c97a8e7ab2acb5e435

HTTP Headers

GET /assets/images/icons/icon-hires_192x192.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6116f9a6-dcf"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 1636
content-type: image/webp
cache-control: private, no-transform, max-age=1688239
expires: Sat, 24 Dec 2022 06:14:46 GMT
date: Sun, 04 Dec 2022 17:17:27 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico

104.110.27.78

200 OK

9.2 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
9.2 kB (9198 bytes)
Hash
cd112f1acb59ef6e59e09c0effd8ce2a
bc104cd92adc32a8f695300d2b0cc69c2776f6af
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c

HTTP Headers

GET /assets/images/icons/ico/favicon.ico HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/x-icon
content-length: 9198
last-modified: Fri, 17 Dec 2021 21:10:38 GMT
etag: "61bcfcce-23ee"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=21969
expires: Sun, 04 Dec 2022 23:23:36 GMT
date: Sun, 04 Dec 2022 17:17:27 GMT
X-Firefox-Spdy: h2

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js

163.171.131.129

200 OK

306 kB

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
ASCII text, with very long lines (65356)
Size
306 kB (305866 bytes)
Hash
0a73606e47133a2d2a13f7b5e1750e3c
8faaf759f275f0b66491df1c5077939099282044
cadbb05fc74ea8549b09ebed74da9dddf5499847acbcfaf7775b67a48abfc1ed

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

GET /auth/login/static/js/general_alt.js?1js HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:2$_ss:0$_st:1670176005354$ses_id:1670174204135%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22Rht2Wa5T3CrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22TG44WVZBNFR3Y2g4Z2NCZw%3D%3DS37xy8mQKpptsdfmBV7G27a1VmH6Z-_ZcDjouqkUwYuFdLpRcYjPdW-QxIt9dZnI9hSgNTxxRjsBr-wLTBhD7hYqKUdPmRo29w4%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779005%7C6%7CMCAAMB-1670779005%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C875814470%7CMCOPTOUT-1670181405s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; ADRUM_BTa=R:0|g:a14d489a-b985-486e-8888-9ba06e3e014f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:65; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:27 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Sun, 04 Dec 2022 17:17:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: DCID=MMb%2fgnwMpDBtMJq7lGSaGb72Z9TI+sbjhFczoB25ShIPu6NnTDa5o8stArpYq2XR; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd627_bl21_14229-36862

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B

163.171.131.129

201 Created

18 B

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2525
Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:3$_ss:0$_st:1670176045276$ses_id:1670174204135%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22Rht2Wa5T3CrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22TG44WVZBNFR3Y2g4Z2NCZw%3D%3DS37xy8mQKpptsdfmBV7G27a1VmH6Z-_ZcDjouqkUwYuFdLpRcYjPdW-QxIt9dZnI9hSgNTxxRjsBr-wLTBhD7hYqKUdPmRo29w4%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779005%7C6%7CMCAAMB-1670779005%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C875814470%7CMCOPTOUT-1670181405s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; SameSite=None; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=; ADRUM_BTa=R:27|g:df967ddf-7f2f-4865-8cfd-193c3ebc3e53|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:204
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 201 Created
Date: Sun, 04 Dec 2022 17:17:28 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=4RjEWMbeqO2m46ykkmapVA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=4RjEWMbeqO2m46ykkmapVA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=86609D75BC2ECF9A4513D8140CC3B7D5~-1~YAAQMa7dWEUhf3WEAQAAQY0k3gkDvi9gta8FyLTMoyIbT0fkvVrAWkErHBYsEGVkTa58qyS2uQ12M41z9VLUDEKaxuA9mvCu+V9rZCj7pjWBrGRiYDBdZ4peFgXi6YgF1swCmm3gswgPVp6cy838B7mYbFMpq2H9z2ZGu2FhEnCECnWT/Be06nCGjFMgZpb5OiqLJ/BohQXg+4j8/7b2INBTHoN8lsZ6vs1qskC/fg5rp4W8orBcnxA0lOlWHRftapXre127agPUbPkUX2FgtiqJuRKuyGzQ115mpq0cUYC49C4m5PlXtKPi0thV5l3c8MmjswKF4HXXteec5etyMR7ZOD0xqfHl1HEA+VSotJuPkOCOPV1jtHdl7MzRinPjzw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:17:28 GMT; Max-Age=31536000; Secure
bm_sz=A54B92A8CCFBA379B86C2A3CEC065D4F~YAAQMa7dWEYhf3WEAQAAQY0k3hLeLXVeWl/3HDULqymIM952Zcf/XDOd1VMZeiSZczAezX2UDhPUONtbBjgsU/2j9W6hOd7tTn6y0FFzB5RWpIOoWOByMibc3vW9KL4vRJ86qP0wmR4WVY04lYVw4xGJIHLHfuWBHCzoRjyarQuv7i6svww38+0PPD+4OD9a0MrJ3v1OudpYaIvaTFoku3ouDUnhjMKYdxwFs/8hj1Ro5+AP+4Ecxkz4dx0B4g1BW3qjh+WEps2Bp21sZLiR5ffZauMLjAWQd5dwCjDjf0q5ne/7es92~4536642~4408114; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:17:28 GMT; Max-Age=14400
X-Via: 1.1 bl21:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd628_bl21_14229-36938

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1345111232_616x353.jpg

104.110.27.78

200 OK

24 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1345111232_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
24 kB (23618 bytes)
Hash
51ee4423bd7473f82847570bb6f10f88
5665cca6ad63f3cf35b07de9f3534c8e94cfe698
79117776265cb8f5638233611d20d12eb5af668b2b7a0228eaa6d15d190e6890

HTTP Headers

GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1345111232_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6350582a-e73f"
last-modified: Tue, 01 Nov 2022 15:13:52 GMT
server: Akamai Image Manager
content-length: 23618
content-type: image/webp
cache-control: private, no-transform, max-age=2066144
expires: Wed, 28 Dec 2022 15:13:12 GMT
date: Sun, 04 Dec 2022 17:17:28 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_557715963_616x353.jpg

104.110.27.78

200 OK

22 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_557715963_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
22 kB (22174 bytes)
Hash
338cfc728ba1dbb6840c74558c5b9d9e
16d3653d467c5e8f80600b924a91fc19d3bf416f
dcc2606ff287abd984b9e619a55adb02716c387721e5482b604503b0602e3cd0

HTTP Headers

GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_557715963_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "635162e0-ce5a"
last-modified: Mon, 31 Oct 2022 17:02:20 GMT
server: Akamai Image Manager
x-serial: 60
x-check-cacheable: YES
content-length: 22174
content-type: image/webp
cache-control: private, no-transform, max-age=1986285
expires: Tue, 27 Dec 2022 17:02:13 GMT
date: Sun, 04 Dec 2022 17:17:28 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png

104.110.27.78

200 OK

1.6 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.6 kB (1570 bytes)
Hash
9bab6d4f56255c3eb509223b9e20a4e4
9dab7ff41b34eb5a3ac57e0b09e6215b549b7136
e68a77a05fe5ce16c4f6aa3590d99909ddb57e180a0741736debbe26fd98233b

HTTP Headers

GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "633eedca-e69"
last-modified: Tue, 25 Oct 2022 20:39:05 GMT
server: Akamai Image Manager
content-length: 1570
content-type: image/webp
cache-control: private, no-transform, max-age=1480993
expires: Wed, 21 Dec 2022 20:40:41 GMT
date: Sun, 04 Dec 2022 17:17:28 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_111661701_616x353.jpg

104.110.27.78

200 OK

55 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_111661701_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
55 kB (55048 bytes)
Hash
f9ab0764029883a1b5fedf81e7a450a1
b1f3593d1bf562f06bff4d9175d7ce10aa294f4f
4d2bd105b932b41bcf770bccfa190341867c5680f95df56ebaf24f6e8d8aefcb

HTTP Headers

GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_111661701_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "63505818-def7"
last-modified: Tue, 25 Oct 2022 21:17:29 GMT
server: Akamai Image Manager
x-serial: 1018
x-check-cacheable: YES
content-length: 55048
content-type: image/webp
cache-control: private, no-transform, max-age=1483110
expires: Wed, 21 Dec 2022 21:15:58 GMT
date: Sun, 04 Dec 2022 17:17:28 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/active_cash_refresh_hplp_1600x700.jpg

104.110.27.78

200 OK

25 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/active_cash_refresh_hplp_1600x700.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x502, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
25 kB (24782 bytes)
Hash
f8f8b797f394dae4b55a85b9f55eea80
d96aada64a87f18da3fbe13e2b9c057a37192ebb
c625c5f31f79968509bb3eb016f3b20a99e44496fb0f691b8ba3bb960e9caef7

HTTP Headers

GET /assets/images/contextual/responsive/lpromo/active_cash_refresh_hplp_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "62d96afb-178fc"
last-modified: Mon, 25 Jul 2022 22:14:15 GMT
server: Akamai Image Manager
x-serial: 1184
x-check-cacheable: YES
content-length: 24782
content-type: image/webp
cache-control: private, no-transform, max-age=392401
expires: Fri, 09 Dec 2022 06:17:29 GMT
date: Sun, 04 Dec 2022 17:17:28 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png

104.110.27.78

200 OK

2.3 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.3 kB (2330 bytes)
Hash
cd43a2d200f1b8eec84495408eb299f0
2eb173b0af9b49b634e0645a96931f5fdf6e3ab3
659ec8c02bafa9c286c39731fb1d2d382a7a8dd2ee8cc4132146558dbe27b6a8

HTTP Headers

GET /assets/images/homepage/position-1-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61619278-9f2c"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 858
x-check-cacheable: YES
content-length: 2330
content-type: image/webp
cache-control: private, no-transform, max-age=1806833
expires: Sun, 25 Dec 2022 15:11:21 GMT
date: Sun, 04 Dec 2022 17:17:28 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png

104.110.27.78

200 OK

2.3 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.3 kB (2340 bytes)
Hash
2f9e97870725142046712437d067b97f
bf8db685193835edea05ac95e5671b24e0f49467
50ce7b0d954443e5fd62e3cd003bc7124bda0b30dd58d6a66485c72be96959c0

HTTP Headers

GET /assets/images/homepage/position-2-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61619278-cf3e"
last-modified: Thu, 14 Jul 2022 02:02:39 GMT
server: Akamai Image Manager
content-length: 2340
content-type: image/webp
cache-control: private, no-transform, max-age=1657763
expires: Fri, 23 Dec 2022 21:46:51 GMT
date: Sun, 04 Dec 2022 17:17:28 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png

104.110.27.78

200 OK

2.1 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.1 kB (2092 bytes)
Hash
bf02d082705f06162b2e73f68602e79e
219dbb45081fa5d8663bad2f96e9066e7f17aa6e
10c22e3b130204065c1a61e7995a9defe21f0408801e8b442035a03f8d16ad64

HTTP Headers

GET /assets/images/homepage/position-3-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "61619278-7b35"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
x-serial: 416
x-check-cacheable: YES
content-length: 2092
content-type: image/webp
cache-control: private, no-transform, max-age=1838243
expires: Sun, 25 Dec 2022 23:54:51 GMT
date: Sun, 04 Dec 2022 17:17:28 GMT
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8830
Expires: Sun, 04 Dec 2022 19:44:38 GMT
Date: Sun, 04 Dec 2022 17:17:28 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8830
Expires: Sun, 04 Dec 2022 19:44:38 GMT
Date: Sun, 04 Dec 2022 17:17:28 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8830
Expires: Sun, 04 Dec 2022 19:44:38 GMT
Date: Sun, 04 Dec 2022 17:17:28 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8830
Expires: Sun, 04 Dec 2022 19:44:38 GMT
Date: Sun, 04 Dec 2022 17:17:28 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (8989 bytes)
Hash
a6e7b32ac999cf3c899a234c621fa91a
fc5d4f3163ebb9faf85968cbb1d194e8e68418be
f12db3aed126006fee00649aba0b3eaae900de200b85b9523866a90b5494f18e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8989
x-amzn-requestid: abce0b01-f70c-42ad-b242-5a24735fe4c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltl4Gk2oAMFSWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc2f2-1cccffff5199dffe70264a95;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:43:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PFl7VUrzRkMFNnTiIw_cbGCyrEFn43eUSlZfT0nUhUmjjyXT7JfjMA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:50:01 GMT
age: 70047
etag: "fc5d4f3163ebb9faf85968cbb1d194e8e68418be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (16143 bytes)
Hash
14dcca2a9c4792d835ee709bcd947402
1d702df3a64258628f4124eafd580695f2d350af
da01dcd8fef7c50bdb6f7a8a6a4955694092f479df3dba72f7fa69d7280d07b2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 16143
x-amzn-requestid: dc86fad4-4e53-42c9-9b0a-5e4d2cfcd087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGyLGqmoAMFnaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a7-0ea324b31e8c6578098b8ab9;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KHd4ajJWl-8TDH5HGbkuJXI4NL6I83IwSUBKzfq85cxpyRH_LGl6OA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 05:55:20 GMT
age: 40928
etag: "1d702df3a64258628f4124eafd580695f2d350af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8315 bytes)
Hash
db1701b7b9d161a0c935bb6e10b17893
22a8c4bd58c729c1abcf794466e8f3231dfb034b
b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JuY0xcLDiERwrVhq33d4PP64liDqFfk9bc9xX1H62o0tOwrt1ek7Pg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:42:39 GMT
age: 70489
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5681 bytes)
Hash
43309032a892c486f9985ef520df696e
36f4682ca6a33ff80ee02129c77e6f27e996ede0
24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vNP2rQwmWTntetjJyjonO8N_YOBqvQuZUm42BWX7c1GoX7jASOIpCg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:49:42 GMT
age: 70066
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.7 kB (4666 bytes)
Hash
c01fe1cccdb3b672bbade6d98217ffe9
a9a529dc9894827f6243a1bf57f81caa4fe88fc2
c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z5uqgjB-Bsl0U55a8aFi37cpJ65Vnbjm6bJ2GnMpaO7RXsMZsOCbPQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:44:01 GMT
age: 70407
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10431 bytes)
Hash
2636f91bb8fa4d9bb7bef114c248a9ae
8637105f41058bc0d2b259d462b560881928adb6
3d93fd8fcf1af31d00ccbd453142dbea5f2b91d7f58373095943ed40a31ed1f7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10431
x-amzn-requestid: f79ab5e7-8c1b-4827-a531-aaa19c1d80aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsCGEwxIAMF34g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc073-6358d2950955884c470c0a89;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PQ7xh995cd1UVi3z42EVZGjQjHLLvtAP5BBC-xLEEGr4mEiXS6fC-w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:47:06 GMT
age: 70222
etag: "8637105f41058bc0d2b259d462b560881928adb6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png

104.110.27.78

200 OK

852 B

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
852 B (852 bytes)
Hash
83d5bb1eeca48fd91b76ba78a6033079
795d21b0703fe9606406267cbb1740251f17949c
b5b73fb58b90213e3e94e8bb2f2821ae968e4a14c736940a2a80673c5039919b

