ocsp.dcocsp.cn/
47.246.44.231 471 B IP 47.246.44.231:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 3d25d4accc054841904c210030f2765b
5586a01c7f26c3f1b55ffe41fe5ae219492a5334
733dd1e500076a819ae487f05161dd050d436d49a72c1d11e5c58760ef008bcf
POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Fri, 02 Jun 2023 10:49:47 GMT
Ali-Swift-Global-Savetime: 1685702987
Via: cache21.l2de2[5,5,200-0,M], cache11.l2de2[7,0], cache2.se1[0,0,200-0,H], cache2.se1[1,0]
Age: 140
X-Cache: HIT TCP_MEM_HIT dirn:3:166987796
X-Swift-SaveTime: Fri, 02 Jun 2023 10:49:47 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: 2ff62c9616857031278695879e
www--wellsfargo--com--2449329d48d6c.wsipv6.com/
163.171.132.220200 OK 19 kB URL User Request GET HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (731), with CRLF line terminators
Hash 2c066d24e24c9351fa234f6dc702a483
7b5af12ef72f6420b3dea14f2b00c47ea90bf563
b0a30393b079662d96ad9f1c4df472e6c46572270b843d903508dee0595bdd70
Analyzer Verdict Alert openphish Wells Fargo & Company
GET / HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:08 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 18834
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; prefetch-src 'self' *.wellsfargo.com *.wellsfargomedia.com; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://resources.digital-cloud-prem.medallia.com https://www.knotch-cdn.com https://www.units.knotch.it https://*.knotch.it/; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.ads.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://www.linkedin.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://*.mworld.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://www.units.knotch.it; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-b4cdcf20-0471-42fb-9b1c-0476c05def4e' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.ads.linkedin.com https://www.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Language: en-US
X-Akamai-Transformed: 9 18764 0 pmb=mTOE,1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:0e76090a-eeef-45f5-9dae-ba02c903eb31; Expires=Fri, 02 Jun 2023 10:52:38 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:0|g:0e76090a-eeef-45f5-9dae-ba02c903eb31|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 10:52:38 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 10:52:38 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894; Expires=Fri, 02 Jun 2023 10:52:38 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:82; Expires=Fri, 02 Jun 2023 10:52:38 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=1120230602035208241008306; domain=.wellsfargo.com; path=/; expires=30 May 2033 10:52:08 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=; path=/; Httponly; Secure
DCID=rcqoDBlLAAOdGJa+aVkrcos5KFoetBZimivd8iDfVWo%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:07 GMT;Httponly; Secure
_abck=8C17C09436FF07F0ACDBD9A6B85850EA~-1~YAAQ4KDVF1gPuXiIAQAAAHW8ewnHCO6vMOCFa25SrVFY46l9wGz7HQX2AMEyR4Io3pKQJkCjmpJ5DkUB/lfhmFSZySTieqRVdmXw0oKaefJH6dN+DShny3sFgnTC3KEB/JOkgYlprpCV3ZcY6ensM9lm/xq7Atv2ufATTgEa0Ki/IhhckhYr+Y7RKlPGEMO8Eexv0+zfee8RRsLl0fwpH7KLlnv+1H4qL66fAaTcFFpHXc0hApi/numhTT9OWDG5dPpAldQGn1jHpsZzIqX17Bbm32mvsufWwANK2toevdp1jwkG3UfjhocGMBy9FXpb3sjaDiFYdDamG3e6ZPGoda9eDAkeu6864n7hY331c3siwgMPrMp4ZgQrpUVyq4AU~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:52:08 GMT; Max-Age=31536000; Secure
bm_sz=49C24FAD9938B76E54DCA40905AEBED8~YAAQ4KDVF1kPuXiIAQAAAHW8exNew6my7NxGCfK1LVTX0p8Ry3qhVZQP+zWw6hKdWTI1pCgaJThfRbpYPDbE8cQ9C2BelhbxVkq/4RAvmqaYxMxE539SJ19/7yXGHFKTme5kqV1Djlh+gaUnAGR2w1wV1LlYa9utjwADubqajpJNhJ8TzHzERuxMaeUdwaZ5cJW9YwHkCYCuB0ygLl/9Mf/496KZwDjrQghn5yvyQfkiajQi939Hw0cX1dYLJqGpDbPzX2bDODmTU44X5skaxAhsCvQRJXA+EHvdugZfwqI2ZIEZvcDw~4342583~3618873; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:52:07 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9d7_kf182_7810-10592
static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
23.36.79.26200 OK 16 kB URL GET HTTP/1.1 static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
IP 23.36.79.26:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (45298)
Hash 308e427d5e59a148900bf524ecd5829a
73baa209d84f2d15c88606b28280d2121efd878c
c15cbdeb4d6f20c36afa165203fc74d9ee00c6d77954971b0e1ba2e5ec222b07
GET /assets/js/wfui/container/wfui-container-bottom.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 07 Mar 2023 21:05:06 GMT
Vary: Accept-Encoding
ETag: W/"6407a702-b125"
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15731
Date: Fri, 02 Jun 2023 10:52:08 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Y5KLqLpqOdA+UwoGtAAiUA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
104.110.27.78200 OK 26 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 1f8dadb2c78b667abbb3e1869fb823fd
7ac507de2102b9198b6590d339ed4ebbe5a4db27
c19b0b9b383a1efa5a50fe1c6e48fa46e03512e47666e17cfab1c7bb77c182ef
GET /assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "62057fd1-14ef3"
last-modified: Thu, 20 Apr 2023 01:31:58 GMT
server: Akamai Image Manager
x-serial: 1294
x-check-cacheable: YES
content-length: 25648
content-type: image/avif
cache-control: private, no-transform, max-age=1175936
expires: Fri, 16 Jun 2023 01:31:04 GMT
date: Fri, 02 Jun 2023 10:52:08 GMT
X-Firefox-Spdy: h2
static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
23.36.79.26200 OK 901 B URL GET HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
IP 23.36.79.26:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (1952), with no line terminators
Hash e7cf4c458b327ab7ed31e0936ccd404f
970bf05073f91ad6b8f21521f7c9886f71f2af1d
52b687a685d2239142be0db5335c5710951ba8c2b39a44431a40f156b4d9312d
GET /assets/js/wfui/appdynamics/appdEUMConfig.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 20 Jan 2022 02:38:25 GMT
Vary: Accept-Encoding
ETag: W/"61e8cb21-7a0"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 901
Date: Fri, 02 Jun 2023 10:52:08 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=I6QHfTNa1fOePu7WePqiXw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www17.wellsfargomedia.com/assets/images/rwd/choice-privileges-card-79x50.png
104.110.27.78200 OK 1.4 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/choice-privileges-card-79x50.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 723ea3757b670b62e78a271262f7a226
0eaa5d0a1bde4446a39f3d9c60a2719581c38837
ce9903039a68a570fa3787c621e9ea79efd40f4b24afd194c4025d085d48abed
GET /assets/images/rwd/choice-privileges-card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "64396a1c-1f52"
last-modified: Thu, 20 Apr 2023 01:30:29 GMT
server: Akamai Image Manager
content-length: 1441
content-type: image/avif
cache-control: private, no-transform, max-age=1175747
expires: Fri, 16 Jun 2023 01:27:55 GMT
date: Fri, 02 Jun 2023 10:52:08 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
104.110.27.78200 OK 1.7 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash c939da49d435a33b6da79639dd7b449e
b5c908f157d240c4b78f1e7a6c0808aa898c9c23
60088561eb43fca42fc2f9c996af43347355642872eabfa97a943d2f28ee474d
GET /assets/images/rwd/wf_logo_220x23.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61bcfcce-10c2"
last-modified: Thu, 20 Apr 2023 01:30:26 GMT
server: Akamai Image Manager
x-serial: 853
x-check-cacheable: YES
content-length: 1712
content-type: image/webp
cache-control: private, no-transform, max-age=1175776
expires: Fri, 16 Jun 2023 01:28:24 GMT
date: Fri, 02 Jun 2023 10:52:08 GMT
X-Firefox-Spdy: h2
www--wellsfargo--com--2449329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
163.171.132.220200 OK 19 kB URL GET HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (33363), with NEL line terminators
Hash 1f9ca16f9fc2bfd6185aa57f8e9e1996
9a32e9cd41b9f7e4ebf0cb2364a333414f1f3e52
f1f5d2d31133a2c5bd964ef6422e45e1d1c5741d98b605d6a2cbf7257092d1ab
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /ui/javascript/homepage-ui/homepage_iaoffer.js HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:0e76090a-eeef-45f5-9dae-ba02c903eb31|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:82; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:08 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 19159
Connection: keep-alive
Expires: Fri, 02 Jun 2023 00:03:20 GMT
Last-Modified: Tue, 18 Apr 2023 15:19:30 GMT
ETag: W/"643eb502-e805"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01hzl162:0 (Cdn Cache Server V2.0), 1.1 kf175:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9d8_kf182_7865-32994
www--wellsfargo--com--2449329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
163.171.132.220200 OK 58 kB URL GET HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65500), with no line terminators
Hash 817137481b98432168705ff99aa7ca57
9049c9adaa1e735f5e8c1b17f72a88f8fad3994c
884b8a0cdadbb630b742a414622856e833532ecf5eb3ba87b6066bceb521f086
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /ui/javascript/homepage-ui/ps-homepage.js HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:0e76090a-eeef-45f5-9dae-ba02c903eb31|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:82; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:08 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 58231
Connection: keep-alive
Expires: Fri, 02 Jun 2023 00:03:20 GMT
Last-Modified: Tue, 18 Apr 2023 15:19:30 GMT
ETag: W/"643eb502-2c686"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01cV0174:4 (Cdn Cache Server V2.0), 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9d8_kf182_7843-43385
www--wellsfargo--com--2449329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
163.171.132.220200 OK 24 kB URL GET HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash faeacce8b6ad342cd86a6a8d5e4b52c7
818f0301128768ed137adc0a80759721b57027c8
befa04abc1ca69b01f6d8b97af7399611e49e69b541bf33554ab37f5b6b776c7
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /ui/css/homepage-ui/ps-homepage.css HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:0e76090a-eeef-45f5-9dae-ba02c903eb31|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:82; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:08 GMT
Content-Type: text/css
Content-Length: 23837
Connection: keep-alive
Expires: Fri, 02 Jun 2023 00:03:20 GMT
Last-Modified: Tue, 18 Apr 2023 15:19:30 GMT
ETag: "643eb502-2a973"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01hzl162:2 (Cdn Cache Server V2.0), 1.1 kf182:9 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9d8_kf182_7891-29378
www--wellsfargo--com--2449329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
163.171.132.220200 OK 4.3 kB URL GET HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type ASCII text, with very long lines (9269)
Hash e130ee5652f296d79bdf7d7d8a791794
9e49c0f43ec067537d8a8bc50e647a5de70bb10c
efe0027ac1069278bf44c5e7910a09e335307b9d5e5176fd1981f358a31d198c
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /auth/login/static/js/general_alt.js?single HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:0e76090a-eeef-45f5-9dae-ba02c903eb31|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:82; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:08 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 4283