HTTP Headers

GET /assets/images/rwd/Active-Cash-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6217f519-1d25"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 852
content-type: image/webp
cache-control: private, no-transform, max-age=1577306
expires: Thu, 22 Dec 2022 23:25:54 GMT
date: Sun, 04 Dec 2022 17:17:28 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg

104.110.27.78

200 OK

1.1 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 79x50, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
1.1 kB (1118 bytes)
Hash
8fc4a7236687f00978c3d3d9c679fa7d
5d7bcfc23ba4a4b58f22f497b214e7b427916b05
c2f04b9277e2158e498ea44ff61a651461ac7bcf0eed712b78fa8e21ae6eabfb

HTTP Headers

GET /assets/images/rwd/wf_autograph_card_79x50.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6286a22a-81c"
last-modified: Thu, 14 Jul 2022 19:31:27 GMT
server: Akamai Image Manager
x-serial: 2010
x-check-cacheable: YES
content-length: 1118
content-type: image/webp
cache-control: private, no-transform, max-age=1906801
expires: Mon, 26 Dec 2022 18:57:29 GMT
date: Sun, 04 Dec 2022 17:17:28 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png

104.110.27.78

200 OK

712 B

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
712 B (712 bytes)
Hash
856ba11ad61b561850f726f3f9bd8c6b
b50337dec6ee97d505a21bdcaa15f4a0d2bb2571
7867b0f1e4d21ebd684268360f820149578a15141a9128b57a97843c0fcb3b72

HTTP Headers

GET /assets/images/rwd/Reflect-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6217f519-1c20"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 712
content-type: image/webp
cache-control: private, no-transform, max-age=1729438
expires: Sat, 24 Dec 2022 17:41:26 GMT
date: Sun, 04 Dec 2022 17:17:28 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/h.com_card_79x50.png

104.110.27.78

200 OK

2.3 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/h.com_card_79x50.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
2.3 kB (2286 bytes)
Hash
54a0dd5862244507f56e176ecde59056
2d8f7d7e00316c6811ce2552e608260481303898
749d47078866f2ebe0c2b692de339996ede393b570c7f73418ac0ed9a6882539

HTTP Headers

GET /assets/images/rwd/h.com_card_79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6217f519-23fc"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 2286
content-type: image/webp
cache-control: private, no-transform, max-age=1511447
expires: Thu, 22 Dec 2022 05:08:15 GMT
date: Sun, 04 Dec 2022 17:17:28 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png

104.110.27.78

200 OK

1.3 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.3 kB (1348 bytes)
Hash
20395535ccb9d64fc541151586d860d7
791003e66d20380a1925d19a9bb3c4cbaf451073
5220e2267bf1d52810fa37112ed26e7d0d6a6f8cfaaa7d36c032b68562030d05

HTTP Headers

GET /assets/images/rwd/bilt_card_79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6217f519-1be6"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 961
x-check-cacheable: YES
content-length: 1348
content-type: image/webp
cache-control: private, no-transform, max-age=1673971
expires: Sat, 24 Dec 2022 02:16:59 GMT
date: Sun, 04 Dec 2022 17:17:28 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png

104.110.27.78

200 OK

9.7 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image\012- data
Size
9.7 kB (9652 bytes)
Hash
8b4c65145c9e79c9856c52e2ce603d3b
438a74f7b0422772484641c478e42249dfe67b02
768a1f0d67ab6d887d220ae8500265022bc019d8076b815c8ca7b009556be135

HTTP Headers

GET /assets/images/rwd/Native_App_Phone_Personal_v8.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "6328cc17-9829"
last-modified: Tue, 11 Oct 2022 18:46:18 GMT
server: Akamai Image Manager
content-length: 9652
content-type: image/webp
cache-control: private, no-transform, max-age=260196
expires: Wed, 07 Dec 2022 17:34:04 GMT
date: Sun, 04 Dec 2022 17:17:28 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg

104.110.27.78

200 OK

29 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
29 kB (29240 bytes)
Hash
1368994cfb46c8ae169c749459365581
49af26a99885e645354f7b26e123655cdeee159b
a5bcbe6002a1fbae84d43160b1f45c3686d5c35e7fda458e9f4b3fd2dacfe3e5

HTTP Headers

GET /assets/images/rwd/volunteers_cars_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "618017dd-cd21"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 29240
content-type: image/webp
cache-control: private, no-transform, max-age=1686120
expires: Sat, 24 Dec 2022 05:39:28 GMT
date: Sun, 04 Dec 2022 17:17:28 GMT
X-Firefox-Spdy: h2

www17.wellsfargomedia.com/assets/images/rwd/woman_in_office_616x353.jpg

104.110.27.78

200 OK

32 kB

URL HTTP/2
www17.wellsfargomedia.com/assets/images/rwd/woman_in_office_616x353.jpg
IP
104.110.27.78:0
ASN
#16625 AKAMAI-AS

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
32 kB (31450 bytes)
Hash
7b5816c180aaf51a1142bd41e53a6ed3
f8dfd3ec8e0fb88ecef0a4b07acda06d280741ab
d7651b47c8d449b7311d15e9625df3514e7c0278ff059392189e608b5a9113a1

HTTP Headers

GET /assets/images/rwd/woman_in_office_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
etag: "618017dd-d06e"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 31450
content-type: image/webp
cache-control: private, no-transform, max-age=1845905
expires: Mon, 26 Dec 2022 02:02:33 GMT
date: Sun, 04 Dec 2022 17:17:28 GMT
X-Firefox-Spdy: h2

static.wellsfargo.com/tracking/gb/detector-dom.min.js

23.36.79.27

200 OK

132 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/gb/detector-dom.min.js
IP
23.36.79.27:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65434)
Size
132 kB (131829 bytes)
Hash
73ad7a8f8ccda765b898b038f90d8274
756ac35ad2422d93a0b327dfeff7fe9200695883
60ccc38cf175aba7cbe63bf1ec6319b5c1648d9a52014dfefa6ec718476a17b7

HTTP Headers

GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:03:51 GMT
Vary: Accept-Encoding
ETag: W/"632cbfa7-6b8d3"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 131829
Date: Sun, 04 Dec 2022 17:17:28 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=U6MH77cpuTLu3R7kaCgD1Q%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1

23.36.79.27

200 OK

45 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1
IP
23.36.79.27:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65508)
Size
45 kB (45086 bytes)
Hash
f0bce3a74e635ab88b299b1f625c99a4
345faf01029820b11abc73022ece8fb8e51cc321
faebd8dced2c15d37da85427c6e60aecb6a1a5f75e888280d447e93e64102c8e

HTTP Headers

GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-1ca73"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45086
Date: Sun, 04 Dec 2022 17:17:28 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=zs%2fQpZcqHnYH9b2nlHWGfg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js

95.101.10.194

200 OK

572 B

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
C source, ASCII text
Size
572 B (572 bytes)
Hash
dfd7990c3700ca8f3a291a2eb2313953
d091406238db6b36e54dfb8f5ad1892cec39d492
d45ab106a5ce4166f107e444928e6971b4978d14139704e042d2d19949c2c836

HTTP Headers

GET /accounts/static/7M/accounts/short/accounts-cache.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Mon, 14 Nov 2022 19:22:52 GMT
Vary: Accept-Encoding
ETag: W/"6372958c-497"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 572
Date: Sun, 04 Dec 2022 17:17:28 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=eAA7q1EVrocjl9dj1b3YRlPJaORci2l1h5%2fkTSJQIEzRhFgaBp1A3yatfJ%2fmlrhy; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:28 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js

95.101.10.194

200 OK

151 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
151 kB (151131 bytes)
Hash
23d06201fca7a7ee5b7e016b9f335705
b78454849701d57bc01cb31afcb989168156ed9e
fa5e22a4d436a14e4b78fab57fe0bfd61dd0b53054b84ad23d9ef9ea7fe40d53

HTTP Headers

GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Allow: GET, POST, OPTIONS
Access-Control-Allow-Methods: POST
X-Frame-Options: SAMEORIGIN
ETag: W/"6369c7b5-172f"
Last-Modified: Tue, 08 Nov 2022 03:06:29 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Sun, 04 Dec 2022 17:17:28 GMT
Content-Length: 151131
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
WesdAksn=A1COJN6EAQAA1p1_8I-W_k1iMdgfSM9immhuP0D1rk3LYMXjfVKHTeLAjoNGAVtaKpqcuDv8wH8AAEB3AAAAAA|1|0|7095341de6b4198a24cac08a1498bbebef751909; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=EGC6eUhwRCxDyBAG0kG0g9vG1DV3T7fI5mf+MoI7sSGO0vCLyWBndRj27BjHHTHy; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:28 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js

23.36.79.27

200 OK

14 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP
23.36.79.27:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (32088), with CRLF line terminators
Size
14 kB (14304 bytes)
Hash
3aebe41731e9656c48b87e8e8b2d1177
43369d1732f4ad8a5e7a1e9a3e133d96945afe02
6cf0cd136cefa8b4cce2da6ead22c33b83af4af3e87d7e4e9589b60f6ce4e395

HTTP Headers

GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 14304
Date: Sun, 04 Dec 2022 17:17:28 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=oYcreBm5K3HqojcPr9YmIA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e471e4415d227aa6441e48d6543b2f5d
5d31fde87a692fcde1747dfeec56d42caa2338e9
691eac9590299d938d2b2722a1a3ca784a1f2d7b49b2982f372c3becdcb631ca

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2441
Cache-Control: max-age=135009
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:17:28 GMT
Etag: "638c3900-1d7"
Expires: Tue, 06 Dec 2022 06:47:37 GMT
Last-Modified: Sun, 04 Dec 2022 06:06:56 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e471e4415d227aa6441e48d6543b2f5d
5d31fde87a692fcde1747dfeec56d42caa2338e9
691eac9590299d938d2b2722a1a3ca784a1f2d7b49b2982f372c3becdcb631ca

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2510
Cache-Control: max-age=135078
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:17:28 GMT
Etag: "638c3900-1d7"
Expires: Tue, 06 Dec 2022 06:48:46 GMT
Last-Modified: Sun, 04 Dec 2022 06:06:56 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
a97c490a5f57669e4779f159c4dc7c2e
a8cb07e3ef5ff4963a1e303a9770ff752cc62ecc
440bae73a0f989f36ec69b72d2cd21fab3637efc498af4a5e77d74a55ea7fca7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:28 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 01:42:53 GMT
Expires: Sun, 11 Dec 2022 01:42:52 GMT
Etag: "a8cb07e3ef5ff4963a1e303a9770ff752cc62ecc"
Cache-Control: max-age=548123,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7746321e6ee9fabc-OSL

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e471e4415d227aa6441e48d6543b2f5d
5d31fde87a692fcde1747dfeec56d42caa2338e9
691eac9590299d938d2b2722a1a3ca784a1f2d7b49b2982f372c3becdcb631ca

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2441
Cache-Control: max-age=135009
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:17:28 GMT
Etag: "638c3900-1d7"
Expires: Tue, 06 Dec 2022 06:47:37 GMT
Last-Modified: Sun, 04 Dec 2022 06:06:56 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.a10feec95c706c7622ce.chunk.css

95.101.10.194

200 OK

37 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.a10feec95c706c7622ce.chunk.css
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
37 kB (37175 bytes)
Hash
6b223f2a2042495f2ae0e100fbee5e56
0e8039397d7e1261e8be70a3cc176f2e69a055c3
ff5708f9e1596bd5699f3581ebb6df1f4e1d1dd17cfed38024cd34ec7a74c3f4

HTTP Headers

GET /accounts/static/7M/accounts/public/stylesheets/wfui.a10feec95c706c7622ce.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 37175
Last-Modified: Tue, 01 Nov 2022 17:24:00 GMT
Vary: Accept-Encoding
ETag: "63615630-9137"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Sun, 04 Dec 2022 17:17:28 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=wXtuwc1dlOAc28oM1yvYCQ%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.474b8abaa4011f6d1861.chunk.css

95.101.10.194

200 OK

23 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.474b8abaa4011f6d1861.chunk.css
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
23 kB (22810 bytes)
Hash
e925513b14cc5287268d791e5186f2db
63ed2725c5f2c9d312763395b82aecd496536cc4
a2b6ba21b3d0e3291226ddb9a63af8a29ea45d997f1e33b9f1ed459c86e1eb40

HTTP Headers

GET /accounts/static/7M/accounts/public/stylesheets/main.474b8abaa4011f6d1861.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 22810
Last-Modified: Tue, 01 Nov 2022 17:24:00 GMT
Vary: Accept-Encoding
ETag: "63615630-591a"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Sun, 04 Dec 2022 17:17:28 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=In2RsAIKWxW2%2fIWPdcV9WQ%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=73297843820505482512322520975958523310&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&ts=1670174246199

34.247.240.197

200 OK

321 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=73297843820505482512322520975958523310&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&ts=1670174246199
IP
34.247.240.197:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Size
321 B (321 bytes)
Hash
db9d849cb5f3e9ff52d8f1c0a912e052
52e07b47709370b0846310979621a300e7db3d4e
b03119671a744723f27785e7a0d2018959526ed64bff38bba1ec9e8c00036a79

HTTP Headers

GET /id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=73297843820505482512322520975958523310&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&ts=1670174246199 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-040129606.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=82605594417242606911425120929748408005; Max-Age=15552000; Expires=Fri, 02 Jun 2023 17:17:28 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: VYWFM5dEQ6I=
Content-Length: 321
Connection: keep-alive

dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=73297843820505482512322520975958523310&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%0111202212040917261543587553%011&ts=1670174246205

34.247.240.197

200 OK

319 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=73297843820505482512322520975958523310&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%0111202212040917261543587553%011&ts=1670174246205
IP
34.247.240.197:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Size
319 B (319 bytes)
Hash
73c0133ffed9429f4440c83768af40c0
708a0714a8b601ce137289765af349efca566052
c2ce17d44cdb10e8be96ec5fb57308331fb8e18342639eac5e6e3040878b7f5d

HTTP Headers

GET /id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=73297843820505482512322520975958523310&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%0111202212040917261543587553%011&ts=1670174246205 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0df7a788e.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=36599090172392446753768280404064235269; Max-Age=15552000; Expires=Fri, 02 Jun 2023 17:17:28 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: fQ28Thu/Q28=
Content-Length: 319
Connection: keep-alive

wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1670174246210

34.247.44.49

200 OK

324 B

URL HTTP/1.1
wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1670174246210
IP
34.247.44.49:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (605), with no line terminators
Size
324 B (324 bytes)
Hash
0fd1cd359910b5acdf71236f4c4a1e4b
756fd1a47904a07edb00faccf070ad2c0f934b8a
21a9c52a93659799c9575efe42460d38c02f2f660e779720532e54e3bad9bfa1

HTTP Headers

POST /event?d_dil_ver=9.5&_ts=1670174246210 HTTP/1.1
Host: wellsfargobankna.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 428
Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-0826e4ce6.edge-irl1.demdex.com 4 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=73289507816251228242321123394552383421; Max-Age=15552000; Expires=Fri, 02 Jun 2023 17:17:28 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: UTQu654LSys=
Content-Length: 324
Connection: keep-alive

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
a97c490a5f57669e4779f159c4dc7c2e
a8cb07e3ef5ff4963a1e303a9770ff752cc62ecc
440bae73a0f989f36ec69b72d2cd21fab3637efc498af4a5e77d74a55ea7fca7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:28 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 04 Dec 2022 01:42:53 GMT
Expires: Sun, 11 Dec 2022 01:42:52 GMT
Etag: "a8cb07e3ef5ff4963a1e303a9770ff752cc62ecc"
Cache-Control: max-age=548123,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7746321f0f61fabc-OSL

static.wellsfargo.com/tracking/ga/gtag.js?t=UA-107148943-1

23.36.79.27

200 OK

45 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/gtag.js?t=UA-107148943-1
IP
23.36.79.27:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65508)
Size
45 kB (45086 bytes)
Hash
f0bce3a74e635ab88b299b1f625c99a4
345faf01029820b11abc73022ece8fb8e51cc321
faebd8dced2c15d37da85427c6e60aecb6a1a5f75e888280d447e93e64102c8e

HTTP Headers

GET /tracking/ga/gtag.js?t=UA-107148943-1 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-1ca73"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45086
Date: Sun, 04 Dec 2022 17:17:29 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=sjaUsA%2fw30tvJH3Yp4kxXg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/tracking/ga/gtag.js?t=DC-2549153

23.36.79.27

200 OK

45 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/gtag.js?t=DC-2549153
IP
23.36.79.27:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65508)
Size
45 kB (45086 bytes)
Hash
f0bce3a74e635ab88b299b1f625c99a4
345faf01029820b11abc73022ece8fb8e51cc321
faebd8dced2c15d37da85427c6e60aecb6a1a5f75e888280d447e93e64102c8e

HTTP Headers

GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-1ca73"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45086
Date: Sun, 04 Dec 2022 17:17:29 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=FnPSFplFukdnYvdtYwyFmg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/tracking/ga/gtag.js?t=AW-984436569

23.36.79.27

200 OK

45 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/gtag.js?t=AW-984436569
IP
23.36.79.27:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65508)
Size
45 kB (45086 bytes)
Hash
f0bce3a74e635ab88b299b1f625c99a4
345faf01029820b11abc73022ece8fb8e51cc321
faebd8dced2c15d37da85427c6e60aecb6a1a5f75e888280d447e93e64102c8e

HTTP Headers

GET /tracking/ga/gtag.js?t=AW-984436569 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-1ca73"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45086
Date: Sun, 04 Dec 2022 17:17:29 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=XybNOH2iWJ6k+7lzwtnK5w%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B

163.171.131.129

201 Created

18 B

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /f0x6Zm/Dazhy/ddkQr/3Kcz/1cw3kGLr/cGcuVDAD/FGwuOR/UCIT0B HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
ADRUM: isAjax:true
Content-Type: text/plain;charset=UTF-8
Content-Length: 2586
Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:3$_ss:0$_st:1670176045276$ses_id:1670174204135%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22Rht2Wa5T3CrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22TG44WVZBNFR3Y2g4Z2NCZw%3D%3DS37xy8mQKpptsdfmBV7G27a1VmH6Z-_ZcDjouqkUwYuFdLpRcYjPdW-QxIt9dZnI9hSgNTxxRjsBr-wLTBhD7hYqKUdPmRo29w4%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779046%7C6%7CMCAAMB-1670779046%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1365920265%7CMCOPTOUT-1670181446s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; SameSite=None; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=; ADRUM_BTa=R:27|g:df967ddf-7f2f-4865-8cfd-193c3ebc3e53|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:204; _cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 201 Created
Date: Sun, 04 Dec 2022 17:17:29 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=37EO5W+f6Msuk+C1cnVA8w%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=37EO5W+f6Msuk+C1cnVA8w%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=9B1DC2038A7C6478156F87D438F31F5F~-1~YAAQMa7dWJMhf3WEAQAAW5Ak3gl0sQe40SeNt6voPHtg+PWKok8eS4fyMTzQ+Ek0JeF88NnUcT/pfOpJNr6FcYcVknkV1gGWpAplz3T0AAk5kd998pMaiuLN39T22uHtkMX3R+t83wkr2NVk6ZZnKd6jyAwUilA7pDiKL5HQ85OLy2AppY8zRkqiN5pEOicslIZhCeTMUsAIkdVGaLw8O8wtW7562L4ozZyKTxxfgEQvaACRKnhasvb8hiti5MUc+hGJ4fJo01H8uBPFAu4wY/UZlJY3KjfuH5Tl67qP7y8my0PRdwGydlth8lL9jRtH8ZDw/kA5i5xfNqMjH2SO/cCm/M3FKx1XaVmwsftjRq0g2elgMTsSBur/c4F+dMFXbw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:17:29 GMT; Max-Age=31536000; Secure
bm_sz=D47860646946316889F58F745D763541~YAAQMa7dWJQhf3WEAQAAW5Ak3hITKIBtECepcKApf1TI1r4saPiaHDrXENg9w56zJMVLWXqbxhKwOwh09GKlGpjJVELstaMN5qi3AUKNcllwYOODNA5XsNb8omxmX1JdBY/+viUAmVruksxymcgmPe41r04zRm6AiMIRBj42+ZDdwTIcSr/re9LIHai5M85LIa3igWADjsnx6mcy7UcEyTUzRbloV0PUfDk75JUVJxVt6DSbJmYq+0il8Q4NWaBUvCO8EP6RfvrqDUNl7QIaq7SKotvmD8khGZFoQlKrnV1Eq9w7Pw3U~3289400~4342320; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:17:29 GMT; Max-Age=14400
X-Via: 1.1 bl21:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd629_bl21_14484-7875

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA

163.171.131.129

200 OK

175 B

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
175 B (175 bytes)
Hash
a89a41ade31f0e1011f9f8cc35a54111
010c319c3472514c828fb2b21214b5a000bc8c91
3510420d1462aa77925c93e8f00c8f30aa53dd2b9107e02f48d24349a53be475

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Content-Type: multipart/form-data; boundary=---------------------------71021873737826095101572073620
Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Content-Length: 169
Connection: keep-alive
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:3$_ss:0$_st:1670176045276$ses_id:1670174204135%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22Rht2Wa5T3CrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22TG44WVZBNFR3Y2g4Z2NCZw%3D%3DS37xy8mQKpptsdfmBV7G27a1VmH6Z-_ZcDjouqkUwYuFdLpRcYjPdW-QxIt9dZnI9hSgNTxxRjsBr-wLTBhD7hYqKUdPmRo29w4%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779005%7C6%7CMCAAMB-1670779005%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C875814470%7CMCOPTOUT-1670181405s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; SameSite=None; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=; ADRUM_BTa=R:27|g:df967ddf-7f2f-4865-8cfd-193c3ebc3e53|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:204
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:29 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 175
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
x-envoy-decorator-operation: ingress DeviceCategoryPost4
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=vOtMfZUogh+TbGEMbpPvCii43B4rq3BhhTkM30CfsEg3ywSpyFxlpd6GZ8rnnL+c; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:28 GMT;Httponly; Secure
_abck=185EB0551AB282EA41191CF8794ED0B1~-1~YAAQMa7dWJwhf3WEAQAAjZAk3gmvS+JfY7rVpMB+4hpK8GOzdIIBfWJFfQcGaIRXixW10KlPwwjp5V+uTbB/CBd/i2f/fLP8iDf+0oas7Alx1CyfMu77uAQN/GpfglauvHMVd+J8CsJrkwiw4hXyUPuJJrhfbBqv6AMDEt4s31DS1sHhfnnzwANZGv4P9cuyt19TIMPWrlmh76uZvDRGVKM9fiLRXkUvUE6uU0OMLkxu9n+QehnaeNrJpFnF7X6JIz+yZRUWaPzX8j7DFV9+M7pz2ni/JLKHPffQeiaAAkjx0q1Np/+BAqLc0Vn6zN6g+wNXabQd/2SzK+WjFW9IVt+4j/oVfa0KEONA6F3EzXNPZONiO+3xtH7pIcgFfPUvHg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:17:29 GMT; Max-Age=31536000; Secure
bm_sz=DB22A5917851A55219203FB29209A4B5~YAAQMa7dWJ0hf3WEAQAAjZAk3hL4HQB/T2TUwbqd2S/ZqodPF5U2ysjJCExkzHmEZWXhutGb5VYi0LH1U09cf0BnaJxKWx0w0q8O7R1mdcA6OvNXAUMirLArJFZ2EL0NNtnJ7nN5rInIkaIs0LaRbnX4n3JsmEznshCNfwIEZdYIxYHPa8U/5tmGLSSqD/aEG42y3Ub7Q2NGfgByFaQhMIe1xtrSfwmS1FXJBnqMjd3rqyhO4i7G0STxMqpMhXNBdiJDHJ4iZ3sSdDyLII2TsF/0CDp2QUXVxiCarwXMWrLp3602TY6n~4536642~4408114; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:17:28 GMT; Max-Age=14399
X-Via: 1.1 bl21:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd628_bl21_14229-36989

connect.secure.wellsfargo.com/auth/static/prefs/atadun.js

95.101.10.194

200 OK

607 B

URL HTTP/1.1
connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with CRLF line terminators
Size
607 B (607 bytes)
Hash
00c66df208db2e1ba86a1bf44853001c
703b030e21167b9bbb52ae54bca96921a886c2dc
ab1989dd07ba1ed256db9131647ea9cb1b3735fac736fd27fb73b4b44c6e45b9

HTTP Headers

GET /auth/static/prefs/atadun.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 08 Nov 2022 03:06:30 GMT
Vary: Accept-Encoding
ETag: W/"6369c7b6-4a0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Content-Encoding: gzip
Content-Length: 607
Date: Sun, 04 Dec 2022 17:17:29 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=dCvwlsAWmcGMBMO8f1qoFkYaT8PsT%2fwEHck1owcQxZHX50Tld8gv80LMRWGsUsqC; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:28 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145%3A1&_cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c&pv=2&f_cls_s=true

95.101.10.104

200 OK

76 B

URL HTTP/1.1
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145%3A1&_cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c&pv=2&f_cls_s=true
IP
95.101.10.104:0
ASN
#20940 Akamai International B.V.

File type
JSON data\012- , ASCII text, with no line terminators
Size
76 B (76 bytes)
Hash
1e6ff123a2518590a15bd2e8eca81433
b61154d693b7bc9cd25c4e2ca7f12b7578e76772
847f3c23740ad57226e41345b1ef3d6946d5da1012fec31a8b39db6eb1234764

HTTP Headers

GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145%3A1&_cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 76
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sun, 04 Dec 2022 17:17:29 GMT
Connection: keep-alive
Set-Cookie: _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; Secure; SameSite=None;HttpOnly;Secure
_cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145:1; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!35Aa34kgBX6fUPXjbMKMZ0gdoDa2eUh2RgP4CYXQwaPMCzx2RX1OARvBd7viGuGtSSI36MyH2Y7mDj4=; path=/; Httponly; Secure
DCID=cnUrHokcfhHzqMN+Ra7t6f5q7oxKJZbiIChiTLn%2fRr8%3d; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.22b3d392defe6fff2c92.chunk.js

95.101.10.194

200 OK

297 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.22b3d392defe6fff2c92.chunk.js
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
297 kB (297443 bytes)
Hash
721cff287fd86c4c7c557bd036a7950b
af2dfde9106c4c81ea7bb54523a5211a2ab0e823
91bc939ad2b4e4994ee47ac091dc0f2cd66a247616431a994a2ed4569f894b81

HTTP Headers

GET /accounts/static/7M/accounts/public/js/main.22b3d392defe6fff2c92.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 297443
Last-Modified: Mon, 14 Nov 2022 19:22:52 GMT
Vary: Accept-Encoding
ETag: "6372958c-489e3"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Sun, 04 Dec 2022 17:17:29 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=Pl%2f0NtkZTSqIGIfAjLSbZ+JbpUhRifTGJ0HdloQ2K4CPFSMfH72iOG4X5OYQpxCt; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:28 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

static.wellsfargo.com/tracking/ga/ga.js

23.36.79.27

200 OK

20 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/ga.js
IP
23.36.79.27:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (49163)
Size
20 kB (19477 bytes)
Hash
d76c07f3794667edfb1c8ac0df3aac66
23e1915175dad06223c692b49c7b3c2aad1a5820
e0a246ff71144016a26e53493b8275a3a02b9386c690a169801840072851136b

HTTP Headers

GET /tracking/ga/ga.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-c025"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 19477
Date: Sun, 04 Dec 2022 17:17:29 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=WsISyXJFws4mnQydwCPzag%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/tracking/ga/ga_conversion_async.js

23.36.79.27

200 OK

14 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/ga_conversion_async.js
IP
23.36.79.27:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (35846)
Size
14 kB (13593 bytes)
Hash
42c817a7b5f9583b2bc70f742dc950c9
ff75711716f8605860abe551b0235f7194e4348e
881b430ac699f32b3b5234582494d1f4fc0d22be1e6ac797847d66bc5ebc250f

HTTP Headers

GET /tracking/ga/ga_conversion_async.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-8c31"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 13593
Date: Sun, 04 Dec 2022 17:17:29 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=1e0aTI+BONBlL5cfhG44Ng%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js

23.36.79.27

200 OK

16 kB

URL HTTP/1.1
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
IP
23.36.79.27:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (599)
Size
16 kB (15970 bytes)
Hash
18a9dcc7cee831010cf1647c8e39088a
731f39c30835414c6e165dd4687bf4071fe0eb10
1dc439a17ef08f995584c4869ccc397120b2502b57ba40240887df28e347be9b

HTTP Headers

GET /assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 Mar 2021 23:46:24 GMT
Vary: Accept-Encoding
ETag: W/"60401fd0-bbed"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15970
Date: Sun, 04 Dec 2022 17:17:29 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=McSe%2fL1HkX7wr%2fYi6G2I7w%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
68570b7de13c7dfdf686da25ce10d668
61c1304152f11e6a83c383fff8d5e498c4385e6f
537302c07522f4bf1e766fbb1a8da346f59526715a5fcecd3f6aa4817b6b32ed

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:17:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.2b02911676d4125b4453.chunk.js

95.101.10.194

200 OK

365 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.2b02911676d4125b4453.chunk.js
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
Unicode text, UTF-8 text, with very long lines (65439)
Size
365 kB (364972 bytes)
Hash
db2d951851111099d0b1d41a96e96e7d
21c16602937154772e851a518480db96b3ea3de0
b15fc7e3a585705c0171abf000b5df1846b2cbed0f5871d3a4dda39d6dee9508

HTTP Headers

GET /accounts/static/7M/accounts/public/js/vendor.2b02911676d4125b4453.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 364972
Last-Modified: Mon, 14 Nov 2022 19:22:52 GMT
Vary: Accept-Encoding
ETag: "6372958c-591ac"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Sun, 04 Dec 2022 17:17:29 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=ST+vzkVtQCGj%2fEkm2iGIH8+tOms1pyMwEBqd6vLpeYcfE6K4QHkBoH+yA7OdReTi; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:28 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
ddb75db50c854f27d611cadc8e6b000d
551a1af8c8015ab2d3baf689507c0e7a841bace0
13a0380063c5aef81673be073e9a452f8ae3e955201193e16cffb95561823e2a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3627
Cache-Control: max-age=86863
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:17:29 GMT
Etag: "638b784d-1d7"
Expires: Mon, 05 Dec 2022 17:25:12 GMT
Last-Modified: Sat, 03 Dec 2022 16:24:45 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
ddb75db50c854f27d611cadc8e6b000d
551a1af8c8015ab2d3baf689507c0e7a841bace0
13a0380063c5aef81673be073e9a452f8ae3e955201193e16cffb95561823e2a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3369
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:17:29 GMT
Last-Modified: Sun, 04 Dec 2022 16:21:20 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

connect.secure.wellsfargo.com/PIDO/pic.js?r=0.23494665049642516

95.101.10.194

200 OK

42 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/PIDO/pic.js?r=0.23494665049642516
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
42 kB (42455 bytes)
Hash
124fd3018807a95520a9d0084307adca
8f2e788c89bad5528a3c042e4a21a3f3ef8a0f80
7b62b47c4b6d9ec288636d38ce23a1ba014ddeb41778ef965d52019a09102832

HTTP Headers

GET /PIDO/pic.js?r=0.23494665049642516 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 42455
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sun, 04 Dec 2022 17:17:29 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=WRg47LkWupvAvpEHB+lhnV8wCscA5HIY4SbJ7Du0D2yCft7udkM4YmHe09FGwet9; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145:1&_cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c&pid=d778cf51-242a-433b-9836-041175f821b6&sn=1&cfg&pv=2&aid=

95.101.10.104

200 OK

969 B

URL HTTP/1.1
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145:1&_cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c&pid=d778cf51-242a-433b-9836-041175f821b6&sn=1&cfg&pv=2&aid=
IP
95.101.10.104:0
ASN
#20940 Akamai International B.V.