Connection: keep-alive
Content-Encoding: gzip
Expires: Fri, 02 Jun 2023 10:52:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=Ay52vHuIAQAA_qOicRNGbbxzSxSSj6Zp7CFUVsIa0KMHpIsuRDFPg1L8x5zWAaOrhK-cuNk0wH8AADQwAAAAAA|1|0|b69ac999e6466586980c92847fb7f4a642afadea; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=5VNwscVaKwaKgQj2+XCeoLnF5lZ1qLf6EUesyx1Dydc%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:08 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9d8_kf182_7810-10605
www--wellsfargo--com--2449329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
163.171.132.220201 Created 77 kB URL POST HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
Hash 3b2227177307401f0ad66f16a01dfd5e
098aee523bc90b9abd2658dc3cad2b8d984c148c
f9fce767b48efa5ba940f180d7210d6f9d5c1569743951fb756e574c8e8ce86e
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34 HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:0e76090a-eeef-45f5-9dae-ba02c903eb31|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:82; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:08 GMT
Content-Type: application/javascript
Content-Length: 76583
Connection: keep-alive
Stored-Attribute-Sha-Checksum: f9fce767b48efa5ba940f180d7210d6f9d5c1569743951fb756e574c8e8ce86e
Last-Modified: Wed, 26 Apr 2023 15:12:23 GMT
ETag: "5b8f9de7319f5214c46d203ee7c78f9bf749d0b7eaa059e3b1056741a3d903ac"
Content-Encoding: gzip
Cache-Control: max-age=21600
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=hnd0oGhKYraXbpRW1l+orA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=1A53FF24ECC35E90F08D8EC00EF9939C~-1~YAAQ4KDVF2UPuXiIAQAAcXa8ewnqLxUXIPqpkB2IuymJ+v9utBslNbbkUoQGf7sF0XEPm6U4qTh4wi5BtDy+IER/yOkrcw/14jk/yCBIeTfAY7WyEb4eglY3StcFucGzZV15v4cVAk6H2p2ljJUwvXiPY11OVgknGkiLzKH1ZyoaHIKi/7tSfvRY6FBqgUHp8Pe6vylrwcD0D9IhGaeRdQjm/dluHfw5dy73Vtz/tkT3hjSFjlQH/Am+ltkeS0JkKIsfXTJhLjC51x7H/9TqznSUTcnt2/XbiyiWX+6O6qrA9kER8Id7TdDOJu3eJ6/McobvYtC0298BzGc8EYO713ru4+c9+KPLvNMfF5wx7rWEB3BKLQQyFF3N8mkjIdtj~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:52:08 GMT; Max-Age=31536000; Secure
bm_sz=FDD0F6CE11E087E10431F59B1A8411D6~YAAQ4KDVF2YPuXiIAQAAcXa8exMBFffheeMhHGoQWYP8rgn1g5Pca+4hKRbwhunKyjRKCHjMcSjC7mJlbVRJvzaFKLolCBcGdDI8RWG8jEpszxYxuE7zinap6x5qykrED13XESJMMD+Pl1DnBO14oqdmXomTy+3HP+JrBy24soHqiQm71cJ60kYAgB0UkkLWYmbe9K5Q9IQq3Gy/Kmxbgu+g+h/Mprzl5W+AgckWfzwy2e1Pze37LuMuqFTDx0YIZKyKXJYzVwo0aQe0GGPrn7olmKoZ3aRDrjlSj4nq+DpjPjMO4bAH~4600632~4600646; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:52:08 GMT; Max-Age=14400
X-Via: 1.1 kf182:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9d8_kf182_8210-12096
www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
104.110.27.78200 OK 49 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type PNG image data, 1187 x 406, 8-bit colormap, non-interlaced\012- data
Hash 4576998e5446061faba47c4c609823e0
3beff60a8beab6ef65403e7bc02f996509c737a2
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39
GET /assets/images/sprite/responsive-sprite-v7.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 48569
last-modified: Thu, 21 Jul 2022 20:05:23 GMT
etag: "62d9b183-bdb9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=6457545
expires: Wed, 16 Aug 2023 04:37:53 GMT
date: Fri, 02 Jun 2023 10:52:08 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
104.110.27.78200 OK 22 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Hash 0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=13995296
expires: Sat, 11 Nov 2023 10:27:04 GMT
date: Fri, 02 Jun 2023 10:52:08 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
104.110.27.78200 OK 23 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Hash 83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
GET /assets/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5848"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=13995296
expires: Sat, 11 Nov 2023 10:27:04 GMT
date: Fri, 02 Jun 2023 10:52:08 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
104.110.27.78200 OK 22 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Hash f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704
GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=13842123
expires: Thu, 09 Nov 2023 15:54:11 GMT
date: Fri, 02 Jun 2023 10:52:08 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
104.110.27.78200 OK 22 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107\012- data
Hash 1a2740c8df445989e4ee5f5396b6474c
a3f8545619fdd5b2a481952cd9e2c7b169bb43a6
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc
GET /assets/fonts/wellsfargosans-lt.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 21636
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5484"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=13995263
expires: Sat, 11 Nov 2023 10:26:31 GMT
date: Fri, 02 Jun 2023 10:52:08 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
c1.wfinterface.com/tracking/hp/utag.js
23.36.79.32200 OK 55 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/hp/utag.js
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (14989)
Hash 9c21270445d8d24ac6f6cd64ba2d2b87
9b6efc3ccfdefe0993369d64c73d1adb15420700
d0a902bf3de91f273513b56ce62fff64de0a89e4c8e05446546c99ab4a1910b9
GET /tracking/hp/utag.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 28 Mar 2023 20:08:18 GMT
Vary: Accept-Encoding
ETag: W/"64234932-31f01"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 54703
Date: Fri, 02 Jun 2023 10:52:09 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=8XcZA2prOdCBC0wCtSYvpw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--2449329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AEAwqHuIAQAAcaXr_d_vZAqd6U6wYIOZE9SWMp0CQxrf5UpHPNqNMc_OCcdN&X-G2Q3kxs3--z=q
163.171.132.220200 OK 148 kB URL GET HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AEAwqHuIAQAAcaXr_d_vZAqd6U6wYIOZE9SWMp0CQxrf5UpHPNqNMc_OCcdN&X-G2Q3kxs3--z=q
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 148 kB (148158 bytes)
Hash cd6519c5926ec088a853be34f3f64d57
a86a168ef75aaf1d7c8944841687aee1b72b71f9
06a941104ae1feecec4b03360d3f0f4700940c6aaec877bd549021db5e409a13
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /auth/login/static/js/general_alt.js?async&seed=AEAwqHuIAQAAcaXr_d_vZAqd6U6wYIOZE9SWMp0CQxrf5UpHPNqNMc_OCcdN&X-G2Q3kxs3--z=q HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:0e76090a-eeef-45f5-9dae-ba02c903eb31|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:82; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:09 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Fri, 02 Jun 2023 10:52:09 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=Azx3vHuIAQAAF6pjt4MYnNu1vY8uH4dxZV7Uf9nvfe9MZWu4VxpYTLN4H0O-AaOrhK-cuNk0wH8AADQwAAAAAA|1|0|2a074a561b14afdb9f220b50379b803c8cf0a515; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=TBcuT2tvGxFzFOWo6jW1K9Kzu32QVMj1xGvpCUjfo6YZdWc2BKAqN00yB+gVPnqK; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:08 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9d8_kf182_8210-12098
www--wellsfargo--com--2449329d48d6c.wsipv6.com/target/offers/conversations
163.171.132.220200 OK 2.1 kB URL POST HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/target/offers/conversations
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (10302), with no line terminators
Hash 9d6b15f8977845a00bc6a270f077d733
240065484b969bc786b22c7ea946029a7603ab9e
9812388df465820a1345ac1337605304cdc3dbd272828ddf46c6fe95c0a353b5
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /target/offers/conversations HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 105
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:0e76090a-eeef-45f5-9dae-ba02c903eb31|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:82; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:09 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 2079
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; prefetch-src 'self' *.wellsfargo.com *.wellsfargomedia.com; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://resources.digital-cloud-prem.medallia.com https://www.knotch-cdn.com https://www.units.knotch.it https://*.knotch.it/; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.ads.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://www.linkedin.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://*.mworld.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://www.units.knotch.it; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-79a77d61-edea-40d9-b45f-9ecb5c6484e4' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.ads.linkedin.com https://www.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:0e76090a-eeef-45f5-9dae-ba02c903eb31|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:82; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:0ab82985-93c3-475d-b5f4-1644ae76ea60; Expires=Fri, 02 Jun 2023 10:52:38 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:0ab82985-93c3-475d-b5f4-1644ae76ea60|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 10:52:38 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 10:52:38 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893; Expires=Fri, 02 Jun 2023 10:52:38 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:114; Expires=Fri, 02 Jun 2023 10:52:38 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=11202306020352081065096202; domain=.wellsfargo.com; path=/; expires=30 May 2033 10:52:08 GMT; secure=true; SameSite=Lax; HttpOnly
wcmcookiehp=56673374EE09C600114E3CF9A0DB5CA4; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
DCID=fh9WLRYINrYPCZeFgo0i2tKcL%2freA6VvG6W6YiMugsQ%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:08 GMT;Httponly; Secure
_abck=AD7F3A9B2BD875459E2C71E2C8651B9B~-1~YAAQ4KDVF2wPuXiIAQAA1Xe8ewkeqkLL6f2nS9sXrUGr66La6gu/iXSwy59B1os2liK/b6gCTTU+q8cuKBXaUeCfqfztsTuHdpAy5TCSlc2Z9G9Ven6n4db61ZH4PXS5Gs9mRbDlnchnbDbPo2mIp0wGjek4xbZ+yxyg+jRQZsAHdDXEYJ+HYVPRCzbjlPLjparukqOFuF90OIthP7G1BC0HqmPt3YLsiIRF4lrCSwOUm0wj6Q7Xdoilzn22+gmhoHUSeSDutBR/jLomADDOO8zwxAU8oMSp3fJxUDQRuEszqGx7bgmsIkL8Qjhebeb50Mc3hKp6O3NLUUtWBkHqJM+p69rbJq6cSn9WnmpkLUZ2gHhMVmUfCzBYUxiVPMJX~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:52:09 GMT; Max-Age=31536000; Secure
bm_sz=6DAAA28240A5C0AFEB01745BF30DB5E7~YAAQ4KDVF20PuXiIAQAA1Xe8exNOKUv56MJRqxxf9rvIsfsy2f8oPJxkdTIr0zuor538miQZ4a9/B+ao+IxZw5Cdk0tew/RY/LiWjXff9nGR2IN6MNttBdRsQFvNt+bdLXkOmRMeB0ObjCku7N9Q1L/iA/1ox++E/ZKMIYyFPQ00olq3JwfTrS9ZhqBApiKLayUl8P5/PSxyRfsK1IfCppVEornkhgHBo4oBKkgjVAbkSXzc5SMMAA3/U1FV7eo34TNw+J0RL2GKQ6auMTDgGZU12/rXLYvKPcGOIHdzg9CBQFKWn96E~4600632~4600646; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:52:08 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf173:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9d8_kf182_7891-29381
www--wellsfargo--com--2449329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
163.171.132.220201 Created 18 B URL POST HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