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (4597), with no line terminators
Size
969 B (969 bytes)
Hash
f3f62861b191c56cac5d3ad0d5f43e0f
95de5c861ffe75480dd901b006e741a9c5c17680
112a55e6868ee09689b2963f15f03e7eb471623b9c3f8947912a785a70ae5ff4

HTTP Headers

POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145:1&_cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c&pid=d778cf51-242a-433b-9836-041175f821b6&sn=1&cfg&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 2838
Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Cookie: _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 969
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sun, 04 Dec 2022 17:17:29 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=18d2c6f2; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!sEVURoWltk79bNnjbMKMZ0gdoDa2eQqp3OeDpnQWS2Rw2nn+n75eMuOhjT1wBwcMa4Yb8MjwY38+AMQ=; path=/; Httponly; Secure
DCID=Y3bRt19sphMKoF6YopmR3Hqfcv5LxcTERsP+i4IXFF8%3d; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

connect.secure.wellsfargo.com/AIDO/glu.js

95.101.10.194

200 OK

37 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/AIDO/glu.js
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
37 kB (36972 bytes)
Hash
b8629929e9da177bf639a491405b39f8
dde8015c9c64a3b30ec735a9fe22c4f79cb27025
c34a883cd3ab3ea957c9d6433992e34ab9cfc65a28a1f5ae323b050ad9b22085

HTTP Headers

GET /AIDO/glu.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 36972
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, OPTIONS
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Encoding: gzip
Date: Sun, 04 Dec 2022 17:17:29 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=W6dv8+fOGeJlS1eKvgpURSLrNVOiouu9HK5mIpfI6iJFiOYnhzWMUDH5E6fTYZ+m; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.5031690185095735

95.101.10.194

200 OK

56 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.5031690185095735
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
56 kB (55574 bytes)
Hash
3da872831a49a2113bc3be0bcad6ce1d
9a9c5b145ece8a641fd526abc8590bf8569f3e0d
51d6a13640ae27f864effff6da712990258513559bdc0404a2358f6a1e3e98ec

HTTP Headers

GET /AIDO/mint.js?dt=login&r=0.5031690185095735 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 55574
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sun, 04 Dec 2022 17:17:29 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=oXRCdcZ6kA3pGniXHG8v6lvCaIjCyMadTFHvCNPtv8kMZSfwcMPXf99Pr7cMqUpk; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

static.wellsfargo.com/tracking/ga/ec.js

23.36.79.27

200 OK

1.3 kB

URL HTTP/1.1
static.wellsfargo.com/tracking/ga/ec.js
IP
23.36.79.27:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (2771)
Size
1.3 kB (1313 bytes)
Hash
8a1d22ba0de1104dcdc02a582b407ed2
e4d90fd13a73c7379c46b197ded523a5d33c69b9
4a44a1a7efd65360f31e0b1842ad06b7fedc7c0373c69c0077c696cd49cc35de

HTTP Headers

GET /tracking/ga/ec.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-aed"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1313
Date: Sun, 04 Dec 2022 17:17:29 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=P0w6y7xkcv6UzcU2Ar%2fRcQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247185&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247185&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247185&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:4$_ss:0$_st:1670176046621$ses_id:1670174204135%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22RhsTH4Zh5SrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22aXNKdks3UDZoSm4xa0g4Rw%3D%3DpIkJOttaLiVhhyWbWZCDOy2A7c9HgTJx40OC0_wfU34gpkeeIV3e9xKhqVtrTI7jm2vxj9e6IzDaE8ACjocIXl9b_tKnOjEO5WU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779046%7C6%7CMCAAMB-1670779046%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1365920265%7CMCOPTOUT-1670181446s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; SameSite=None; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=; ADRUM_BTa=R:27|g:df967ddf-7f2f-4865-8cfd-193c3ebc3e53|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:204; _cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 03 Dec 2022 17:17:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=nDwYfyIRnF9wat14HWx6ocDD45ylFqqBD1a0vVA8WGSLHGAgDRHmnZSDiZ7sVWnK; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd629_bl21_14229-37064

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247327&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247327&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247327&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8 HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:4$_ss:0$_st:1670176046621$ses_id:1670174204135%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22RhsTH4Zh5SrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22aXNKdks3UDZoSm4xa0g4Rw%3D%3DpIkJOttaLiVhhyWbWZCDOy2A7c9HgTJx40OC0_wfU34gpkeeIV3e9xKhqVtrTI7jm2vxj9e6IzDaE8ACjocIXl9b_tKnOjEO5WU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779046%7C6%7CMCAAMB-1670779046%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1365920265%7CMCOPTOUT-1670181446s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; SameSite=None; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=; ADRUM_BTa=R:27|g:df967ddf-7f2f-4865-8cfd-193c3ebc3e53|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:204; _cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 03 Dec 2022 17:17:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=BBzoa8wZnECydeTG6aFl8wFCfELJUevfSz+SkNJX09OUucDlfDiqTbYllRzD2D4+; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd629_bl21_14521-26467

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247333&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-228529-16%7Etcm%3A91-223657-32

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247333&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-228529-16%7Etcm%3A91-223657-32
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247333&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-228529-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:4$_ss:0$_st:1670176046621$ses_id:1670174204135%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22RhsTH4Zh5SrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22aXNKdks3UDZoSm4xa0g4Rw%3D%3DpIkJOttaLiVhhyWbWZCDOy2A7c9HgTJx40OC0_wfU34gpkeeIV3e9xKhqVtrTI7jm2vxj9e6IzDaE8ACjocIXl9b_tKnOjEO5WU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779046%7C6%7CMCAAMB-1670779046%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1365920265%7CMCOPTOUT-1670181446s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; SameSite=None; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=; ADRUM_BTa=R:27|g:df967ddf-7f2f-4865-8cfd-193c3ebc3e53|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:204; _cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 03 Dec 2022 17:17:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=do1ziMSAe%2fa4c9ZcCT9kNX9p6W8wNhEyMyj+q0R5cjojDRW8q6tQCSdY3LXhXpha; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd629_bl21_14454-48099

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247319&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247319&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247319&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32 HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:4$_ss:0$_st:1670176046621$ses_id:1670174204135%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22RhsTH4Zh5SrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22aXNKdks3UDZoSm4xa0g4Rw%3D%3DpIkJOttaLiVhhyWbWZCDOy2A7c9HgTJx40OC0_wfU34gpkeeIV3e9xKhqVtrTI7jm2vxj9e6IzDaE8ACjocIXl9b_tKnOjEO5WU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779046%7C6%7CMCAAMB-1670779046%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1365920265%7CMCOPTOUT-1670181446s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; SameSite=None; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=; ADRUM_BTa=R:27|g:df967ddf-7f2f-4865-8cfd-193c3ebc3e53|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:204; _cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 03 Dec 2022 17:17:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=SOHH02Qydmjfh%2fzPY93yqCCtbkalRfUjkildlEkbrOeoAFy0WNp7s1C9%2fdmnreXN; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd629_bl21_14484-7947

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f54a71942ab5d7fdc54672cf84aa76db
e03db706ad371c93ddd3cc4a3e4c329777bb5f4b
87453ee6a206085c9b82594123a30bf59f7354733d19f21e388dea70768198c9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:17:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247324&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247324&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247324&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32 HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:4$_ss:0$_st:1670176046621$ses_id:1670174204135%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22RhsTH4Zh5SrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22aXNKdks3UDZoSm4xa0g4Rw%3D%3DpIkJOttaLiVhhyWbWZCDOy2A7c9HgTJx40OC0_wfU34gpkeeIV3e9xKhqVtrTI7jm2vxj9e6IzDaE8ACjocIXl9b_tKnOjEO5WU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779046%7C6%7CMCAAMB-1670779046%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1365920265%7CMCOPTOUT-1670181446s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; SameSite=None; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=; ADRUM_BTa=R:27|g:df967ddf-7f2f-4865-8cfd-193c3ebc3e53|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:204; _cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 03 Dec 2022 17:17:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=V3fg8dXjiuv%2fjPxpAmj7FxrmAekT%2fY0iPw2sgvFLkzmu+C85dkDhM20Tebw5h8rQ; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd629_bl21_14328-47909

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247337&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_chk_everydaycheckingrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228529-16%7Etcm%3A91-223657-32

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247337&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_chk_everydaycheckingrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228529-16%7Etcm%3A91-223657-32
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247337&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_chk_everydaycheckingrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228529-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:4$_ss:0$_st:1670176046621$ses_id:1670174204135%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22RhsTH4Zh5SrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22aXNKdks3UDZoSm4xa0g4Rw%3D%3DpIkJOttaLiVhhyWbWZCDOy2A7c9HgTJx40OC0_wfU34gpkeeIV3e9xKhqVtrTI7jm2vxj9e6IzDaE8ACjocIXl9b_tKnOjEO5WU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779046%7C6%7CMCAAMB-1670779046%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1365920265%7CMCOPTOUT-1670181446s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; SameSite=None; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=; ADRUM_BTa=R:27|g:df967ddf-7f2f-4865-8cfd-193c3ebc3e53|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:204; _cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 03 Dec 2022 17:17:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=8P2xmx22vZOj6J2Bg7Z4azdNhArzaMc1s3xShCvfs58QgTV9hKZdYeaXILNGv6sS; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd629_bl21_14454-48102

connect.secure.wellsfargo.com/jenny/nd

95.101.10.194

200 OK

17 kB

URL HTTP/1.1
connect.secure.wellsfargo.com/jenny/nd
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (2285)
Size
17 kB (17126 bytes)
Hash
61f40782ee07be75f4b0e72c72f51c88
c8e3aecd15e2addcd9e872cf1be55326b94200c1
003d9bbbfa8d30012f0758d01b46103bb2e59790ddc5e9237905aa01f42e8d15

HTTP Headers

GET /jenny/nd HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/javascript;charset=ISO-8859-1
Content-Length: 17126
Date: Sun, 04 Dec 2022 17:17:29 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:55|g:f523b3ce-478a-4bc4-aba6-968a63216977; Expires=Sun, 04-Dec-2022 17:17:59 GMT; Path=/; Secure
ADRUM_BTa=R:55|g:f523b3ce-478a-4bc4-aba6-968a63216977|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 04-Dec-2022 17:17:59 GMT; Path=/; Secure
SameSite=None; Expires=Sun, 04-Dec-2022 17:17:59 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812; Expires=Sun, 04-Dec-2022 17:17:59 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812|e:3; Expires=Sun, 04-Dec-2022 17:17:59 GMT; Path=/; Secure
ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=uX07ejQZwjgZpryH9szggYLtERgW9z9FuzYHgXnerLXceVedI87Z44OhvP7Da6AZ; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:29 GMT;Httponly; Secure
_abck=0155A4616805EEF27B0A1D57CD0D8E86~-1~YAAQvgplX8yXFIyEAQAAA5Qk3glyZsjMRAwiGQpNhqcyIh09QUogfXhxvWckMgpoSz5JwbxwC94UWulJgr6nTvRKP5E8lGT7IHx8Pi+hRuC+bTes8I9PzHPWpLpyD9r463cG5rcAnUZtV2QW7YMLCDTHC1TBETaFkV3lwz7OHdG+IpgwkQJhuS7DiGAHDC4IKO+zWQzpudh6lNOFr7ksdt11jj2BI4vWjGFLp05/u2E8YWQbPlSYowmjKv3sZklC5FWELTj8BEBJ4HQI0R/iRrmwzL6yeADXkxupvtZyPPMu1og8IkoAQ1mmsfAqvzobYMyLOJpihO+/gE7zuSJUS9jMGr7tG3cpCXIpSlOFwl4FohCcP/HKIlAbD9RO9qI9sw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:17:29 GMT; Max-Age=31536000; Secure
bm_sz=9972CB228E913A0C36C35C208E4EAB42~YAAQvgplX82XFIyEAQAAA5Qk3hI/YZGLeCZG5MRCujS1OtAsMNDWlRLCRx9GIFKCUPRJiWnzkOHhXJhG6T7C+CUFBo4tBnhZ42mYtfWP6QTovqmxf4q3sZYqZixUfznVqvO59gQthN7pCYwrOkDMU3FaqWyfZZ387uoFsRiVU/MIzi1ROSxdeR/MX83U+/o8rf0HO7eaX60QIyn7C80WNp/SjYrIKcodGKEV/62eu7jJ9FQKqo7er8HZW6yTJeOERW/bk8PT4tLdjRlN/sUx5/USkBT4j7DPd8mOBzvlUofYBZWJzyKj~3420486~3551793; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:17:29 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247341&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247341&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247341&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:4$_ss:0$_st:1670176046621$ses_id:1670174204135%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22RhsTH4Zh5SrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22aXNKdks3UDZoSm4xa0g4Rw%3D%3DpIkJOttaLiVhhyWbWZCDOy2A7c9HgTJx40OC0_wfU34gpkeeIV3e9xKhqVtrTI7jm2vxj9e6IzDaE8ACjocIXl9b_tKnOjEO5WU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779046%7C6%7CMCAAMB-1670779046%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1365920265%7CMCOPTOUT-1670181446s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; SameSite=None; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=; ADRUM_BTa=R:27|g:df967ddf-7f2f-4865-8cfd-193c3ebc3e53|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:204; _cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:30 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 03 Dec 2022 17:17:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=ortDox9IbGfk3KlBqGqvPSh5jIuWRanekFbbfg7qHx4KiBZrjMvrR2v28jS1gYPJ; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd629_bl21_14229-37077

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247347&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247347&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247347&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:4$_ss:0$_st:1670176046621$ses_id:1670174204135%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22RhsTH4Zh5SrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22aXNKdks3UDZoSm4xa0g4Rw%3D%3DpIkJOttaLiVhhyWbWZCDOy2A7c9HgTJx40OC0_wfU34gpkeeIV3e9xKhqVtrTI7jm2vxj9e6IzDaE8ACjocIXl9b_tKnOjEO5WU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779046%7C6%7CMCAAMB-1670779046%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1365920265%7CMCOPTOUT-1670181446s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; SameSite=None; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=; ADRUM_BTa=R:27|g:df967ddf-7f2f-4865-8cfd-193c3ebc3e53|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:204; _cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:30 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 03 Dec 2022 17:17:30 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=5hMyWoCHS2b3NILPHlaA3JQJ1LKDDC+0X6x95i3AmHWJgQOqi088I5LXlwPnqNPP; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd629_bl21_14454-48111

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247351&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=2

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247351&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=2
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247351&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=2 HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:4$_ss:0$_st:1670176046621$ses_id:1670174204135%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22RhsTH4Zh5SrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22aXNKdks3UDZoSm4xa0g4Rw%3D%3DpIkJOttaLiVhhyWbWZCDOy2A7c9HgTJx40OC0_wfU34gpkeeIV3e9xKhqVtrTI7jm2vxj9e6IzDaE8ACjocIXl9b_tKnOjEO5WU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779046%7C6%7CMCAAMB-1670779046%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1365920265%7CMCOPTOUT-1670181446s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; SameSite=None; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=; ADRUM_BTa=R:27|g:df967ddf-7f2f-4865-8cfd-193c3ebc3e53|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:204; _cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:30 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 03 Dec 2022 17:17:30 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=duUN+bTL0ItGAm7kltlxj65D2t+jJ0+zsOu9DIFT66HYq6h%2fuz9qimEVZniDb7nY; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd629_bl21_14484-7960

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247355&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247355&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247355&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:4$_ss:0$_st:1670176046621$ses_id:1670174204135%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22RhsTH4Zh5SrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22aXNKdks3UDZoSm4xa0g4Rw%3D%3DpIkJOttaLiVhhyWbWZCDOy2A7c9HgTJx40OC0_wfU34gpkeeIV3e9xKhqVtrTI7jm2vxj9e6IzDaE8ACjocIXl9b_tKnOjEO5WU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779046%7C6%7CMCAAMB-1670779046%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1365920265%7CMCOPTOUT-1670181446s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; SameSite=None; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=; ADRUM_BTa=R:27|g:df967ddf-7f2f-4865-8cfd-193c3ebc3e53|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:204; _cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:30 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 03 Dec 2022 17:17:30 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=5oiEfbN6z9boJ0b3lGPYFNW5HhzcOltLEEFGI6oP%2fcNMoSZtdxYTqJ4vKofSncqW; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd629_bl21_14328-47927

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247357&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_mtg_prequalificationbrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32&promoSlot=3

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247357&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_mtg_prequalificationbrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32&promoSlot=3
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247357&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_mtg_prequalificationbrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32&promoSlot=3 HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:4$_ss:0$_st:1670176046621$ses_id:1670174204135%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22RhsTH4Zh5SrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22aXNKdks3UDZoSm4xa0g4Rw%3D%3DpIkJOttaLiVhhyWbWZCDOy2A7c9HgTJx40OC0_wfU34gpkeeIV3e9xKhqVtrTI7jm2vxj9e6IzDaE8ACjocIXl9b_tKnOjEO5WU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779046%7C6%7CMCAAMB-1670779046%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1365920265%7CMCOPTOUT-1670181446s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; SameSite=None; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=; ADRUM_BTa=R:27|g:df967ddf-7f2f-4865-8cfd-193c3ebc3e53|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:204; _cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:30 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 03 Dec 2022 17:17:30 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=7CeOsgJ%2fbachALSOBNRMbqPMvFSgqGbqONtAFLViy+2sBt+9VSqNj6mSa%2flmLKmi; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd62a_bl21_14454-48117

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
663979bbd831a40bec8611cfac8d77af
aa43c96676a33100f244e6772e37adc2b6f89b76
60c21027da288e857f546b531dd226d81206bfa85a35985b0e1587a68dec4d5b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:17:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEAyWlA3b3VEd1hUSXJMWi9CSWM4T2xwMlBoNHVxTU9wQ1RKeWJkRTh6cjZjSGdpQVRqWUovbWR0NExYdEQ5d0R2UWFQeVp1R2pUc09UVG9WUDhxbkh2Z1hwSW5pRnhVYzZ6VUw4dW5yTTlJcVlEYzhEdXBVQzhycFA5b3hMZzc5d2tWVmRwOU5kSHJNeVV1QzNPaENleWl1SUN1L0t6SGZ1dHBaRm9iMEdmaUN6cHkyWUdDNEpFaXRDcEE0a25rcFZTRHE4UXdBMG51RG5VR2paQTVwR3pja2VKZkE0RWJITzlWWVJjSWNWa01QNVp2VnQ4Q1JUZ1J6ckRYTE9ONUpQSWFmNnU1RDA0dFJnZGNaM1I3VS9iTTBLZmFBWUM1RE16S2U5dThRPXw1Y2ZmMDFmZGRkNGZlNDNhYWFiMTRkMzJkZDAxZThlMTY2YWM4NGFjNzExZjQwYjllZTI0MjBkNzY1NWExYzEwYjE2NjAzOThkNGI0YTZhMWZlNzFhYTczZDJlNGE0NDUxMTJhNDkwY2I3YjRjODQ2NzI0Y2ZjYzFjZmZjMjE4YmE5YzFkZDI2NWFmOTVmN2MzNGY4OTI4MmEzZTg3ZWJkMDRhZjdjMDNmNGRlMmEwMDM0ZWU3M2NmNDdlYWQxZGZmOWI3Nzk3MGQ4YzkyYmQ5NjM2MmZjNmViYTM0YjhjZWQxMzU3ZjRlNjk4NjY5Mjc1MjNiODc3YWNjZTg4ZDA1YTU4YmFlYTY3MzE4YjlkZTczYjEzODU5YzQ4ZDI3M2MwM2I1MzM2MWY0MDk1MmFhNWY2MmFmNjEzYzRlYTFlNjcwNTUxYzU4ZjUxNWE5YjQ5MTFiOTIwZDBkZjBiMjgwMWQ1YWQ3ZWU5YTgzZDg3ODM0OTVmODhhZjcyYTEyMzljNjRhNmYwOWUxZDFiM2Q4Y2Y1ZTk4YjhkMzA1ZGQzMGIwMTJkMDg0NjkwZjA4OTJmZDRhMTlkYTliMTFhYjlhYjY1ZWJmYWRmYjczNjE4ZDVmNTNmYzE3ZDU2ZjI2MzEzOWIwOThkMDVjODlkMzY2ZTNiZjk1MzM2YmM2NTc2M3wwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com&t=jsonp&c=yr_xhkpn_oybtbtl&eu=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F

95.101.10.194

200 OK

90 B

URL HTTP/1.1
connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEAyWlA3b3VEd1hUSXJMWi9CSWM4T2xwMlBoNHVxTU9wQ1RKeWJkRTh6cjZjSGdpQVRqWUovbWR0NExYdEQ5d0R2UWFQeVp1R2pUc09UVG9WUDhxbkh2Z1hwSW5pRnhVYzZ6VUw4dW5yTTlJcVlEYzhEdXBVQzhycFA5b3hMZzc5d2tWVmRwOU5kSHJNeVV1QzNPaENleWl1SUN1L0t6SGZ1dHBaRm9iMEdmaUN6cHkyWUdDNEpFaXRDcEE0a25rcFZTRHE4UXdBMG51RG5VR2paQTVwR3pja2VKZkE0RWJITzlWWVJjSWNWa01QNVp2VnQ4Q1JUZ1J6ckRYTE9ONUpQSWFmNnU1RDA0dFJnZGNaM1I3VS9iTTBLZmFBWUM1RE16S2U5dThRPXw1Y2ZmMDFmZGRkNGZlNDNhYWFiMTRkMzJkZDAxZThlMTY2YWM4NGFjNzExZjQwYjllZTI0MjBkNzY1NWExYzEwYjE2NjAzOThkNGI0YTZhMWZlNzFhYTczZDJlNGE0NDUxMTJhNDkwY2I3YjRjODQ2NzI0Y2ZjYzFjZmZjMjE4YmE5YzFkZDI2NWFmOTVmN2MzNGY4OTI4MmEzZTg3ZWJkMDRhZjdjMDNmNGRlMmEwMDM0ZWU3M2NmNDdlYWQxZGZmOWI3Nzk3MGQ4YzkyYmQ5NjM2MmZjNmViYTM0YjhjZWQxMzU3ZjRlNjk4NjY5Mjc1MjNiODc3YWNjZTg4ZDA1YTU4YmFlYTY3MzE4YjlkZTczYjEzODU5YzQ4ZDI3M2MwM2I1MzM2MWY0MDk1MmFhNWY2MmFmNjEzYzRlYTFlNjcwNTUxYzU4ZjUxNWE5YjQ5MTFiOTIwZDBkZjBiMjgwMWQ1YWQ3ZWU5YTgzZDg3ODM0OTVmODhhZjcyYTEyMzljNjRhNmYwOWUxZDFiM2Q4Y2Y1ZTk4YjhkMzA1ZGQzMGIwMTJkMDg0NjkwZjA4OTJmZDRhMTlkYTliMTFhYjlhYjY1ZWJmYWRmYjczNjE4ZDVmNTNmYzE3ZDU2ZjI2MzEzOWIwOThkMDVjODlkMzY2ZTNiZjk1MzM2YmM2NTc2M3wwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com&t=jsonp&c=yr_xhkpn_oybtbtl&eu=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with no line terminators
Size
90 B (90 bytes)
Hash
cb5a7738c4fdd5ee66d185cad7d5b077
cb9c2404cdd4d781c25185ea87cad94a32e50bde
e8babfadd26a3225043dfbb1e8ac4504909fea5163d9fb022febbec6c064c5ed

HTTP Headers

GET /AIDO/vyHb?d=ZW5jZEAyWlA3b3VEd1hUSXJMWi9CSWM4T2xwMlBoNHVxTU9wQ1RKeWJkRTh6cjZjSGdpQVRqWUovbWR0NExYdEQ5d0R2UWFQeVp1R2pUc09UVG9WUDhxbkh2Z1hwSW5pRnhVYzZ6VUw4dW5yTTlJcVlEYzhEdXBVQzhycFA5b3hMZzc5d2tWVmRwOU5kSHJNeVV1QzNPaENleWl1SUN1L0t6SGZ1dHBaRm9iMEdmaUN6cHkyWUdDNEpFaXRDcEE0a25rcFZTRHE4UXdBMG51RG5VR2paQTVwR3pja2VKZkE0RWJITzlWWVJjSWNWa01QNVp2VnQ4Q1JUZ1J6ckRYTE9ONUpQSWFmNnU1RDA0dFJnZGNaM1I3VS9iTTBLZmFBWUM1RE16S2U5dThRPXw1Y2ZmMDFmZGRkNGZlNDNhYWFiMTRkMzJkZDAxZThlMTY2YWM4NGFjNzExZjQwYjllZTI0MjBkNzY1NWExYzEwYjE2NjAzOThkNGI0YTZhMWZlNzFhYTczZDJlNGE0NDUxMTJhNDkwY2I3YjRjODQ2NzI0Y2ZjYzFjZmZjMjE4YmE5YzFkZDI2NWFmOTVmN2MzNGY4OTI4MmEzZTg3ZWJkMDRhZjdjMDNmNGRlMmEwMDM0ZWU3M2NmNDdlYWQxZGZmOWI3Nzk3MGQ4YzkyYmQ5NjM2MmZjNmViYTM0YjhjZWQxMzU3ZjRlNjk4NjY5Mjc1MjNiODc3YWNjZTg4ZDA1YTU4YmFlYTY3MzE4YjlkZTczYjEzODU5YzQ4ZDI3M2MwM2I1MzM2MWY0MDk1MmFhNWY2MmFmNjEzYzRlYTFlNjcwNTUxYzU4ZjUxNWE5YjQ5MTFiOTIwZDBkZjBiMjgwMWQ1YWQ3ZWU5YTgzZDg3ODM0OTVmODhhZjcyYTEyMzljNjRhNmYwOWUxZDFiM2Q4Y2Y1ZTk4YjhkMzA1ZGQzMGIwMTJkMDg0NjkwZjA4OTJmZDRhMTlkYTliMTFhYjlhYjY1ZWJmYWRmYjczNjE4ZDVmNTNmYzE3ZDU2ZjI2MzEzOWIwOThkMDVjODlkMzY2ZTNiZjk1MzM2YmM2NTc2M3wwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com&t=jsonp&c=yr_xhkpn_oybtbtl&eu=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 90
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Sun, 04 Dec 2022 17:17:30 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=TQtGIjfOy+ivQCqeTlPLZeYPHC3aHpleR%2fh3V9KlRz%2ftjtnDe6ILnd0S0MAxZjWz; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:30 GMT;Httponly; Secure
_abck=72432D8465042700812614EF45547028~-1~YAAQvgplX86XFIyEAQAAC5Uk3gl1IllXQtTpPgK2dVuTJ954alqN8zp2W+/B04rshvpM+aq0zQnxPhKaO69ApMIfWarCl/qkpSCKsyAmhXNf7lFHkSgViqF5QjGI5KmBPJh5PE8/xRTnEnpwbJxc3m2BcCJi0voMj403BncoYb1EbrtdF1JoxfvNbusnfBejcfid+atJ7tEdz2OmgmGoGfvJU3hP+6njAIFfPgEtgC3wA70IluhOdiTNw6uX+zIJ41+kgd41Ep9b0XFPuvCSV4egzsKFzFkZLhWgVRvxAM7Ambukp6pKte2xhF6oRDSvl9/vk8Iz/Mok8PbiRCgakNbFokkY1Pz4HwIq+ssqHQeErnVNaSR9zl8XaLUXuux2Gg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:17:30 GMT; Max-Age=31536000; Secure
bm_sz=26824F3F6D44EE26101A7680477E1389~YAAQvgplX8+XFIyEAQAAC5Uk3hIRkc87w+nfdgR2C8bXMMwMo++C3zYtEfSn265LlmRA5S+Y55+8YMcc8+yXCNeWHt6TW9EkPXbhG819VK4npde7D5nyDC9rxVxBYSO1QKZe9gJOBxiOGA4nw1vPCcZclcsBuZjjUEGOctfotkdoHwbvpWNYmYz+yksNcG3PaXojl0Onsuikns1mrsUZBrTGWUUso+1hsMpO/4XPG2cw6v726fMNlZ3BWsXmwXv9xKGCElxdWRP49dlcbFreUxtKdu3nx1MfWdcHKkzpp0nnqEvxQhOW~3290423~3354937; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:17:30 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247360&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32