POST /DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34 HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2046
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:0e76090a-eeef-45f5-9dae-ba02c903eb31|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:82; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 201 Created
Date: Fri, 02 Jun 2023 10:52:09 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=wk59xqhDmyp32i0TiSJXxA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=wk59xqhDmyp32i0TiSJXxA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=E58F6C1C224D3D122E526ABEAA544799~-1~YAAQ4KDVF28PuXiIAQAA9Xe8ewk7h0st+zSZI4+OEPYILMNLklJmi/wuZpGHop1JCqjETm1a3c1vG8RLwqK0vEJk3uluey592zzTw1CjV9nUs1ozH1e2xLHEJ+rne9kiMtnjRL84mWXX/3dhG3jPWij4EXHffsPJmyjiuOS6P+JjxV4sqfX1vvxR/W+v/TYgoCZTieY0yARPUvXnnhuIqSB6qfRSgb3PNSU3dj15Z3c9Kj+C64f2ZxnNwHtgfNXjgFcyg2ay8BsHmrLLf1czx16Tm21VuXHv+dwKGj/0XSzWQIAIqpSGuoF9g99dsjQkIMuIaZfHzx9K6atZ9LPseyTPgVkuhRK+SvuxaXIlE3Tn0ssxgWo+x65bkujxPyFB~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:52:09 GMT; Max-Age=31536000; Secure
bm_sz=413FEDE0DAF7AFC67AEC1234E77DD68A~YAAQ4KDVF3APuXiIAQAA9Xe8exPtulcg6DU9AVIox9d8lQXK1HseBzYy4cFBYL4Kc6bWO9BWp0qd7eVkItBiTMLbwsKi4YAhqZ8/dpft1oXiDQnwQjV4C2nHB1nKygA2uvxo6kWK4hvZLEVkDM8Nhgn1cdNEfCFlFOi4KQF5+AEz2k/bZ9lrCQgjr+YPeinB7Uw7dk+68bFW7w/FjHBswV+Y75Mim+0OzVOyS95GDxfigtqHx5N6o+ehfk8jPEsm82UzQXZ5/Z3UJz75wBmX0fQa1qGr/RqEwxzT6m4/43wE/RL4yAIj~4604729~3486273; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:52:09 GMT; Max-Age=14400
X-Via: 1.1 kf182:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9d9_kf182_7865-33000
www--wellsfargo--com--2449329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
163.171.132.220200 OK 313 kB URL GET HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type ASCII text, with very long lines (65357)
Size 313 kB (313270 bytes)
Hash 86b0428bd52fbfeaf6fc736f21b79f1e
357a952f524df35ccf680ecc30ed8764444266bb
fe4623c9de643567800b8518f0a5163d4d6d634f87d93ab792b221834592d5ab
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /auth/login/static/js/general_alt.js?1js HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:0e76090a-eeef-45f5-9dae-ba02c903eb31|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:82; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:09 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Fri, 02 Jun 2023 10:52:09 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: DCID=Mx7kAjtwX%2fReEmmpp1cFZQiI2UUY+zB4uDPIS7c5MNs%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:08 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9d8_kf182_7843-43392
www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
104.110.27.78200 OK 9.2 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash cd112f1acb59ef6e59e09c0effd8ce2a
bc104cd92adc32a8f695300d2b0cc69c2776f6af
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c
GET /assets/images/icons/ico/favicon.ico HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/x-icon
content-length: 9198
last-modified: Fri, 17 Dec 2021 21:10:38 GMT
etag: "61bcfcce-23ee"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=9624
expires: Fri, 02 Jun 2023 13:32:33 GMT
date: Fri, 02 Jun 2023 10:52:09 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
104.110.27.78200 OK 964 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 7f9f34586bf809f8eb21ceb6b46045d7
90691768aff809a00ce2b33df7e37e34dcdbcbe0
dca86ff9007564cbcb0515ec84dfc727fd8648005a8f12eb0bf5a3278431d6e0
GET /assets/images/icons/icon-hires_192x192.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6116f9a6-dcf"
last-modified: Thu, 20 Apr 2023 01:32:50 GMT
server: Akamai Image Manager
content-length: 964
content-type: image/avif
cache-control: private, no-transform, max-age=1175922
expires: Fri, 16 Jun 2023 01:30:51 GMT
date: Fri, 02 Jun 2023 10:52:09 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_hppb_savings_1700x700.jpg
104.110.27.78200 OK 1.3 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_hppb_savings_1700x700.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 9a1eae7d2190524a3314d76363aaeeff
f3ac6dec3572f491f1d5b914974858bfe9751566
4774cc6c28fbd2c229c3460b3669b7348db73d3477407e4e82112ad3f037cb6f
GET /assets/images/contextual/responsive/hpprimary/wfi_ph_hppb_savings_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6453c9c0-5f1d"
last-modified: Tue, 16 May 2023 13:47:10 GMT
server: Akamai Image Manager
content-length: 1344
content-type: image/avif
cache-control: private, no-transform, max-age=1133794
expires: Thu, 15 Jun 2023 13:48:43 GMT
date: Fri, 02 Jun 2023 10:52:09 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_135975483_616x353.jpg
104.110.27.78200 OK 39 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_135975483_616x353.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 5d115cb30ce945de0d431748aa0b6073
e1af15a87872a93c56598fe21c82c252a7c82345
8f0441ba6cd327f630ce1653262816ae3fb9abf2db73b70c50be3e66c51dfd8f
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_135975483_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63505859-e2ce"
last-modified: Thu, 20 Apr 2023 01:30:34 GMT
server: Akamai Image Manager
content-length: 39415
content-type: image/avif
cache-control: private, no-transform, max-age=1175848
expires: Fri, 16 Jun 2023 01:29:37 GMT
date: Fri, 02 Jun 2023 10:52:09 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg
104.110.27.78200 OK 25 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash bf978a151ba3f10a7412e8cd5fbdb863
2af8e9c16c4f1e96ba1e86beee63521c802c2cce
ac555d446e447b4c8cf2bf2dd377d53c3b21faf83da3259dc8839c782eba1d9e
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6350580a-d82f"
last-modified: Thu, 20 Apr 2023 01:30:23 GMT
server: Akamai Image Manager
x-serial: 1019
x-check-cacheable: YES
content-length: 24880
content-type: image/avif
cache-control: private, no-transform, max-age=1023520
expires: Wed, 14 Jun 2023 07:10:49 GMT
date: Fri, 02 Jun 2023 10:52:09 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
104.110.27.78200 OK 562 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2bcde1c3190b4af34b91259d18dcc641
3e6b6735a8876b4a326648142fab032a8bc57999
de658330c0f53de61d10240f572508c31ee9db580f34b856430724f2e499104c
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63cb7c4d-769"
last-modified: Thu, 20 Apr 2023 01:30:29 GMT
server: Akamai Image Manager
content-length: 562
content-type: image/webp
cache-control: private, no-transform, max-age=1175797
expires: Fri, 16 Jun 2023 01:28:46 GMT
date: Fri, 02 Jun 2023 10:52:09 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_557715963_616x353.jpg
104.110.27.78200 OK 16 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_557715963_616x353.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 093dc61fd7b0036526bf39ae69597887
a27c677f83b0554434422c99b5519ace95ddb23a
f5a1bee943c64e915cc0223d3cc7e402b70794950377eb8ef040c835fad7e156
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_557715963_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63cb7c4a-ce5a"
last-modified: Thu, 20 Apr 2023 01:31:11 GMT
server: Akamai Image Manager
content-length: 15941
content-type: image/avif
cache-control: private, no-transform, max-age=1175852
expires: Fri, 16 Jun 2023 01:29:41 GMT
date: Fri, 02 Jun 2023 10:52:09 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
104.110.27.78200 OK 1.1 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 89a0759ff4f79071f11a1f90bffd9337
2d734cb1eda293788a673c1fae36b2c1d7e92bae
2223c16db671322ea90112c50128563ee80413e33769d718bd92b99da094712c
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "633eedd3-e69"
last-modified: Thu, 20 Apr 2023 01:30:30 GMT
server: Akamai Image Manager
content-length: 1131
content-type: image/avif
cache-control: private, no-transform, max-age=1175839
expires: Fri, 16 Jun 2023 01:29:28 GMT
date: Fri, 02 Jun 2023 10:52:09 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_cash-stack_color-gradient_64x64.png
104.110.27.78200 OK 1.1 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_cash-stack_color-gradient_64x64.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 1be95b0b232926a8f3015e422dc7d26a
9d9c8a27b6a0a5fceaf3a36da19296e9822b4b2f
8351da32a7b86365880337290fee8d5d3c3bf9f6b0bdc7ae8c8991930c63dbae
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_cash-stack_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63617b6e-da1"
last-modified: Thu, 20 Apr 2023 01:30:33 GMT
server: Akamai Image Manager
content-length: 1083
content-type: image/avif
cache-control: private, no-transform, max-age=1175915
expires: Fri, 16 Jun 2023 01:30:44 GMT
date: Fri, 02 Jun 2023 10:52:09 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/choice_hplp_1600x700.jpg
104.110.27.78200 OK 88 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/choice_hplp_1600x700.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash a98a53b240b35df64bb921e26289fd76
c27edd23f5b20a10708c8fee5c4b433d225b5033
beca9798c76674608f5a42deeb1dbab79befd098300d31f3c14ae4b1459a9d9e
GET /assets/images/contextual/responsive/lpromo/choice_hplp_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "642c3da0-191db"
last-modified: Thu, 20 Apr 2023 01:30:23 GMT
server: Akamai Image Manager
content-length: 87914
content-type: image/avif
cache-control: private, no-transform, max-age=1175980
expires: Fri, 16 Jun 2023 01:31:49 GMT
date: Fri, 02 Jun 2023 10:52:09 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
104.110.27.78200 OK 463 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 4ba6a57b8c9f52ede1b958bd4b63700b
22a693eb43a2a76ab994782bc50cc262f986a240
c13a85df86fed8e3d77b952a59a1736743127f1422873b47b4d0a59092c62de2
GET /assets/images/homepage/position-1-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-9f2c"
last-modified: Thu, 20 Apr 2023 01:30:38 GMT
server: Akamai Image Manager
content-length: 463
content-type: image/avif
cache-control: private, no-transform, max-age=1175936
expires: Fri, 16 Jun 2023 01:31:05 GMT
date: Fri, 02 Jun 2023 10:52:09 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
104.110.27.78200 OK 831 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 026f5e731899c436dbbec268e870905a
160ed7b7fe9a30e81aae6f1136db6ce939113a7e
2a242450947c5c9d9496cd2d4acb67d50b269f5ce36070c3b98c4f88db3307db
GET /assets/images/homepage/position-2-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-cf3e"
last-modified: Thu, 20 Apr 2023 01:33:02 GMT
server: Akamai Image Manager
x-serial: 1447
x-check-cacheable: YES
content-length: 831
content-type: image/avif
cache-control: private, no-transform, max-age=1175899
expires: Fri, 16 Jun 2023 01:30:28 GMT
date: Fri, 02 Jun 2023 10:52:09 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
104.110.27.78200 OK 405 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 08e3eec615bb3f7d07a95e1e79f96189
c05ef7184eedcb31aee442ad8c474ff306b1d473
89026cd6ac7b7314c1a5b075471d09a9b672ac011254541c9d2b521b90c6cb3e
GET /assets/images/homepage/position-3-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-7b35"
last-modified: Thu, 20 Apr 2023 01:33:39 GMT