163.171.131.129

200 OK

43 B

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247360&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo
openphish	Wells Fargo & Company

HTTP Headers

GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&cb=1670174247360&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32 HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:4$_ss:0$_st:1670176046621$ses_id:1670174204135%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22RhsTH4Zh5SrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22aXNKdks3UDZoSm4xa0g4Rw%3D%3DpIkJOttaLiVhhyWbWZCDOy2A7c9HgTJx40OC0_wfU34gpkeeIV3e9xKhqVtrTI7jm2vxj9e6IzDaE8ACjocIXl9b_tKnOjEO5WU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779046%7C6%7CMCAAMB-1670779046%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1365920265%7CMCOPTOUT-1670181446s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; SameSite=None; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=; ADRUM_BTa=R:27|g:df967ddf-7f2f-4865-8cfd-193c3ebc3e53|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:204; _cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:30 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 03 Dec 2022 17:17:30 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=DCDr%2fTanLhQvtLh2dj6pUNDEUPJmrSYvqo7lNc6T0xrOm7SRAqy7vXJc0NGyNCXh; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd62a_bl21_14229-37097

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/as/target/offers/dispositions

163.171.131.129

200 OK

968 B

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with very long lines (2437), with no line terminators
Size
968 B (968 bytes)
Hash
c46ef132bdd0cef569c5344b3ba1339d
d8f1a4a5a23ce1dab4f1e3e60f4b40132ae08f7f
aaf818da871cbf069ba8c0f2a3a5ad1655dc588a10aab1b698ff7aba43b493ef

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Content-Length: 262
Connection: keep-alive
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:4$_ss:0$_st:1670176046621$ses_id:1670174204135%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22RhsTH4Zh5SrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22aXNKdks3UDZoSm4xa0g4Rw%3D%3DpIkJOttaLiVhhyWbWZCDOy2A7c9HgTJx40OC0_wfU34gpkeeIV3e9xKhqVtrTI7jm2vxj9e6IzDaE8ACjocIXl9b_tKnOjEO5WU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779046%7C6%7CMCAAMB-1670779046%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1365920265%7CMCOPTOUT-1670181446s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; SameSite=None; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=; ADRUM_BTa=R:27|g:df967ddf-7f2f-4865-8cfd-193c3ebc3e53|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:204; _cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:30 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 968
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-5caf3bd5-6c9c-4193-84cb-42f698be5b49' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/reporting/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:df967ddf-7f2f-4865-8cfd-193c3ebc3e53|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:204; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:e19cedb4-88bc-4098-8715-e65855ba7064; Expires=Sun, 04-Dec-2022 17:18:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:e19cedb4-88bc-4098-8715-e65855ba7064|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 04-Dec-2022 17:18:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 04-Dec-2022 17:18:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sun, 04-Dec-2022 17:18:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:55; Expires=Sun, 04-Dec-2022 17:18:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=2D9036AE365C86576CCCA19D7240793C; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Mon, 04-Dec-2023 17:17:30 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202212040917301233572848; domain=.wellsfargo.com; path=/; expires=1 Dec 2032 17:17:30 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!kUKkMwSSrxXYYUSlRSgBVljp+3g9lZagaGGek/VYiUHVtxsoOFtgb1fGP7stT/P5xw3Oi3PFnngQ0XY=; path=/; Httponly; Secure
DCID=AkZ1LQBe9mOj0V7FeBob8%2fOK0ckfnkP+2ZPwW7o6aMA%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:30 GMT;Httponly; Secure
_abck=0DC64DC16B74B23E0B17E42BDACBC440~-1~YAAQMa7dWO0hf3WEAQAAS5Uk3gm4JaF7Pz0UaZlVOoEUT7ATB1QWoBAaPyN65IGsxHY7yKqenRJbk+QkbTIqGAMCod/s+uU39tMZev+/ZzKrY63JSugT4yUdxIjzOkQo8q2z0g9Lrpa9gzcy+hmGswRZAqs/vGtI7dPQTcQKGyIUKp6ysHMp6lLbOLAPhazhqIVHv/TQmjYnbNl4HWVYLgBIpsJ7MxsOhjx4dw7PIRFE5i/rVz6SWO6+nEA2l+RweBiJCv14lWlTh11JqFahnswaUysQ6xU7o2GTj6qfmyZHhszTwjoCerNtX3oL0nkRNdS+zDc0bOnvyWSdeQp9cE09YfSVVXexrw6szkNJvl1+DC7Dw9erH1hPAgFBQFBKHA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:17:30 GMT; Max-Age=31536000; Secure
bm_sz=59BBEBEA1A38C58C8463E1D42B3210DE~YAAQMa7dWO4hf3WEAQAAS5Uk3hIaVyx1530b9llYaNRyEU/5I1v/hU3+wZbrg4hBa8j2Su54l5QM/8hmxj9fgngZmV6xOZMDz0yC3cCJUbNkukVUqiFtVANyAsjFKMzppaKT5Uqz0aFv+aRQW4Jb45O4e46GlH/ROJmiBXg6Mj6MAcgyigC4GjHYhtaqXxNYfSKn6NDuMrJNKVXeLU4ak67hVu2OwTLFHphgW/3oOwGAwTvpfh8zFiO11vClv4Cm+cRb+/5LeverKOvcRusVcBv43M2YDR3gy+3TS5d3QOyYtdOdpKD8~3621943~4343089; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:17:30 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:10 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd62a_bl21_14484-7986

adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=3392089476604;gtm=2od8g0;auiddc=1056214603.1670174206;u1=11202212040917261543587553;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.1642754925.1670174206;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F

142.250.74.162

200 OK

85 B

URL HTTP/2
adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=3392089476604;gtm=2od8g0;auiddc=1056214603.1670174206;u1=11202212040917261543587553;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.1642754925.1670174206;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
85 B (85 bytes)
Hash
4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb

HTTP Headers

GET /ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=3392089476604;gtm=2od8g0;auiddc=1056214603.1670174206;u1=11202212040917261543587553;u5=n;u8=WWW;u11=PRODUCTION;u19=GA1.2.1642754925.1670174206;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 17:17:30 GMT
expires: Sun, 04 Dec 2022 17:17:30 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/as/target/offers/dispositions

163.171.131.129

200 OK

969 B

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with very long lines (2438), with no line terminators
Size
969 B (969 bytes)
Hash
c5b6b72476aa94ea74f681adedf534f5
6ae58b03e8f2ea2dc01e2152ec6fddf8d5994d92
172f987c573e636d9c0e67da4c0b8fc759b5b20c45bc22a959a52f0064b1c299

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Content-Length: 265
Connection: keep-alive
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:4$_ss:0$_st:1670176046621$ses_id:1670174204135%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22RhsTH4Zh5SrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22aXNKdks3UDZoSm4xa0g4Rw%3D%3DpIkJOttaLiVhhyWbWZCDOy2A7c9HgTJx40OC0_wfU34gpkeeIV3e9xKhqVtrTI7jm2vxj9e6IzDaE8ACjocIXl9b_tKnOjEO5WU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779046%7C6%7CMCAAMB-1670779046%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1365920265%7CMCOPTOUT-1670181446s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; SameSite=None; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=; ADRUM_BTa=R:27|g:df967ddf-7f2f-4865-8cfd-193c3ebc3e53|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:204; _cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:30 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 969
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-e811abd7-a695-485a-a2d4-cc1feb24bd9c' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/reporting/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:df967ddf-7f2f-4865-8cfd-193c3ebc3e53|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:204; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:7b5556d7-6c46-4c0e-8711-f5c8ff06e624; Expires=Sun, 04-Dec-2022 17:18:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:7b5556d7-6c46-4c0e-8711-f5c8ff06e624|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 04-Dec-2022 17:18:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 04-Dec-2022 17:18:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sun, 04-Dec-2022 17:18:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:94; Expires=Sun, 04-Dec-2022 17:18:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=AB088298E4B55FCD00CE66B559EDA75D; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Mon, 04-Dec-2023 17:17:30 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120221204091730272026229; domain=.wellsfargo.com; path=/; expires=1 Dec 2032 17:17:30 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!d5ejNImepcUBa7ECM1DtwKm8Wrr898ANRASv5ShXCGmfhFSi0gi2+wsGqYG4Qk9LeFJTNGH6xBAR+64=; path=/; Httponly; Secure
DCID=Hn5nZZP5X0Xd12j1FeiGZDO4aanltFZX7XISzqInUe2Umsxb4VmmZr2tE%2ffeMGx2; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:30 GMT;Httponly; Secure
_abck=E89396D66649B0117DA729EF21DA5B1A~-1~YAAQIK7dWOKRHdiEAQAAm5Uk3gnXrvd7E0v6uYVKo6QgUNVNNh5G0fqGoL4ZyOCdaqeu1CQd8wsqgdyw28L97rAxj2I/jPb2CY7xjkCjztVN1ctG4VquUA3i03t35ptYHki+CdPogYvCuCR56jfTie7djjVcIxMF7y1m6Zg4ycAvlZscuLmrRfFuZFEpNjhGcSAODPUHQoK2qQx2N/vvxhsmj4E4TvfcBooEEJoiKcfIKJLMFu2pHMQXLKpSE/sdelnyYl9k00FnY7ZyMYV9B43Ny5T9hbGuLRwOuekFGdmeuAM/LQ3yANMcRM+CNsvPJgNHD6S6ZnLehxtWuLklskXjIzCyQ3Rfdn+3DQtj4d58jHnI9dwDOORr2pawZ8WLUQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:17:30 GMT; Max-Age=31536000; Secure
bm_sz=B4121CB0612DF70017E71A1BFC6D7368~YAAQIK7dWOORHdiEAQAAm5Uk3hKxoJmiReFyyaCpSnb9FRKx1QtPAV6m7MGpC/CsKcVA40Uy93ejQkuIYpldgMKjK3v3EckY3n4rEGpjq5iH8vdABqjjuXvAqrDnUF2NN6pnQqh8qm+3agx3eWOQyxG1xaqqMlykAPow7gcu6JdogVPhsxAb8GpHU4WrrTXLaLnJ4OlHB6Ph6I8gUtEtUpcxmmA9CRwVZs48ljgwxMYdnIajB5fdZsmMwXXkT/BaCoWItggkoHkAY6B2qQ0LqUwICf8l2Zrdrl9XxH5QBCp2ttcP5EVu~3621943~4343089; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:17:30 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:10 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd62a_bl21_14454-48132

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
663979bbd831a40bec8611cfac8d77af
aa43c96676a33100f244e6772e37adc2b6f89b76
60c21027da288e857f546b531dd226d81206bfa85a35985b0e1587a68dec4d5b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:17:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/as/target/offers/dispositions

163.171.131.129

200 OK

967 B

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with very long lines (2442), with no line terminators
Size
967 B (967 bytes)
Hash
a9f9f9de68e6aebab081e7a4341f029b
389ba7a642f6dcbc633cfbcc28a2f8e32decb2a8
a7ea8de8b5dc1869b393504796461cf6d32c03e5cf65530ae4fa79ad044ccad2

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Content-Length: 267
Connection: keep-alive
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:4$_ss:0$_st:1670176046621$ses_id:1670174204135%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22RhsTH4Zh5SrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22aXNKdks3UDZoSm4xa0g4Rw%3D%3DpIkJOttaLiVhhyWbWZCDOy2A7c9HgTJx40OC0_wfU34gpkeeIV3e9xKhqVtrTI7jm2vxj9e6IzDaE8ACjocIXl9b_tKnOjEO5WU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779046%7C6%7CMCAAMB-1670779046%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1365920265%7CMCOPTOUT-1670181446s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; SameSite=None; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=; ADRUM_BTa=R:27|g:df967ddf-7f2f-4865-8cfd-193c3ebc3e53|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:204; _cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:30 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 967
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-f5b3b1b1-352a-4639-8234-1a6f0b4acfbc' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/reporting/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:df967ddf-7f2f-4865-8cfd-193c3ebc3e53|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:204; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:9a923fe9-6d74-47bf-bcbf-74308f690715; Expires=Sun, 04-Dec-2022 17:18:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:9a923fe9-6d74-47bf-bcbf-74308f690715|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 04-Dec-2022 17:18:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 04-Dec-2022 17:18:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sun, 04-Dec-2022 17:18:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:95; Expires=Sun, 04-Dec-2022 17:18:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=18E80BCF40224C74D500E2808E886A5E; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Mon, 04-Dec-2023 17:17:30 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202212040917301301846366; domain=.wellsfargo.com; path=/; expires=1 Dec 2032 17:17:30 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!c+7tbNSA6lV7AyACM1DtwKm8Wrr89zRohXB10oxSD/y5V+tWOPU/RRLuM6LFH6hTHbJ5E9a5ugSAeA==; path=/; Httponly; Secure
DCID=E3TldvSQ8teSrre66pvkKF5hP3xjx9SZsP9HEDGGO6iKGDeDI2QxKJxGJeyW3K8K; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:30 GMT;Httponly; Secure
_abck=7EDCA5C188D6E9C8FCD40AC6CBDBE8EB~-1~YAAQMa7dWPohf3WEAQAAFJYk3gnmDk0JJsAdZh9tIQF5Dd1lxWelL3AQc6F6N43uLDQ/EvejGrMjtXnQx1o1tscW0GN5H+YgNDDipZpYKtzuCYiDFesPHDDeyzkQ9S4jblWJfw5Q/PyiI6CSHbDzk/aKfFKUKLg3Y68myrUpo4Be5prvhuQ1g5WvDTYzC15dTD1t96jrYcfdr6SOl4cq+BxMMnfVJs5Q2TDD61EvL0EWruDoaLjoLbRN53PMD8NiC50Dql5o1d8+RnfB6yWH6d3p8PRVK63HStuPr/pdmEUPlNxkE/KY4GuI8TIdt0yS/Y+UKetsit92XW5befFyQC4JREJ1og0riz4gf1xDby2Kon2gFJk15WCny9aZyCbV6A==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:17:30 GMT; Max-Age=31536000; Secure
bm_sz=EB245F8E0F93128E34AC6BD4EB534B25~YAAQMa7dWPshf3WEAQAAFJYk3hJkez0iqhKjNRSdzgQ/Uk2dL3ggB0sOCzMzX3uCOixjilAQweQsQXs3JRXHF2PqRhLnqYwaDumef67riU9sIr6rhMYC4HbOpbIQ46TIBzTFTazcIKIB+LPxJbF1th7b3KqnbFHgoUstae+8+u7aaS3jThz2W1nRAQqLg5o/b/E1jzQs1CH+lUk3e0pcB6kvMrX3Q38qxx2NPf4KxgObITCbfEo//JGrp9KYCfCaZc8Lq5EASBnX0rpEsjkpY71EfA0nQ6mhsZOcHVL/fI7LKDEcdn9f~3621943~4343089; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:17:30 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:10 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd62a_bl21_14454-48146

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/as/target/offers/dispositions

163.171.131.129

200 OK

970 B

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with very long lines (2439), with no line terminators
Size
970 B (970 bytes)
Hash
18b75f56a86e9442b7af906c8967e917
08c5a5416be0aa898a0beeff36a3c83b68bc9115
ccd41a283ca671b07cbcebeb93feaea49a5cf12bb7cc1d060c810d86d90cd51c

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Content-Length: 264
Connection: keep-alive
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:4$_ss:0$_st:1670176046621$ses_id:1670174204135%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22RhsTH4Zh5SrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22aXNKdks3UDZoSm4xa0g4Rw%3D%3DpIkJOttaLiVhhyWbWZCDOy2A7c9HgTJx40OC0_wfU34gpkeeIV3e9xKhqVtrTI7jm2vxj9e6IzDaE8ACjocIXl9b_tKnOjEO5WU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779046%7C6%7CMCAAMB-1670779046%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1365920265%7CMCOPTOUT-1670181446s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; SameSite=None; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=; ADRUM_BTa=R:27|g:df967ddf-7f2f-4865-8cfd-193c3ebc3e53|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:204; _cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:30 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 970
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-86f74826-050b-4237-9eb0-37426e79591c' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/reporting/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:df967ddf-7f2f-4865-8cfd-193c3ebc3e53|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:204; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:474f6c27-8a3a-4b14-a3bd-6e93b906e742; Expires=Sun, 04-Dec-2022 17:18:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:474f6c27-8a3a-4b14-a3bd-6e93b906e742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 04-Dec-2022 17:18:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 04-Dec-2022 17:18:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sun, 04-Dec-2022 17:18:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:87; Expires=Sun, 04-Dec-2022 17:18:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=F2895973B7E5FADC62331B4C907DCE56; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Mon, 04-Dec-2023 17:17:30 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202212040917301590747483; domain=.wellsfargo.com; path=/; expires=1 Dec 2032 17:17:30 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!+1mXkQDm8TJdUTFM7jMSAF8jYk3iBlTzJvzBu7ijHv86zOL/9/h3AybtwKniB5gR1zDb7je2n4Am+F8=; path=/; Httponly; Secure
DCID=bzrOVa3JJXIQbvxJLa63sHsiKLBNsobWLV9XGv2MQ42XcZkbF9frvvWPq5YQ23%2f4; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:30 GMT;Httponly; Secure
_abck=D228DCA1C264641519363E630883C72F~-1~YAAQIK7dWOeRHdiEAQAALpYk3glwAjiRInaVWawZ7ZZ3XfU6Dg420TUgZAmnxJ+uiqAoFa1929igqKBQiTH/8eKNoDi0u4ZYuy5i/rux6hZAVAnYrTTR793axsQhDx1conPAHBA3YYTrziedSn5yA0hz59Lij1oAGUg/WnVjUL/Fol35nwdhngxZa6XcGtNqZKgWuYElXHIw73STxIEJ/ijf5dU7WHObY0U3xVkItAK1HR61ExclYkH2CLQNrakjYqCzfNnoyObBqNK76AinahadEfz300XQNnukrPkCRTGiRGZc+XhKqW1p9IKbjyBpaCpsXPx1vVCLfPC5cJsU2hwU5HFK4igCHGcicXzD0V9BLXydGGTrlKfaqqFCt6oC7A==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:17:30 GMT; Max-Age=31536000; Secure
bm_sz=233A28B28DDF50F09639A912B1161ED4~YAAQIK7dWOiRHdiEAQAALpYk3hLdZngV90ESBo6fZkhGObdx1vbPfRbz8yqGlX8RsnYkjVG0cb5w/1RRfOYOMJPuXd9xE26XMOPbCmW65k4sX6kawnRhVCEYy944GjnR5i1uCzqt89GbL3rEemapcApc8Pew7jsI+yzeijOrI8GYRkKElc30H5jhUSUJj73pRz3ZO4O9hfyaLDYBeRTFbeFVx+UbfXDRnuE4tmgpAzhcePLo5SRfUYdo635bzt5VM1b/q/nE7Jzmrshbf4ZIwZfpmacwa16uVLUDsFyFo2UILmGLUVjV~3621943~4343089; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:17:30 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:10 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd62a_bl21_14328-47958

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
33002e87ed87cec83ec76bdfe55cb33a
a2dafcefab949833412ab20508096c9974b9e359
f73d30247eb325d9dc9531381224e8942b39b56c264ade1618855f1fad9eda2a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4657
Cache-Control: max-age=158467
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:17:30 GMT
Etag: "638c8bfc-1d7"
Expires: Tue, 06 Dec 2022 13:18:37 GMT
Last-Modified: Sun, 04 Dec 2022 12:01:00 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0

31.13.72.36

200 OK

0 B

URL HTTP/2
www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0
IP
31.13.72.36:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin: 
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Sun, 04 Dec 2022 17:17:30 GMT
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:17:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/collect?v=1&_v=j92&aip=1&a=1650119210&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=wCCACUALB~&jid=&gjid=&cid=1642754925.1670174206&tid=UA-107148943-1&_gid=505132508.1670174206&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=11202212040917261543587553&cd12=BROWSER&cd22=hp&cd23=4.48.0&gtm=2ou8g0&cd35=1642754925.1670174206&z=1822012385

142.250.74.14

200 OK

35 B

URL HTTP/2
www.google-analytics.com/collect?v=1&_v=j92&aip=1&a=1650119210&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=wCCACUALB~&jid=&gjid=&cid=1642754925.1670174206&tid=UA-107148943-1&_gid=505132508.1670174206&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=11202212040917261543587553&cd12=BROWSER&cd22=hp&cd23=4.48.0&gtm=2ou8g0&cd35=1642754925.1670174206&z=1822012385
IP
142.250.74.14:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /collect?v=1&_v=j92&aip=1&a=1650119210&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=wCCACUALB~&jid=&gjid=&cid=1642754925.1670174206&tid=UA-107148943-1&_gid=505132508.1670174206&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=11202212040917261543587553&cd12=BROWSER&cd22=hp&cd23=4.48.0&gtm=2ou8g0&cd35=1642754925.1670174206&z=1822012385 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Sun, 04 Dec 2022 07:38:03 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 34767
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:17:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:17:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2dabd839729e9b0fb2558253d850126b
64f617aa0afb52168ef3519a4cf9829ac61ee007
1a47e4d0efdac6fbec990e3e168bfdfe615ff8953158773e8b1940d4d91eee18

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:17:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
33002e87ed87cec83ec76bdfe55cb33a
a2dafcefab949833412ab20508096c9974b9e359
f73d30247eb325d9dc9531381224e8942b39b56c264ade1618855f1fad9eda2a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3851
Cache-Control: max-age=157661
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:17:30 GMT
Etag: "638c8bfc-1d7"
Expires: Tue, 06 Dec 2022 13:05:11 GMT
Last-Modified: Sun, 04 Dec 2022 12:01:00 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

www.google-analytics.com/collect?v=1&_v=j92&aip=1&a=1650119210&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&ec=Internal%20Promotions&ea=impressions&el=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&_u=yCCACUALB~&jid=&gjid=&cid=1642754925.1670174206&tid=UA-107148943-1&_gid=505132508.1670174206&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=11202212040917261543587553&cd12=BROWSER&cd22=hp&cd23=4.48.0&gtm=2ou8g0&cd35=1642754925.1670174206&promo1id=C_chk_everydaycheckingrspv_hpprimary&promo1nm=C_chk_everydaycheckingrspv_hpprimary&promo1cr=en&promo1ps=WF_CON_HP_PRIMARY_BNR&promo2id=C_oth_collegestepsrspv_smlprimary&promo2nm=C_oth_collegestepsrspv_smlprimary&promo2cr=en&promo2ps=WF_CON_HP_SML_PRIMARY&promo3id=C_ccd_findcreditcardrspv_smlprimary&promo3nm=C_ccd_findcreditcardrspv_smlprimary&promo3cr=en&promo3ps=WF_CON_HP_SML_PRIMARY&promo4id=C_mtg_prequalificationbrspv_smlprimary&promo4nm=C_mtg_prequalificationbrspv_smlprimary&promo4cr=en&promo4ps=WF_CON_HP_SML_PRIMARY&promo5id=C_ccd_tk1activecashlaunchrspv_lpromo&promo5nm=C_ccd_tk1activecashlaunchrspv_lpromo&promo5cr=en&promo5ps=WF_CON_HP_LRG_PROMO&promo6id=C_oth_managespending_smlpromo&promo6nm=C_oth_managespending_smlpromo&promo6cr=en&promo6ps=WF_CON_HP_SML_PROMO&promo7id=C_oth_financialtoolkit_smlpromo&promo7nm=C_oth_financialtoolkit_smlpromo&promo7cr=en&promo7ps=WF_CON_HP_SML_PROMO&promo8id=C_oth_homepurchase_smlpromo&promo8nm=C_oth_homepurchase_smlpromo&promo8cr=en&promo8ps=WF_CON_HP_SML_PROMO&z=1659360226

142.250.74.14

200 OK

35 B

URL HTTP/2
www.google-analytics.com/collect?v=1&_v=j92&aip=1&a=1650119210&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&ec=Internal%20Promotions&ea=impressions&el=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&_u=yCCACUALB~&jid=&gjid=&cid=1642754925.1670174206&tid=UA-107148943-1&_gid=505132508.1670174206&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=11202212040917261543587553&cd12=BROWSER&cd22=hp&cd23=4.48.0&gtm=2ou8g0&cd35=1642754925.1670174206&promo1id=C_chk_everydaycheckingrspv_hpprimary&promo1nm=C_chk_everydaycheckingrspv_hpprimary&promo1cr=en&promo1ps=WF_CON_HP_PRIMARY_BNR&promo2id=C_oth_collegestepsrspv_smlprimary&promo2nm=C_oth_collegestepsrspv_smlprimary&promo2cr=en&promo2ps=WF_CON_HP_SML_PRIMARY&promo3id=C_ccd_findcreditcardrspv_smlprimary&promo3nm=C_ccd_findcreditcardrspv_smlprimary&promo3cr=en&promo3ps=WF_CON_HP_SML_PRIMARY&promo4id=C_mtg_prequalificationbrspv_smlprimary&promo4nm=C_mtg_prequalificationbrspv_smlprimary&promo4cr=en&promo4ps=WF_CON_HP_SML_PRIMARY&promo5id=C_ccd_tk1activecashlaunchrspv_lpromo&promo5nm=C_ccd_tk1activecashlaunchrspv_lpromo&promo5cr=en&promo5ps=WF_CON_HP_LRG_PROMO&promo6id=C_oth_managespending_smlpromo&promo6nm=C_oth_managespending_smlpromo&promo6cr=en&promo6ps=WF_CON_HP_SML_PROMO&promo7id=C_oth_financialtoolkit_smlpromo&promo7nm=C_oth_financialtoolkit_smlpromo&promo7cr=en&promo7ps=WF_CON_HP_SML_PROMO&promo8id=C_oth_homepurchase_smlpromo&promo8nm=C_oth_homepurchase_smlpromo&promo8cr=en&promo8ps=WF_CON_HP_SML_PROMO&z=1659360226
IP
142.250.74.14:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /collect?v=1&_v=j92&aip=1&a=1650119210&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&ec=Internal%20Promotions&ea=impressions&el=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&_u=yCCACUALB~&jid=&gjid=&cid=1642754925.1670174206&tid=UA-107148943-1&_gid=505132508.1670174206&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=11202212040917261543587553&cd12=BROWSER&cd22=hp&cd23=4.48.0&gtm=2ou8g0&cd35=1642754925.1670174206&promo1id=C_chk_everydaycheckingrspv_hpprimary&promo1nm=C_chk_everydaycheckingrspv_hpprimary&promo1cr=en&promo1ps=WF_CON_HP_PRIMARY_BNR&promo2id=C_oth_collegestepsrspv_smlprimary&promo2nm=C_oth_collegestepsrspv_smlprimary&promo2cr=en&promo2ps=WF_CON_HP_SML_PRIMARY&promo3id=C_ccd_findcreditcardrspv_smlprimary&promo3nm=C_ccd_findcreditcardrspv_smlprimary&promo3cr=en&promo3ps=WF_CON_HP_SML_PRIMARY&promo4id=C_mtg_prequalificationbrspv_smlprimary&promo4nm=C_mtg_prequalificationbrspv_smlprimary&promo4cr=en&promo4ps=WF_CON_HP_SML_PRIMARY&promo5id=C_ccd_tk1activecashlaunchrspv_lpromo&promo5nm=C_ccd_tk1activecashlaunchrspv_lpromo&promo5cr=en&promo5ps=WF_CON_HP_LRG_PROMO&promo6id=C_oth_managespending_smlpromo&promo6nm=C_oth_managespending_smlpromo&promo6cr=en&promo6ps=WF_CON_HP_SML_PROMO&promo7id=C_oth_financialtoolkit_smlpromo&promo7nm=C_oth_financialtoolkit_smlpromo&promo7cr=en&promo7ps=WF_CON_HP_SML_PROMO&promo8id=C_oth_homepurchase_smlpromo&promo8nm=C_oth_homepurchase_smlpromo&promo8cr=en&promo8ps=WF_CON_HP_SML_PROMO&z=1659360226 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Sun, 04 Dec 2022 07:38:03 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 34767
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google-analytics.com/collect?v=1&_v=j92&aip=1&a=1650119210&t=timing&_s=3&dl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&plt=2404&pdt=2&dns=398&srt=386&tcp=157&dit=1608&clt=1624&_gst=3239&_gbt=3486&_cst=1664&_cbt=3134&_u=yCCACUALB~&jid=&gjid=&cid=1642754925.1670174206&tid=UA-107148943-1&_gid=505132508.1670174206&gtm=2ou8g0&z=1728820898

142.250.74.14

200 OK

35 B

URL HTTP/2
www.google-analytics.com/collect?v=1&_v=j92&aip=1&a=1650119210&t=timing&_s=3&dl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&plt=2404&pdt=2&dns=398&srt=386&tcp=157&dit=1608&clt=1624&_gst=3239&_gbt=3486&_cst=1664&_cbt=3134&_u=yCCACUALB~&jid=&gjid=&cid=1642754925.1670174206&tid=UA-107148943-1&_gid=505132508.1670174206&gtm=2ou8g0&z=1728820898
IP
142.250.74.14:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /collect?v=1&_v=j92&aip=1&a=1650119210&t=timing&_s=3&dl=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&plt=2404&pdt=2&dns=398&srt=386&tcp=157&dit=1608&clt=1624&_gst=3239&_gbt=3486&_cst=1664&_cbt=3134&_u=yCCACUALB~&jid=&gjid=&cid=1642754925.1670174206&tid=UA-107148943-1&_gid=505132508.1670174206&gtm=2ou8g0&z=1728820898 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Sun, 04 Dec 2022 07:38:03 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 34767
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1670174247119&cv=9&fst=1670174247119&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1