server: Akamai Image Manager
content-length: 405
content-type: image/avif
cache-control: private, no-transform, max-age=1176188
expires: Fri, 16 Jun 2023 01:35:17 GMT
date: Fri, 02 Jun 2023 10:52:09 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
104.110.27.78200 OK 840 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 6ec98f68003e2c6714282b232614e8d1
2e159a3a6e6796d1cc201770ac015f96f905ef56
f9c237c7739705ea404e9682f13e557a1d984f2493f6f619bdfce44c9a71445d
GET /assets/images/rwd/Active-Cash-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-1d25"
last-modified: Thu, 20 Apr 2023 01:31:18 GMT
server: Akamai Image Manager
x-serial: 1153
x-check-cacheable: YES
content-length: 840
content-type: image/webp
cache-control: private, no-transform, max-age=1175875
expires: Fri, 16 Jun 2023 01:30:04 GMT
date: Fri, 02 Jun 2023 10:52:09 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
104.110.27.78200 OK 962 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 699a91c4d536a60f1a4bd48622194f70
91b303fbf65778043ddd2fe6f39f4798f207f320
8c456a47b3f97fa54853761f544146ab5b5277a11603a18f080947d76e31d54a
GET /assets/images/rwd/wf_autograph_card_79x50.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-81c"
last-modified: Thu, 20 Apr 2023 01:32:43 GMT
server: Akamai Image Manager
content-length: 962
content-type: image/avif
cache-control: private, no-transform, max-age=1070727
expires: Wed, 14 Jun 2023 20:17:36 GMT
date: Fri, 02 Jun 2023 10:52:09 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
104.110.27.78200 OK 712 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 89489c444f1ee92b133eb97304e31020
62ea0737595301aabcda8a6dbe95184ba9a75558
e06b14ec84ac8651fc009b444e0560a78c1919f45df8106a9c14cd708d5b804e
GET /assets/images/rwd/Reflect-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-1c20"
last-modified: Thu, 20 Apr 2023 01:30:55 GMT
server: Akamai Image Manager
x-serial: 1166
x-check-cacheable: YES
content-length: 712
content-type: image/webp
cache-control: private, no-transform, max-age=1175747
expires: Fri, 16 Jun 2023 01:27:56 GMT
date: Fri, 02 Jun 2023 10:52:09 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
104.110.27.78200 OK 1.1 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 21385ee55bb1e5a680bb48257446fb86
9639eb9d1c5805fa350013eaa2f11c08835459e0
cfcc50571ad947e067c5a0853534d3016eaaef2fd98ffdb9b0d4d3c1bdda0273
GET /assets/images/rwd/bilt_card_79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fc445-1be6"
last-modified: Thu, 20 Apr 2023 01:31:08 GMT
server: Akamai Image Manager
content-length: 1083
content-type: image/avif
cache-control: private, no-transform, max-age=1175883
expires: Fri, 16 Jun 2023 01:30:12 GMT
date: Fri, 02 Jun 2023 10:52:09 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
104.110.27.78200 OK 1.7 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash e218a28576f6620622d48155284b5551
d189e371b0ce3dac93f0b9e660c426d932da9274
f990b81e77666bac79e3f1f9399b7763ca7eb64b1d70acea21cbe954413cc0c3
GET /assets/images/rwd/first_time_experience-account_summary.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "618287e9-14da"
last-modified: Thu, 20 Apr 2023 01:30:31 GMT
server: Akamai Image Manager
content-length: 1662
content-type: image/avif
cache-control: private, no-transform, max-age=1175902
expires: Fri, 16 Jun 2023 01:30:31 GMT
date: Fri, 02 Jun 2023 10:52:09 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
104.110.27.78200 OK 7.4 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash c885a0955f4f35b25bceca71830f266d
4bbdc15de0149dee5e6feae4fb32a520a983a1ca
5c18c7230c1e013e39d16af91a84fdedd4a6cb5874e26729f0883978c4ba229e
GET /assets/images/rwd/Native_App_Phone_Personal_v8.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6328cc17-9829"
last-modified: Thu, 20 Apr 2023 01:39:11 GMT
server: Akamai Image Manager
x-serial: 7
x-check-cacheable: YES
content-length: 7363
content-type: image/avif
cache-control: private, no-transform, max-age=1176121
expires: Fri, 16 Jun 2023 01:34:10 GMT
date: Fri, 02 Jun 2023 10:52:09 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
104.110.27.78200 OK 20 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 87490ccdfd428eee95e906fbce88432a
e1c384061e5aaf77bcf202341510db8cdc2ae350
936c825f599809216670e9444d31e555e587b6f9943a89681cfef3621c5b0843
GET /assets/images/rwd/volunteers_cars_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "618017dd-cd21"
last-modified: Thu, 20 Apr 2023 01:30:41 GMT
server: Akamai Image Manager
content-length: 19628
content-type: image/avif
cache-control: private, no-transform, max-age=1175791
expires: Fri, 16 Jun 2023 01:28:40 GMT
date: Fri, 02 Jun 2023 10:52:09 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/women-in-greenhouse_616x353.png
104.110.27.78200 OK 31 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/women-in-greenhouse_616x353.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 6e75964fb01ae452f65c9fa41cd3326e
1a0909cc3f5290bb291f4d35abdc4df63767ef9e
417df9b440b214aa81b429a205291afb424c1ae8a3c9143dd22e17befaada5e2
GET /assets/images/rwd/women-in-greenhouse_616x353.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6410d4f7-b51b"
last-modified: Thu, 20 Apr 2023 01:30:32 GMT
server: Akamai Image Manager
x-serial: 1698
x-check-cacheable: YES
content-length: 30860
content-type: image/avif
cache-control: private, no-transform, max-age=1175792
expires: Fri, 16 Jun 2023 01:28:41 GMT
date: Fri, 02 Jun 2023 10:52:09 GMT
X-Firefox-Spdy: h2
www--wellsfargo--com--2449329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
163.171.132.220201 Created 18 B URL POST HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
POST /DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34 HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2144
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=; ADRUM_BTa=R:27|g:0ab82985-93c3-475d-b5f4-1644ae76ea60|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:114; utag_main=v_id:01887bbc777b000adfaf7d228c2c05046003700900918$_sn:1$_se:1$_ss:1$_st:1685704928955$ses_id:1685703128955%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 201 Created
Date: Fri, 02 Jun 2023 10:52:09 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=xPq7RuY3c2q+EbRa2uYuyw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=xPq7RuY3c2q+EbRa2uYuyw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=DF14F97B4A8C9B1EE9599572B93DF0DA~-1~YAAQ4KDVF4IPuXiIAQAAMXu8ewlxEHEZ+zRUDpg8gwSUY2iwu1cXUA7ENQ19es0zM1P+ZIb1ZkRSPoddxqXXHXQ6m4Sy5e8sr2ZIQeHzePisN6bZY7jI0JEEz8AVZ01HnrL8LqQbVBPg2BaOEh/uMQzwq1lP1MZkvIRXzFFwhkB9PyoJGjG2vlpY6JpEm3TpyoukW2hvN78CLDMW6K54yhN0pLRG0BYt5KdY9+GZkL85yNjsAKhZKxCG7uBvaCf7be9rY/s+Muv0kNFr9+gSUtAbOQR+urxrjI2tu3bjgTe9oGOAB6lB9dcgjP2YfXiZdpug2ebQZ376VlpW4/mPLWpJrIfL0fjqO5nHpZZzeP69cSGOFt2C/URvh/v0wRjw~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:52:09 GMT; Max-Age=31536000; Secure
bm_sz=C98271D1A4F21D6917EDA27B17F0332E~YAAQ4KDVF4MPuXiIAQAAMXu8exMocjeurrjlQpYed+XTeLleMrCDCDM7QUChfcCihUKrz1tF3Sg1FDpn/ePtiTCGNmJEHU4Fi+3gt+AnOT+8tMVKDQs94IM9WJUtlKJdW1l9E4zPKf22IMB7ssgjbAqWmaGO1LcCxspj3amMmfM4iYb2BG8wVSYwPqOZzFaWdA3DrrTdXHM1YcsRKFeupN5x6MzFTaGiZfyL8iaBggBod60kqyrECd/elac1DMsYP0uOug0uSP8s3x9TLXMMsRB0QyDsYkjVKYM5ye6SnCf6cSaUJsMr~4604729~3486273; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:52:09 GMT; Max-Age=14400
X-Via: 1.1 kf182:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9d9_kf182_7843-43414
c1.wfinterface.com/tracking/gb/detector-dom.min.js
23.36.79.32200 OK 138 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/gb/detector-dom.min.js
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65434)
Size 138 kB (138549 bytes)
Hash c71e354b6a3fbb7e60e42b5cd392761e
b0abcc1cda4144fb29550225f7c3dd0342d11fbf
c5efd80b0945674f1ffbb895395fb45f44b6030a3d2c6380b03202e667c51923
GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 28 Mar 2023 20:08:12 GMT
Vary: Accept-Encoding
ETag: W/"6423492c-7049c"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 138549
Date: Fri, 02 Jun 2023 10:52:09 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=%2fEj8k8%2fm+qS9wL7wkf9jZQ%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
23.36.79.24200 OK 571 B URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
IP 23.36.79.24:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
Hash 6497c4493a39dde646c25ba77769bdff
a274bf8eeb1162704dffb48a94fa7984257d5bb0
87539e9903c436b134e3eedeb2fba22286fbca83cfd766afd62e6de9d10167aa
GET /accounts/static/7M/accounts/short/accounts-cache.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: W/"645c0402-497"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 571
Date: Fri, 02 Jun 2023 10:52:10 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=5oZ%2f7s0x1JuS+8o17NbDCqLIUyZCyuWdpTRCkGYQEs4FDjptCe0ztWAtATI6Za9J; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:09 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
23.36.79.9200 OK 45 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
IP 23.36.79.9:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 02 Jun 2023 10:52:10 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=S6bX80KDAVBos31AtWRH8w%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
23.36.79.26200 OK 14 kB URL GET HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP 23.36.79.26:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (32088), with CRLF line terminators
Hash 5f310e2e2a558d76b916e137aee73462
c7ff0190c9c2c414321211f3863e9e27f32b713e
385196f0fce7cea80c2c99d971780ecb73df9dea6e5b2d95d19df3aa849c7b1f
GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 14304
Date: Fri, 02 Jun 2023 10:52:10 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=0593D1o7IvphK8FAVFzSdA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.6f78b5133f378c92c1b9.chunk.css
23.36.79.24200 OK 24 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.6f78b5133f378c92c1b9.chunk.css
IP 23.36.79.24:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 7761c210936c5ffbc16bf3a859c5c649
30b0294e872a612bbb44fef185397b20839a6a7f
5b306356aae0365e64f0f2aeb36e88aaebcfad3cede0791f87a2cd3d8fbbe9af
GET /accounts/static/7M/accounts/public/stylesheets/main.6f78b5133f378c92c1b9.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 23979
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-5dab"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Fri, 02 Jun 2023 10:52:10 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=CQILO7p2acDPETtSgaAcLQ%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.df910294345cedd2922e.chunk.css
23.36.79.24200 OK 39 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.df910294345cedd2922e.chunk.css
IP 23.36.79.24:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 1415f9572acbb3f9c9b735caa721379c
b028e1c6270ffbbeaaad4df08669a519dabef72c
38526f61faf9a7f3f0612e909fb6f786a7ffba9b899c4d37ee66a7f08dd8f69d
GET /accounts/static/7M/accounts/public/stylesheets/wfui.df910294345cedd2922e.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 39080
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-98a8"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Fri, 02 Jun 2023 10:52:10 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=4YX%2fsWYih+opRuf%2fbfGD8A%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--2449329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
163.171.132.220200 OK 175 B URL POST HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash b5a995ded9f42ccbd4d9089522692045
a95f75b9d6385bf1801d49d7f7d56db650aeb5e0
39f52d96bdfffb59dbae387278c30864ef014ab1a3b07b04f27879e79d99a6b4
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Content-Type: multipart/form-data; boundary=---------------------------34296976063594342111660118125
Content-Length: 169
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=; ADRUM_BTa=R:27|g:0ab82985-93c3-475d-b5f4-1644ae76ea60|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:114; utag_main=v_id:01887bbc777b000adfaf7d228c2c05046003700900918$_sn:1$_se:1$_ss:1$_st:1685704928955$ses_id:1685703128955%3Bexp-session$_pn:1%3Bexp-session; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C29003968767081097468100894450337948515%7CvVersion%7C5.2.0; dti_apg=%7B%22_rt%22%3A%22DTY2JO97iQ7F8CmqqCyI4oYHY8uQ2nrz8lQ3%2BQOAj5Q%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:10 GMT
Content-Type: application/json
Content-Length: 175
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
x-envoy-decorator-operation: ingress DeviceCategoryPost4
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=yXMB+sMcTkMhkHC6CZcY3HEhGmKzggIL9SIZkaa3FBk%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:10 GMT;Httponly; Secure
_abck=06E15CD6CE98AE6EFFE5C44B31508E3E~-1~YAAQ2qDVF15imDmIAQAAj328ewn0QGGB9zqQyiMmO+uZs675OGV4H86H+8dAgNVcrri46w/nAVDZ4orswMGmHdr42DbrLYUbbfd7MBcWyTMS09/ewZTIlXpJ0FD/m05cQrK+QkaHjDPS/gNPHp18DXnFVkMulRtYaTRqUuhdrF7Lhluj/rFphHVTHpwpQJjGqcQN67Fv+wKdt9hKJtUFMJ7lDL34Iv8QUhQ9lwrDozah4qdPdettH1P0d267il6j2sRtZ/1eO3HIu5b6yJIvYAL9RI/Lfpzk68+Q0LTBeAC9HlIy/2JK9BetFGttWwWWEmKcKsbVKJsZCYIJMosVizomQIm0U74PD5l5Sn+bNKlrQrJbw5DedeA2Lnu4ZJIi~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:52:10 GMT; Max-Age=31536000; Secure
bm_sz=3B2DD76CEBFB5E8867C4DC12844666A6~YAAQ2qDVF19imDmIAQAAkH28exPN80JB5J57VzOP9sTLwkrncttu57ETq2j00gsda93R02xqdgBEYjv8cowoXHrx51JngxUa+mR9vIN3wz3o+1NUFMYncLgSH8PDf+9I/8EJ+PMvENNdIZ88Zo0CgRuCZOjPHkAEp7iQFQbr7M8IbmFh/sCItP0DdPI03sCYGEYBL/1GqBELFyFGN0RxscMfPLb75/r2QDK1zoQ5ap4ddNnqnPYowFnfwzx4Ny2rlLXRBWzRlwjzV/9n3ujjxz4WYsQoQx+SPtmckXwbYiAuS65x/5ZL~3618627~3687474; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:52:10 GMT; Max-Age=14400
X-Via: 1.1 kf175:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9da_kf182_7843-43432
c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
23.36.79.32200 OK 45 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?t=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 02 Jun 2023 10:52:10 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=SdcM3qBssR6kmlXUuntRKg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
23.36.79.9200 OK 45 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
IP 23.36.79.9:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 02 Jun 2023 10:52:10 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=jO3wt3zGJaq0OW6b9fgrlQ%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
23.36.79.9200 OK 45 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
IP 23.36.79.9:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?t=AW-984436569 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 02 Jun 2023 10:52:10 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=YFDPtSM+w1d3j%2f8QwWh0Iw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.0b407b6e491f76ce3813.js
23.36.79.24200 OK 3.8 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.0b407b6e491f76ce3813.js
IP 23.36.79.24:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (7626), with no line terminators
Hash 376eecf5abc22210cbcec8dc18f21cf6
be2406fc2ef24c86c85eb04a9c36559ef1fa3d7b
a56f4f80c32f2fd3a8d47679dfd0456765d23a853a0f12c5bdf7e8bae4c65a20
GET /accounts/static/7M/accounts/public/js/runtime.0b407b6e491f76ce3813.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: W/"645c0402-1dca"
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Content-Encoding: gzip
Content-Length: 3788
Date: Fri, 02 Jun 2023 10:52:10 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=Uw7VC5X7OkcR+SMbWQZZmf63CISW3%2fjero%2fziS9GvHlLF0yjBPKXRgXfla+hjLIJ; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:10 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--2449329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
163.171.132.220201 Created 18 B URL POST HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
POST /DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34 HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
ADRUM: isAjax:true
Content-Type: text/plain;charset=UTF-8
Content-Length: 2551
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=; ADRUM_BTa=R:27|g:0ab82985-93c3-475d-b5f4-1644ae76ea60|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:114; utag_main=v_id:01887bbc777b000adfaf7d228c2c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704930171$ses_id:1685703128955%3Bexp-session$_pn:1%3Bexp-session; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C29003968767081097468100894450337948515%7CMCOPTOUT-1685710330s%7CNONE%7CvVersion%7C5.2.0; dti_apg=%7B%22_rt%22%3A%22DTY2JO97iQ7F8CmqqCyI4oYHY8uQ2nrz8lQ3%2BQOAj5Q%3D%22%2C%22c%22%3A%22TDJ6c1RSc3A0ZzdvUFE0dA%3D%3Dva1jpAJddj_WiqAAwU9g7uAnyuI1qR93hoSdpKQgXloJ6wXBCc7XN4mY7p7JDtsln5jmZ36TSdZ2tZ8cYJl4spGK7G8GO5-f8_k%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378; _cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 201 Created
Date: Fri, 02 Jun 2023 10:52:10 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=f565N3Z%2f%2fNPrRTo7M4VqGw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=f565N3Z%2f%2fNPrRTo7M4VqGw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=602331AD2F3FB9EA79F56F95A8F925E9~-1~YAAQ4KDVF48PuXiIAQAAM368ewl+t00N/Iw/8NPwQPSXZ0a/LWXtCSz85GipvnJORJ6ycUVIp8czdLKPwLoRYrA2NvHUVc6CUVGWXUTs3dPly6OU46GY45B6RLwHdEn4miTTd8MTV/rnd5Mfog1RV2GBKA5tiS+F4sc959/soEOmVayYYwZPutQK7qU1igIRidPyReRoqfsvyWYm3sbBb/ku0fK9kpo3YN88TtYSgGGtduQjAC6GKiz58XYegID1d/uB1EpfsSTgTbsMjLEnPKLK9N82sogrhjd8J6cVykfGclMzX5Lften19vcp7Dbr9An8kBr4PT4ZiuFxJrKzY0QIGzy/58sh0zVWF2IMsW4WYkZgjrmtzzDccy2ZSaVU~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:52:10 GMT; Max-Age=31536000; Secure
bm_sz=B4A08F6A768BFB502ABCE6CAC2EE7AF8~YAAQ4KDVF5APuXiIAQAAM368exOCPoU4efv/i3EIXrX5UFXfE5Wv2t/2AVw8sJ8FYkcGxg6ndXIPVx4DOpDW53gA94r+ORYT162ZavzVCNXVlVNu1zIKGt5VTwQlpLjEfMls/qNmhHfUVCE/ldKj13f139EXfCeQ5Ci3xx6W5BTnf4+LQ6WzmrAco/kgoXAw2mRH2Xbrkc2CMAmumAPl47HF3r/bAXexFLXCaxcVgxbF5kDtRgixYOXG3G/rwZRcYmk2MJb05cCPQ/hcFgrSoJtNWEtfEASNzmCIxfA8BNwDkEHg0kH9~3618627~3687474; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:52:10 GMT; Max-Age=14400
X-Via: 1.1 kf182:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9da_kf182_7843-43455
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=d41f2929-9724-4455-b5f1-099c6e227072%3A0&_cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378&pv=2&f_cls_s=true
23.36.79.9200 OK 1.1 kB URL GET HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=d41f2929-9724-4455-b5f1-099c6e227072%3A0&_cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378&pv=2&f_cls_s=true
IP 23.36.79.9:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (4589), with no line terminators
Hash c19ae58f95991a4435f603df69ed4e72
1870f31fc1880fee0ff449617bddf79725a09321
29212b62de9154d5b89ae02eec1be138705f8a85c8fe72aea096587d20d23441
GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=d41f2929-9724-4455-b5f1-099c6e227072%3A0&_cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1143
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Fri, 02 Jun 2023 10:52:10 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=32a3f9ce; Secure; SameSite=None;HttpOnly;Secure
_cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0; Secure; SameSite=None;HttpOnly;Secure
_cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!/AtvLZkjeE2voHnpnNE5eVRfS7HzY+gFCaFmEukJUWFKagal93Fe/Fc2i/OtcsO8Ulb4uu0o9s/hdA==; path=/; Httponly; Secure
DCID=73oC9GrNF37GMZOu873C6ngy%2fNujw+Og15qu7ZTkCouxpcADu+eVfj9yP9M0cYbu; Domain=rubicon.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:10 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
23.36.79.26200 OK 16 kB URL GET HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
IP 23.36.79.26:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (599)
Hash aeccb854b0a76aa9f478e466c8011b29
625d31cbeb8978cf2419f58d14bba92a42dbb45c
7f0d10bc282c3d7b0eb4d7527303490f8d3b86a1c65e293c2d9f0793006441e6
GET /assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 Mar 2021 23:46:24 GMT
Vary: Accept-Encoding
ETag: W/"60401fd0-bbed"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15970
Date: Fri, 02 Jun 2023 10:52:10 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=e+DR24+Js0wkhPh0pCF4HQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/ga.js
23.36.79.32200 OK 20 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/ga.js
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (49163)
Hash 8402e9ebdf9290c018b0617018227681
2d840fcd6c3008d9aca747ba0ce056b496db8e1b
0b2af045acafbdf14516bf55f310568036ace959946d16edb1acebcd58029d22
GET /tracking/ga/ga.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-c025"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 19477
Date: Fri, 02 Jun 2023 10:52:10 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=vRNJAl2pDliLhVIVWBjsUw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/ga_conversion_async.js
23.36.79.32200 OK 14 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/ga_conversion_async.js
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (35846)
Hash 0a40602db7616a31c9da4548ee920190
878e01cb0c90cb247aabc137327655a6fcffcbd5
6c771bd1c269646a76015f2f6410a40c031e5adea88f665bfe9ae15a972ab6ab
GET /tracking/ga/ga_conversion_async.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-8c31"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 13593
Date: Fri, 02 Jun 2023 10:52:10 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=cvEqVJKZWvIQ+43ubHNSZA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--2449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130340&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130340&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130340&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=; ADRUM_BTa=R:27|g:0ab82985-93c3-475d-b5f4-1644ae76ea60|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:114; utag_main=v_id:01887bbc777b000adfaf7d228c2c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704930171$ses_id:1685703128955%3Bexp-session$_pn:1%3Bexp-session; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C29003968767081097468100894450337948515%7CMCOPTOUT-1685710330s%7CNONE%7CvVersion%7C5.2.0; dti_apg=%7B%22_rt%22%3A%22DTY2JO97iQ7F8CmqqCyI4oYHY8uQ2nrz8lQ3%2BQOAj5Q%3D%22%2C%22c%22%3A%22TDJ6c1RSc3A0ZzdvUFE0dA%3D%3Dva1jpAJddj_WiqAAwU9g7uAnyuI1qR93hoSdpKQgXloJ6wXBCc7XN4mY7p7JDtsln5jmZ36TSdZ2tZ8cYJl4spGK7G8GO5-f8_k%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2FW7xZ%22%7D; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378; _cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:11 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 10:52:10 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=I2vBoQbW187a6+vwuwMYw2eWnmnTNYudlwuR7LWHviE%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:10 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9da_kf182_7843-43456
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.a939a86ee26c77766c4a.chunk.js
23.36.79.24200 OK 308 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.a939a86ee26c77766c4a.chunk.js
IP 23.36.79.24:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 308 kB (307653 bytes)
Hash c85014374233a557bb0c3371506bb5a0
aeb987debdb406b79606440a165a027770ee03c7
79c53c9a2acedfe344e6246a510b6c7a687fb868006a15f7afd5886a1b88abf1
GET /accounts/static/7M/accounts/public/js/main.a939a86ee26c77766c4a.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 307653
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-4b1c5"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Fri, 02 Jun 2023 10:52:10 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=ZupxN8hdPzBGZ3de%2feEvsmdhaB3LcrCYMbPkiUhzHF4%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:10 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--2449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130467&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130467&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130467&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8 HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=; ADRUM_BTa=R:27|g:0ab82985-93c3-475d-b5f4-1644ae76ea60|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:114; utag_main=v_id:01887bbc777b000adfaf7d228c2c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704930171$ses_id:1685703128955%3Bexp-session$_pn:1%3Bexp-session; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C29003968767081097468100894450337948515%7CMCOPTOUT-1685710330s%7CNONE%7CvVersion%7C5.2.0; dti_apg=%7B%22_rt%22%3A%22DTY2JO97iQ7F8CmqqCyI4oYHY8uQ2nrz8lQ3%2BQOAj5Q%3D%22%2C%22c%22%3A%22TDJ6c1RSc3A0ZzdvUFE0dA%3D%3Dva1jpAJddj_WiqAAwU9g7uAnyuI1qR93hoSdpKQgXloJ6wXBCc7XN4mY7p7JDtsln5jmZ36TSdZ2tZ8cYJl4spGK7G8GO5-f8_k%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2FW7xZ%22%7D; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378; _cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0; _gcl_au=1.1.1978183931.1685703130
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:11 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 10:52:11 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=WncP3qhYfSjaddJUC5o0c+pfmqXy3XZC8H6toIhr6rg%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:11 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9da_kf182_7865-33050
www--wellsfargo--com--2449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130473&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-264163-16%7Etcm%3A91-223657-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130473&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-264163-16%7Etcm%3A91-223657-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130473&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-264163-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=; ADRUM_BTa=R:27|g:0ab82985-93c3-475d-b5f4-1644ae76ea60|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:114; utag_main=v_id:01887bbc777b000adfaf7d228c2c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704930171$ses_id:1685703128955%3Bexp-session$_pn:1%3Bexp-session; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C29003968767081097468100894450337948515%7CMCOPTOUT-1685710330s%7CNONE%7CvVersion%7C5.2.0; dti_apg=%7B%22_rt%22%3A%22DTY2JO97iQ7F8CmqqCyI4oYHY8uQ2nrz8lQ3%2BQOAj5Q%3D%22%2C%22c%22%3A%22TDJ6c1RSc3A0ZzdvUFE0dA%3D%3Dva1jpAJddj_WiqAAwU9g7uAnyuI1qR93hoSdpKQgXloJ6wXBCc7XN4mY7p7JDtsln5jmZ36TSdZ2tZ8cYJl4spGK7G8GO5-f8_k%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2FW7xZ%22%7D; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378; _cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0; _gcl_au=1.1.1978183931.1685703130
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:11 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 10:52:11 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=kZ+jOy5VauMhNdRCXlsww7k9dlknnshuMj8fCvK3IQ8%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:11 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9da_kf182_7810-10691
www--wellsfargo--com--2449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130462&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130462&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130462&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32 HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=; ADRUM_BTa=R:27|g:0ab82985-93c3-475d-b5f4-1644ae76ea60|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:114; utag_main=v_id:01887bbc777b000adfaf7d228c2c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704930171$ses_id:1685703128955%3Bexp-session$_pn:1%3Bexp-session; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C29003968767081097468100894450337948515%7CMCOPTOUT-1685710330s%7CNONE%7CvVersion%7C5.2.0; dti_apg=%7B%22_rt%22%3A%22DTY2JO97iQ7F8CmqqCyI4oYHY8uQ2nrz8lQ3%2BQOAj5Q%3D%22%2C%22c%22%3A%22TDJ6c1RSc3A0ZzdvUFE0dA%3D%3Dva1jpAJddj_WiqAAwU9g7uAnyuI1qR93hoSdpKQgXloJ6wXBCc7XN4mY7p7JDtsln5jmZ36TSdZ2tZ8cYJl4spGK7G8GO5-f8_k%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2FW7xZ%22%7D; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378; _cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0; _gcl_au=1.1.1978183931.1685703130
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:11 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 10:52:11 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=Sn2f6SPHEUB1iBUN4nXwTZ6g4GW+pjvtc7rP%2fTIS3oY%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:11 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9da_kf182_7891-29418
c1.wfinterface.com/tracking/ga/ec.js
23.36.79.32200 OK 1.3 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/ec.js
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (2771)
Hash 0ae62a83927125e9b9dfa97f89af9d3f
efb68f49f2b9b6b5567bf26a17015ede289e429d
618688d9849fef712931832c71e01be145d1791d6da917a702ab86a74ce66089
GET /tracking/ga/ec.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-aed"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1313
Date: Fri, 02 Jun 2023 10:52:11 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=SehbZsvNreSLDB1ED0IkPA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--2449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130455&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130455&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130455&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32 HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=; ADRUM_BTa=R:27|g:0ab82985-93c3-475d-b5f4-1644ae76ea60|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:114; utag_main=v_id:01887bbc777b000adfaf7d228c2c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704930171$ses_id:1685703128955%3Bexp-session$_pn:1%3Bexp-session; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C29003968767081097468100894450337948515%7CMCOPTOUT-1685710330s%7CNONE%7CvVersion%7C5.2.0; dti_apg=%7B%22_rt%22%3A%22DTY2JO97iQ7F8CmqqCyI4oYHY8uQ2nrz8lQ3%2BQOAj5Q%3D%22%2C%22c%22%3A%22TDJ6c1RSc3A0ZzdvUFE0dA%3D%3Dva1jpAJddj_WiqAAwU9g7uAnyuI1qR93hoSdpKQgXloJ6wXBCc7XN4mY7p7JDtsln5jmZ36TSdZ2tZ8cYJl4spGK7G8GO5-f8_k%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2FW7xZ%22%7D; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378; _cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0; _gcl_au=1.1.1978183931.1685703130
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:11 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 10:52:11 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=1HDxhBn77+eJ9+yj4+F1fRd5gtFy8IfmoiKQ%2fiklRAjOPOm1Vij%2fCIi++Q6lwH64; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:11 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9da_kf182_8210-12141
www--wellsfargo--com--2449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130477&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_sav_savingsprospectrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-264163-16%7Etcm%3A91-223657-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130477&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_sav_savingsprospectrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-264163-16%7Etcm%3A91-223657-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130477&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_sav_savingsprospectrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-264163-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=; ADRUM_BTa=R:27|g:0ab82985-93c3-475d-b5f4-1644ae76ea60|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:114; utag_main=v_id:01887bbc777b000adfaf7d228c2c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704930171$ses_id:1685703128955%3Bexp-session$_pn:1%3Bexp-session; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C29003968767081097468100894450337948515%7CMCOPTOUT-1685710330s%7CNONE%7CvVersion%7C5.2.0; dti_apg=%7B%22_rt%22%3A%22DTY2JO97iQ7F8CmqqCyI4oYHY8uQ2nrz8lQ3%2BQOAj5Q%3D%22%2C%22c%22%3A%22TDJ6c1RSc3A0ZzdvUFE0dA%3D%3Dva1jpAJddj_WiqAAwU9g7uAnyuI1qR93hoSdpKQgXloJ6wXBCc7XN4mY7p7JDtsln5jmZ36TSdZ2tZ8cYJl4spGK7G8GO5-f8_k%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2FW7xZ%22%7D; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378; _cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0; _gcl_au=1.1.1978183931.1685703130
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:11 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 10:52:11 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=3qavJhbD2%2fdJGQ5l9R4cjBSrWNoHAVx1Od9ebwXI1G0%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:11 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9db_kf182_8210-12144
www--wellsfargo--com--2449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130482&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130482&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130482&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=; ADRUM_BTa=R:27|g:0ab82985-93c3-475d-b5f4-1644ae76ea60|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:114; utag_main=v_id:01887bbc777b000adfaf7d228c2c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704930171$ses_id:1685703128955%3Bexp-session$_pn:1%3Bexp-session; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C29003968767081097468100894450337948515%7CMCOPTOUT-1685710330s%7CNONE%7CvVersion%7C5.2.0; dti_apg=%7B%22_rt%22%3A%22DTY2JO97iQ7F8CmqqCyI4oYHY8uQ2nrz8lQ3%2BQOAj5Q%3D%22%2C%22c%22%3A%22TDJ6c1RSc3A0ZzdvUFE0dA%3D%3Dva1jpAJddj_WiqAAwU9g7uAnyuI1qR93hoSdpKQgXloJ6wXBCc7XN4mY7p7JDtsln5jmZ36TSdZ2tZ8cYJl4spGK7G8GO5-f8_k%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2FW7xZ%22%7D; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378; _cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0; _gcl_au=1.1.1978183931.1685703130
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:11 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 10:52:11 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=JAHh%2fB39UTupeSkfJ8jKgcFKZl6b7B5EebKCgg2iO3CW8XgCebsr%2fRBMLg8tjTo7; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:11 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9db_kf182_7843-43463
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0&_cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378&pid=bc9c56b2-0613-46c7-bbe1-3d0e070a3c57&sn=1&cfg&pv=2&aid=
23.36.79.9200 OK 1.1 kB URL POST HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0&_cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378&pid=bc9c56b2-0613-46c7-bbe1-3d0e070a3c57&sn=1&cfg&pv=2&aid=
IP 23.36.79.9:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (4589), with no line terminators
Hash c19ae58f95991a4435f603df69ed4e72
1870f31fc1880fee0ff449617bddf79725a09321
29212b62de9154d5b89ae02eec1be138705f8a85c8fe72aea096587d20d23441
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0&_cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378&pid=bc9c56b2-0613-46c7-bbe1-3d0e070a3c57&sn=1&cfg&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 2802
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=32a3f9ce; _cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0; _cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1143
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Fri, 02 Jun 2023 10:52:11 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=32a3f9ce; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!BpeFbfw+71rJcerpnNE5eVRfS7HzY+REY0YVkvFurK3C6IaEQC4CcB0Vv9VtlauCvn75/0aBKnzvrQ==; path=/; Httponly; Secure
DCID=AAG3HWUDfwEi42SvZTQfR8sHuWlgzZpA+krlg7WLxmjSCaL9Q8M5cvETzL1cYXKT; Domain=rubicon.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:11 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--2449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130485&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=1
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130485&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=1
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130485&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=1 HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=; ADRUM_BTa=R:27|g:0ab82985-93c3-475d-b5f4-1644ae76ea60|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:114; utag_main=v_id:01887bbc777b000adfaf7d228c2c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704930171$ses_id:1685703128955%3Bexp-session$_pn:1%3Bexp-session; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C29003968767081097468100894450337948515%7CMCOPTOUT-1685710330s%7CNONE%7CvVersion%7C5.2.0; dti_apg=%7B%22_rt%22%3A%22DTY2JO97iQ7F8CmqqCyI4oYHY8uQ2nrz8lQ3%2BQOAj5Q%3D%22%2C%22c%22%3A%22TDJ6c1RSc3A0ZzdvUFE0dA%3D%3Dva1jpAJddj_WiqAAwU9g7uAnyuI1qR93hoSdpKQgXloJ6wXBCc7XN4mY7p7JDtsln5jmZ36TSdZ2tZ8cYJl4spGK7G8GO5-f8_k%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2FW7xZ%22%7D; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378; _cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0; _gcl_au=1.1.1978183931.1685703130
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:11 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 10:52:11 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=D0hZmAlqgyfZjjxZMkOLduLErufxb67DV4CHkdB8ObeEUPH8zXXzVTkLyvyUZ9L0; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:11 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9db_kf182_7865-33054
www--wellsfargo--com--2449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130490&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130490&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130490&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=; ADRUM_BTa=R:27|g:0ab82985-93c3-475d-b5f4-1644ae76ea60|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:114; utag_main=v_id:01887bbc777b000adfaf7d228c2c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704930171$ses_id:1685703128955%3Bexp-session$_pn:1%3Bexp-session; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C29003968767081097468100894450337948515%7CMCOPTOUT-1685710330s%7CNONE%7CvVersion%7C5.2.0; dti_apg=%7B%22_rt%22%3A%22DTY2JO97iQ7F8CmqqCyI4oYHY8uQ2nrz8lQ3%2BQOAj5Q%3D%22%2C%22c%22%3A%22TDJ6c1RSc3A0ZzdvUFE0dA%3D%3Dva1jpAJddj_WiqAAwU9g7uAnyuI1qR93hoSdpKQgXloJ6wXBCc7XN4mY7p7JDtsln5jmZ36TSdZ2tZ8cYJl4spGK7G8GO5-f8_k%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2FW7xZ%22%7D; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378; _cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0; _gcl_au=1.1.1978183931.1685703130
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:11 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 10:52:11 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=Fn3dw01KF81y9icliG84JegMvoEhSoEGHt5TEtps+%2fbaCv4jZlloF5QcOSSWzZSO; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:11 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9db_kf182_7810-10696
ort.wellsfargo.com/securereporting/reporting/v1/csp
23.36.79.17 0 B URL ort.wellsfargo.com/securereporting/reporting/v1/csp
IP 23.36.79.17:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /securereporting/reporting/v1/csp HTTP/1.1
Host: ort.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 3398
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Length: 0
X-Vcap-Request-Id: 80ed5d1d-d419-4624-5cee-91284eb49a0d
X-Xss-Protection: 1; mode=block
Date: Fri, 02 Jun 2023 10:52:11 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:0|g:2d7d1551-05ed-43e5-bfea-4850d0f40984; Max-Age=30; Expires=Fri, 02 Jun 2023 10:52:41 GMT; Path=/; Secure
ADRUM_BTa=R:0|g:2d7d1551-05ed-43e5-bfea-4850d0f40984|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Max-Age=30; Expires=Fri, 02 Jun 2023 10:52:41 GMT; Path=/; Secure
SameSite=None; Max-Age=30; Expires=Fri, 02 Jun 2023 10:52:41 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766; Max-Age=30; Expires=Fri, 02 Jun 2023 10:52:41 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:1; Max-Age=30; Expires=Fri, 02 Jun 2023 10:52:41 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:1|d:2; Max-Age=30; Expires=Fri, 02 Jun 2023 10:52:41 GMT; Path=/; Secure
DCID=Snc0mh2xxeXLWHbQEr2DZGy4gxO2%2f4tiz9peMYQ5gxwaZ3npwUznjgiu6cKCyTSw; Domain=ort.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:11 GMT;Httponly; Secure
_abck=D364C824F0DA28D0374C898D1D4860C5~-1~YAAQDU8kF9UczGyIAQAA74C8ewnafyzR+AupQ/ObYz0qtYARZ7pDVVWcAaMmIatUoC9hgqCG84veceKhSwRDQKcly+/L6w6q6NbeYXYjDvGWeu70LRPFfdWGNdsAkNuokRWbkmtREZ7uhe0z8Feban5IYhpTqG7SBE/Fm50PshqLv6OsEQUjtQ5rHBuxSTdFaRI+BRkNo+ElpxuLxD41WOcBUaqBwiqjttSlBS0ZhndqoEF8BjNMefZkLA3/4YBzmidUVwl8BfARAHB87WZN//78agAbE8otfRH6OogLjPEBhc80kq0vPhblGs0zLpTvoIPmvDd5wX5w1c3V6lhXOEVzNHH9/t8/lQxrfmAvbgQ4K47e15QPp1DFuhpfvfAd~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:52:11 GMT; Max-Age=31536000; Secure
bm_sz=B225EB1AA8A7F74C0B9424A58BE22D74~YAAQDU8kF9YczGyIAQAA74C8exO9jPAgUbzZixonibuv27WnMjcGYJPxsFmYUiDGcl0HqtLSxL0Vhrer5lOPV0/Htlt2+T4ZBJSmMfn3AfPb2IlEf29m/9xgIuHvz1cguk3lyCbM0XImmaWFtMt0r2zXljyIi0gA+u+/gqVKsKYUylSEAc0WJMyA1VtDq/PNTz9TFLYIWAREm4geSiJdbI9U6B3uMJ3EJ7S9D1OER4O/k2gB2bqVtxCOud+TX8y4ifbnxBsbAb5OHfEWQcilO65w4tztc9yWgz/GGcpLoPklZdcniw+J~3618357~3424820; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:52:11 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--2449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130499&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130499&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130499&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=; ADRUM_BTa=R:27|g:0ab82985-93c3-475d-b5f4-1644ae76ea60|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:114; utag_main=v_id:01887bbc777b000adfaf7d228c2c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704930171$ses_id:1685703128955%3Bexp-session$_pn:1%3Bexp-session; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C29003968767081097468100894450337948515%7CMCOPTOUT-1685710330s%7CNONE%7CvVersion%7C5.2.0; dti_apg=%7B%22_rt%22%3A%22DTY2JO97iQ7F8CmqqCyI4oYHY8uQ2nrz8lQ3%2BQOAj5Q%3D%22%2C%22c%22%3A%22TDJ6c1RSc3A0ZzdvUFE0dA%3D%3Dva1jpAJddj_WiqAAwU9g7uAnyuI1qR93hoSdpKQgXloJ6wXBCc7XN4mY7p7JDtsln5jmZ36TSdZ2tZ8cYJl4spGK7G8GO5-f8_k%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2FW7xZ%22%7D; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378; _cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0; _gcl_au=1.1.1978183931.1685703130
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:11 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 10:52:11 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=iqlVQbCFQbXF1ivE+uGbzJNTjKTl%2f%2f8saUBmUqy2Dx8%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:11 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9db_kf182_8210-12146
www--wellsfargo--com--2449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130507&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130507&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130507&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32 HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=; ADRUM_BTa=R:27|g:0ab82985-93c3-475d-b5f4-1644ae76ea60|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:114; utag_main=v_id:01887bbc777b000adfaf7d228c2c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704930171$ses_id:1685703128955%3Bexp-session$_pn:1%3Bexp-session; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C29003968767081097468100894450337948515%7CMCOPTOUT-1685710330s%7CNONE%7CvVersion%7C5.2.0; dti_apg=%7B%22_rt%22%3A%22DTY2JO97iQ7F8CmqqCyI4oYHY8uQ2nrz8lQ3%2BQOAj5Q%3D%22%2C%22c%22%3A%22TDJ6c1RSc3A0ZzdvUFE0dA%3D%3Dva1jpAJddj_WiqAAwU9g7uAnyuI1qR93hoSdpKQgXloJ6wXBCc7XN4mY7p7JDtsln5jmZ36TSdZ2tZ8cYJl4spGK7G8GO5-f8_k%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2FW7xZ%22%7D; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378; _cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0; _gcl_au=1.1.1978183931.1685703130
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:11 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 10:52:11 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=zXdcDOKK2etN4q1P1hze9hBF3gppi2b7F8vI2+ucUbk5FS4CK4jOBoozykdkI0RG; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:11 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9db_kf182_7843-43468
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.e50d6f2958b549874d2c.chunk.js
23.36.79.24200 OK 312 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.e50d6f2958b549874d2c.chunk.js
IP 23.36.79.24:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type gzip compressed data, max compression, from Unix\012- data
Size 312 kB (312228 bytes)
Hash 4cb24149d00076e7658706adcc8f0941
dbb0d193bf21e4ca06a15e94663c58f0fa0b52e5
4aba2794c6bf90b4e07211e9b455724a59d394ff0e7c243e3ed41a952750bd62
GET /accounts/static/7M/accounts/public/js/vendor.e50d6f2958b549874d2c.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 366646
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-59836"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Fri, 02 Jun 2023 10:52:10 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=V6uOx3zAkME8NwvyYlKJaRaVw%2fv4EpupKmXxWpcdyss%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:10 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
23.36.79.24200 OK 151 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
IP 23.36.79.24:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 151 kB (150672 bytes)
Hash 28c02cc5a2affa1774e1936092fab4b9
1e23a4f7fd4be7d1c0219b50a5fdd6e22a3bec9f
d652f8edf259219a6743af7e6edcf0e8462a8c377b1e0bcd29e3a29f7a22a80e
GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Allow: GET, POST, OPTIONS
Access-Control-Allow-Methods: POST
X-Frame-Options: SAMEORIGIN
ETag: W/"645d3f60-1854"
Last-Modified: Thu, 11 May 2023 19:17:52 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Fri, 02 Jun 2023 10:52:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
WesdAksn=AzF9vHuIAQAA29gSYIWfWZkoTVruLCcd6hbAL1a6hCGz_sRBzhiURIBqzWX6AVtaKpqcuNk0wH8AADQwAAAAAA|1|0|091550aae32f9598efbd07489e42d711a259e242; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=Yb9PRN0pu36xo6nYnaDabtO6S8Z4lDNldGCTRWsHtNc%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:10 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--2449329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.132.220200 OK 945 B URL POST HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2361), with no line terminators
Hash b537ebec530472e2e7dd03ab0bf3c225
b856cd83533e4b34eddd3e884a988919365bee80
d1fbf443a6c436714878a5306dd39d1f5e7ad63f429b6776eb3387ef4b029a9d
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 264
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=; ADRUM_BTa=R:27|g:0ab82985-93c3-475d-b5f4-1644ae76ea60|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:114; utag_main=v_id:01887bbc777b000adfaf7d228c2c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704930171$ses_id:1685703128955%3Bexp-session$_pn:1%3Bexp-session; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C29003968767081097468100894450337948515%7CMCOPTOUT-1685710330s%7CNONE%7CvVersion%7C5.2.0; dti_apg=%7B%22_rt%22%3A%22DTY2JO97iQ7F8CmqqCyI4oYHY8uQ2nrz8lQ3%2BQOAj5Q%3D%22%2C%22c%22%3A%22TDJ6c1RSc3A0ZzdvUFE0dA%3D%3Dva1jpAJddj_WiqAAwU9g7uAnyuI1qR93hoSdpKQgXloJ6wXBCc7XN4mY7p7JDtsln5jmZ36TSdZ2tZ8cYJl4spGK7G8GO5-f8_k%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2FW7xZ%22%7D; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378; _cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0; _gcl_au=1.1.1978183931.1685703130
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:11 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 945
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-46fbfe22-2a37-4e07-8ab5-21f74c58bf37' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:0ab82985-93c3-475d-b5f4-1644ae76ea60|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:114; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:136c479c-3786-462b-bb35-42db9d1712c6; Expires=Fri, 02 Jun 2023 10:52:41 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:136c479c-3786-462b-bb35-42db9d1712c6|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 10:52:41 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 10:52:41 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Fri, 02 Jun 2023 10:52:41 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:25; Expires=Fri, 02 Jun 2023 10:52:41 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=984648758C201FB147372E6A0FFE49FE; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 01 Jun 2024 10:52:11 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202306020352112101316097; domain=.wellsfargo.com; path=/; expires=30 May 2033 10:52:11 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!pU/ZGHe7kh77bIQGl7IZxfIs0wroUcEvxDl9hSsdPqVyoFMCOZ8sSnCYv6OPY1sF2iX6er1le0E+kZA=; path=/; Httponly; Secure
DCID=WjGDk3k6zGt+6RfwHB3wSOm5PduOczM+wWyiQ5yOoso%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:11 GMT;Httponly; Secure
_abck=FFFAABC23157F0580638D56FCE16DC53~-1~YAAQ2qDVF2JimDmIAQAAu4G8ewmMr95r0KiITrmnBy4JPzUMUoJ+ptEksIoNy9/O+o/RuVHDeLQBR4mtbovFcrG8LbxPJaeBT7nThFd0vWlm70L1c6fbtocBXSZdj2J9Xg/32JaX1YxwhfgVDQ2VPI/inV4fSPRwMaVSH9SlFTQcS/vGiBJEWnpQhlyON1NnH8RngXnxnMUT9FBu1ggu4kVnoghe/QM4bdP+UZBG3DlSVsEl5kkNkX3Y8pghn8PSuoqb0PIcIslD1zTtJjtOvqLov2RJuB+vMdQzgXt8vWpqL+Jz1j+/g1leaGvGGcz3ui3//TSo84000kn9B58izBy6O2T7Tq/MMzg2twVOibphfiV83zIuHvRJwAl4ewdO~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:52:11 GMT; Max-Age=31536000; Secure
bm_sz=E2DEF9218EC89B043C7719817C0C6B92~YAAQ2qDVF2NimDmIAQAAu4G8exPOQQdBHK/tOEixHcA7dFLtOqsUSidEpsQqwRKJC7vgH2r7L+8RPVrzLj9uWtapKSqzpMVkWG8DSY06Oyma/k1S8dmDPRLCyoCQCZCTAJybuyUy9E26rvIGWJYFWNfKNFjBbkWMe8yq3UTHd51MsiktdBl3iOeBqZwO+sOD2KhlL7F41G8gcLIfkLp5SZZXk4INBC1lSJ/qtkZVK8Q+GkjTOOl9GnfHaXlWxZP5TJIXasQ4D45UU/qxglWKJ31WBvZNnG/wYbCfa+hbR0DMJjZ2KpvK~3556152~3293746; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:52:11 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9db_kf182_7810-10700
www--wellsfargo--com--2449329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.132.220200 OK 969 B URL POST HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2437), with no line terminators
Hash a5380ac72e2e19b2b1fa4dd23e83a246
bbaba368fb02127a767282cd70eb55af795fcdad
4983b72310c083211d0364f9df560af8767df03913ce7fe26b63fffc73dbb49e
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 264
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=; ADRUM_BTa=R:27|g:0ab82985-93c3-475d-b5f4-1644ae76ea60|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:114; utag_main=v_id:01887bbc777b000adfaf7d228c2c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704930171$ses_id:1685703128955%3Bexp-session$_pn:1%3Bexp-session; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C29003968767081097468100894450337948515%7CMCOPTOUT-1685710330s%7CNONE%7CvVersion%7C5.2.0; dti_apg=%7B%22_rt%22%3A%22DTY2JO97iQ7F8CmqqCyI4oYHY8uQ2nrz8lQ3%2BQOAj5Q%3D%22%2C%22c%22%3A%22TDJ6c1RSc3A0ZzdvUFE0dA%3D%3Dva1jpAJddj_WiqAAwU9g7uAnyuI1qR93hoSdpKQgXloJ6wXBCc7XN4mY7p7JDtsln5jmZ36TSdZ2tZ8cYJl4spGK7G8GO5-f8_k%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2FW7xZ%22%7D; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378; _cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0; _gcl_au=1.1.1978183931.1685703130
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:11 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 969
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-9f0b8766-48d1-470c-9cd0-a762b5ae5333' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:0ab82985-93c3-475d-b5f4-1644ae76ea60|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:114; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:1ef5a035-0ebd-4e49-960b-b8bb2d5885ad; Expires=Fri, 02 Jun 2023 10:52:41 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:1ef5a035-0ebd-4e49-960b-b8bb2d5885ad|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 10:52:41 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 10:52:41 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Fri, 02 Jun 2023 10:52:41 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:56; Expires=Fri, 02 Jun 2023 10:52:41 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=BA668F14B36FBE6CAE06007AA4D76817; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 01 Jun 2024 10:52:11 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120230602035211765738356; domain=.wellsfargo.com; path=/; expires=30 May 2033 10:52:11 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!g9LVLmROAOn2uLoMntjHYqEj2JIOPFjYSoS7vHpWItW3kB7ZthFjYMlEavK07YLCv087BHGVgLcK9+M=; path=/; Httponly; Secure
DCID=5zei6brn6Oy0mG+MlmvZAH7Y3WC2IqCDdaXHyPBFypjwUBKFWwz%2fbt2iQWAn6Qgv; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:11 GMT;Httponly; Secure
_abck=F727E86E8B65F1A017AD368B72E4DA66~-1~YAAQ4KDVF6sPuXiIAQAAv4G8ewkVDSLBiw2+VoZf9vkb5XgiFC6KgcESm2zFB9jidaVdjwb9og0/+vkM+L4z9gaa8UEiyr9gexH1j7agOG1nuIpsaOwqVx7a5S55R/1NWiqDf/J0+B7EqDEaG525scaQ/fEPycYdZIRWibUsJQ6O3OB9XM64tBP+rhmY49uXvaFcefqXntS06aUs1Mt8zNHVFb3PE7qktKoVTHlY9ISZ021S5muRiwJwqYRkIKB4JLWKNZJDE+51Pmb4xdzfjxyVNkR5FsEqEtaRBpPiArd45K3hB/rp5kxhcZcpPAuzs6K6bwKvqxawKOMmrgEWnaYRi1WeB3RYasMnseJtq9/ahm9TiL2sWhZM63ATEUh2~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:52:11 GMT; Max-Age=31536000; Secure
bm_sz=A683D8F39E8AA62EB06782AF08396A45~YAAQ4KDVF6wPuXiIAQAAv4G8exOXRIi+3N77I5K6l2ucoPBhqWS8xf3sjSGrJuKDAqIeZ3h1vQrrrfXBpF94vq49pC/qj0ydudmMkFepf9JL2yRTMDGiHw89LAWd9yM99H5P/GVACKGxFw7wNiDOPdzecwJXe1TN+3D8IOS4IgJPprJ0CGqkiTsW8CnwSjFfk6zbzGtc8ULFRpstjh8F3HqPnIiVAO3B//ZXrCpY2l3zxhm66o/RNQHfY65Gn+hoyXKXKLmNf2hfNAyZLVj8bhh9KnumsmfL9f49J0Hg4VTKnuG4hf+J~3556152~3293746; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:52:11 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9db_kf182_7865-33056
www--wellsfargo--com--2449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130503&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130503&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130503&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3 HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=; ADRUM_BTa=R:27|g:0ab82985-93c3-475d-b5f4-1644ae76ea60|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:114; utag_main=v_id:01887bbc777b000adfaf7d228c2c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704930171$ses_id:1685703128955%3Bexp-session$_pn:1%3Bexp-session; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C29003968767081097468100894450337948515%7CMCOPTOUT-1685710330s%7CNONE%7CvVersion%7C5.2.0; dti_apg=%7B%22_rt%22%3A%22DTY2JO97iQ7F8CmqqCyI4oYHY8uQ2nrz8lQ3%2BQOAj5Q%3D%22%2C%22c%22%3A%22TDJ6c1RSc3A0ZzdvUFE0dA%3D%3Dva1jpAJddj_WiqAAwU9g7uAnyuI1qR93hoSdpKQgXloJ6wXBCc7XN4mY7p7JDtsln5jmZ36TSdZ2tZ8cYJl4spGK7G8GO5-f8_k%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2FW7xZ%22%7D; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378; _cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0; _gcl_au=1.1.1978183931.1685703130
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:11 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 10:52:11 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=qWZGpmsLU1I+BaMoMBFSWXdWVYA13rSXWTaQjC7YR2o%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:11 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9db_kf182_8210-12149
www--wellsfargo--com--2449329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.132.220200 OK 968 B URL POST HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2436), with no line terminators
Hash dcb64233c1330111409d6fb26e706c63
053ee06f71a8579c8a08cdad03c7cdb4b371188e
23bd1a085133ba646733cf91c5b080b9abd1ab8495688ab800a2329dcc728ed3