142.250.74.66

302 Found

42 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1670174247119&cv=9&fst=1670174247119&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1
IP
142.250.74.66:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/viewthroughconversion/984436569/?random=1670174247119&cv=9&fst=1670174247119&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 17:17:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-user-list/984436569/?random=1670174247119&cv=9&fst=1670173200000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--5e49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=235685367&resp=GooglemKTybQhCsO
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 04-Dec-2022 17:32:30 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:17:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2dabd839729e9b0fb2558253d850126b
64f617aa0afb52168ef3519a4cf9829ac61ee007
1a47e4d0efdac6fbec990e3e168bfdfe615ff8953158773e8b1940d4d91eee18

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 17:17:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip

163.171.131.129

200 OK

164 B

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
164 B (164 bytes)
Hash
8fb75d1841a10ab1188846d70e658e27
2f738c57b38af672f4c16f87f067150566d0c9b2
614b964cdf8e9761113908613880ef86ccaf4335b9de7a367dadea616f5bdf9b

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company
fortinet	Phishing

HTTP Headers

POST /dti_apg/api/dip/v1/dip HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
ADRUM: isAjax:true
Content-Length: 2040
Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:4$_ss:0$_st:1670176046621$ses_id:1670174204135%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22RhsTH4Zh5SrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22aXNKdks3UDZoSm4xa0g4Rw%3D%3DpIkJOttaLiVhhyWbWZCDOy2A7c9HgTJx40OC0_wfU34gpkeeIV3e9xKhqVtrTI7jm2vxj9e6IzDaE8ACjocIXl9b_tKnOjEO5WU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779046%7C6%7CMCAAMB-1670779046%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1365920265%7CMCOPTOUT-1670181446s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; SameSite=None; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=; _cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; LSESSIONID=eyJpIjoiQ2JCcjFtV3ZNXC9cL2FGbTB6bGFXZERRPT0iLCJlIjoiMXY4WlwvSjYrVlVjNytsTFJiSXVBajRaeDZkTzFvcU5HQlU0cnFPZXlaWEpyZ1JxMGZZQk1QcXJjYktJYUxVcW5EbndwUGNMT3BYZWgrS05pRUhzSUxFaDRYaENzaTJkUndrTlwvZGI1c1dEU3NZT0ZzejVsc2RkN1pWbFJcL21obUdLREhwYXdEUys4Q1Rpb2JHdFwvb0h2QT09In0%3D.dbea64e1f62037f1.NzM4N2QyMzNmOGI0MGM1NmU1MzMzYjI1M2JhZWRjNTNmNTQ4ODBjNGU5MjRmMWE4ZmVmYjMzMWYzYWI1NjEyYw%3D%3D; ISD_WCM_COOKIE=!c+7tbNSA6lV7AyACM1DtwKm8Wrr89zRohXB10oxSD/y5V+tWOPU/RRLuM6LFH6hTHbJ5E9a5ugSAeA==; ADRUM_BTa=R:27|g:9a923fe9-6d74-47bf-bcbf-74308f690715|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:95
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:30 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 164
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
x-envoy-upstream-service-time: 26
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=gYywYB%2fZJGE5AELq1KH1Y48ytS%2fTrQ%2fdoSr1hEEXBN4lTWvDdnrBcb2P%2fHr3WPOq; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:30 GMT;Httponly; Secure
_abck=2AA604BA5F2AB0F3D7210344F3A5A902~-1~YAAQIK7dWPiRHdiEAQAAypck3gkHypZRhjQTN6VUPLF0/CdWUXA8KQNrt9CFYGWN4zSZZiJrdWHHlJjhb55T5f1he4vyZpZyL40teNHB0GezCXH2Fsq7BLrRJWW0qGrdPNma4RlV/mVlnuYFCZ/7PBpBFs91SUhjPCKE7x2C6qOOGCoam8yD+ajB/MZ8o8S2CCYAJ736O3tBNLobPXLA6nWVJWHIdlZWmxIdkitQh50jTM4CCn+btdvQvcaJ8qVgc4HDErZ/wWD82VXsKnyyGxD7f39Vv9+mP/LCq7RsmZHNjufxrcvwH+J+6jfMp25u5lXVU2J8ZayXlM8B/ArFKyHa9WpJBENR/qTOBQe/h+jDZxXpAch3Ud3aL3k7mw/xhw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:17:30 GMT; Max-Age=31536000; Secure
bm_sz=945933353C88E54947CDA6EC0A123C03~YAAQIK7dWPmRHdiEAQAAypck3hL/sFtLX0s8EirNBqhCKDBXYbLgQ5a35san2bIbNMMEg6HfxC57sP+zLA1U4mjU0FvvWTWGLaXLTwZObQaYg+h0D7WWZuPZZNyuSo7t0dT8FNh6XXGHUNa+XzMpo+s6EhCRaKW0pfKo9LZRkxFK4qAq0poUm3HdBQmgY0a3Sb+sGIuBkUBXYq87fAj4M3JqoSOvlIR7k+q5jPVm01ymxUQ1NIfaE5gZpaDtxkr8isGO13ptsB6SpIMrKBCniedGnBg9+nXEvOxAvhPIXTcW85kIMfYG~3621943~4343089; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:17:30 GMT; Max-Age=14400
X-Via: 1.1 bl22:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd62a_bl21_14229-37160

www--wellsfargo--com--5e49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load

163.171.131.129

200 OK

265 B

URL HTTP/1.1
www--wellsfargo--com--5e49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
IP
163.171.131.129:0
ASN
#54994 QUANTILNETWORKS

File type
JSON data\012- , ASCII text, with no line terminators
Size
265 B (265 bytes)
Hash
a9450864e4ea3702e8ddc035f04563f8
44129c43d28e426674ea54e73c9d655b9bac7f3a
b16d869cee36495014ea393df7c69dc2de74f0953dc582cadf3db9aee08a8181

Detections

Analyzer	Verdict	Alert
openphish	Wells Fargo & Company

HTTP Headers

POST /dti_apg/api/imp/v1.0/report/?m&fq=load HTTP/1.1
Host: www--wellsfargo--com--5e49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
content-type: text/plain;charset=UTF-8
Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Content-Length: 1424
Connection: keep-alive
Cookie: utag_main=v_id:0184de23e0e6009d3dba270149a000050003700900918$_sn:1$_se:4$_ss:0$_st:1670176046621$ses_id:1670174204135%3Bexp-session$_pn:2%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTURXY01u0HJ8Cmquk3Nt6EBTYODyDmY92MUxQGtoao%3D%22%2C%22_s%22%3A%22RhsTH4Zh5SrPHTTdzw1BmH7%2BF%2BOk6x2j1XsF9AaHqYES%22%2C%22c%22%3A%22aXNKdks3UDZoSm4xa0g4Rw%3D%3DpIkJOttaLiVhhyWbWZCDOy2A7c9HgTJx40OC0_wfU34gpkeeIV3e9xKhqVtrTI7jm2vxj9e6IzDaE8ACjocIXl9b_tKnOjEO5WU%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A10000%2C%22fr%22%3A%22G5vNCnVy6bsPvw4OMs4flA%3D%3DuTP2kSBcQhdt59lZrC7pcos0n5maQgPrRD0d1XsIlCvNyuyfwr9zbIVzSZnpZSVVnp_KBBtxM4Kj0pRaDlUzLXOzqaLDq-mSJH4Emc5wLoiQ3g7tTI7pw_24kOj_vhuMzLZ7-cHLz4EqvEzm5bfvBnpxCeMqh9bytnGUv4WwskiT8Up4EaVkZA8p%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRCPWe7xqn1H0P80A%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C73297843820505482512322520975958523310%7CMCAAMLH-1670779046%7C6%7CMCAAMB-1670779046%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C1365920265%7CMCOPTOUT-1670181446s%7CNONE%7CvVersion%7C5.2.0; _cls_v=fdadce14-35e9-4222-b1df-4837b5b6968c; _gcl_au=1.1.1056214603.1670174206; _ga=GA1.2.1642754925.1670174206; _gid=GA1.2.505132508.1670174206; _gat_gtag_UA_107148943_1=1; ndsid=ndsaa1y8k7q1ebolb9mlljx; _imp_di_pc_=AQHWjGMAAAAAdh7CzeYVwhElBBTt90FY; SameSite=None; ISD_WWWAF_COOKIE=!J3rzs35h5V7LScr3y5H3Mr4eY+e13bHGy9GvEIaaLTVLwEBEZiLfk7BWVBreDv14VBrNcGaPAxMjxVw=; _cls_s=e984b7d7-e408-4862-8c3d-5c40d05be145:1; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; LSESSIONID=eyJpIjoiQ2JCcjFtV3ZNXC9cL2FGbTB6bGFXZERRPT0iLCJlIjoiMXY4WlwvSjYrVlVjNytsTFJiSXVBajRaeDZkTzFvcU5HQlU0cnFPZXlaWEpyZ1JxMGZZQk1QcXJjYktJYUxVcW5EbndwUGNMT3BYZWgrS05pRUhzSUxFaDRYaENzaTJkUndrTlwvZGI1c1dEU3NZT0ZzejVsc2RkN1pWbFJcL21obUdLREhwYXdEUys4Q1Rpb2JHdFwvb0h2QT09In0%3D.dbea64e1f62037f1.NzM4N2QyMzNmOGI0MGM1NmU1MzMzYjI1M2JhZWRjNTNmNTQ4ODBjNGU5MjRmMWE4ZmVmYjMzMWYzYWI1NjEyYw%3D%3D; ISD_WCM_COOKIE=!+1mXkQDm8TJdUTFM7jMSAF8jYk3iBlTzJvzBu7ijHv86zOL/9/h3AybtwKniB5gR1zDb7je2n4Am+F8=; ADRUM_BTa=R:27|g:474f6c27-8a3a-4b14-a3bd-6e93b906e742|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:87
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 17:17:32 GMT
Content-Type: text/plain
Content-Length: 265
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=TL9JTuT0dajNfDW42qqsp9npQAPAjc1Lx52+ZNWX4w+EH1+I0COamYUA4l43NSo7; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:31 GMT;Httponly; Secure
_abck=D53EE5EABA84B68A7447DD2810BAA188~-1~YAAQMa7dWIIif3WEAQAA3Z0k3gm+YVqUkYB7adaeCaVJofMDUPR30ndgx0UkESxoRf6dq/6GdMQCwMnPQIdmX4z7BqF24OaH/dGjS+4Fao55wKturoax3ZpwsNHdB1zDUjxXlYxIK0Aby524x6+zVPwW08aHjMshWrpK3qwPRZccvai/KBl1h4cB+pW01wkcq1MfJWD9vhCSyggapNf1J+pbSl5kgrt5ak+GUi+LC8lAJmdeBL1X8FHSoUVEb+Y5A719HgdDtumr0kMDZtFu5RA0jRPR7D05o2LeOZGWZ8FRpKvXbqKZQp12MZAArb3zSPrfOszBVmb9tIvdOeYwEWPc1k8keCO5nTMfQTIV/dK6dXHIq3KmBcs/2Bvcx+gatw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 04 Dec 2023 17:17:32 GMT; Max-Age=31536000; Secure
bm_sz=70EB848472E35D31850CCD041C74C563~YAAQMa7dWIMif3WEAQAA3Z0k3hLpC/jr/Pksq1D0TwYkF7GL8QX9sUPzp+70dV87cunc+PISoWyhCPqSTyNA9DzeT3AKQEzlM+9m33I/qZxF8OC48PtbqwsQCPXOGzgiErWofu2F6ViTBmNXEHl6zhK68ddOIFe9C05+/I6+TzP3HwXzPX8uELsC5UBUiVdrdlnbLUdI6FJ20h5JXkSzVwvVj8ApMzNe1IpBguP0WVxD6U8IMQ2FfhkBJxL8eIwVNhVLbBkT/FeT3bGhzJrGx4QwckULLftHRNIov33N0cPcAeachsa4~4469829~4470834; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 21:17:31 GMT; Max-Age=14399
X-Via: 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 638cd62b_bl21_14229-37243

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3af2e495-85ff-410f-8418-e683c7f84bcd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7728 bytes)
Hash
027480c06cd67621f373c6765dafee4d
9f80bb7ca6f699d88eaec2248dec508c589fe994
f69a0d6bd6e79d8fa7f2f15df11237c0a8b04d45af3cd5870eeef86d18f553bf

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3af2e495-85ff-410f-8418-e683c7f84bcd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 7728
x-amzn-requestid: 9f37e7a6-1f00-4a81-9b14-962fd0b6cdf4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMEJxoAMFchQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-4a4cce217327b44525ea1e98;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ztC4S0WeA3ft_9JafrL6fInXo4jwkb0cTWUx4Z8L2uz3EWQS-d6F5A==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 22:08:25 GMT
age: 68950
etag: "9f80bb7ca6f699d88eaec2248dec508c589fe994"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50

34.211.174.193

200 OK

0 B

URL HTTP/2
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
IP
34.211.174.193:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 17:17:29 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2

pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51

34.211.174.193

200 OK

0 B

URL HTTP/2
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
IP
34.211.174.193:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 17:17:29 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2

pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum

34.211.174.193

200 OK

0 B

URL HTTP/2
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP
34.211.174.193:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 11423
Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 17:17:30 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:55|g:9a63c13a-6024-4ae6-820b-a782b58573d4;Path=/;Expires=Sun, 04-Dec-2022 17:18:00 GMT;Max-Age=30
ADRUM_BTa=R:55|g:9a63c13a-6024-4ae6-820b-a782b58573d4|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e;Path=/;Expires=Sun, 04-Dec-2022 17:18:00 GMT;Max-Age=30
SameSite=None;Path=/;Expires=Sun, 04-Dec-2022 17:18:00 GMT;Max-Age=30;Secure
ADRUM_BT1=R:55|i:559461;Path=/;Expires=Sun, 04-Dec-2022 17:18:00 GMT;Max-Age=30
ADRUM_BT1=R:55|i:559461|e:3;Path=/;Expires=Sun, 04-Dec-2022 17:18:00 GMT;Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2

connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.4856c00bca7b11d138e6.chunk.js

95.101.10.194

200 OK

0 B

URL HTTP/1.1
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.4856c00bca7b11d138e6.chunk.js
IP
95.101.10.194:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /accounts/static/7M/accounts/public/js/wfui.4856c00bca7b11d138e6.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5e49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 310426
Last-Modified: Mon, 14 Nov 2022 19:22:52 GMT
Vary: Accept-Encoding
ETag: "6372958c-4bc9a"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Sun, 04 Dec 2022 17:17:29 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=0JLD3YRiM1wX9UQy1PHxLVq1Asi3iMQ8Izyc9HQ0YaTT%2f+u2XLNMqDygZDcraRSF; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 04 Dec 2022 17:32:28 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (31)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations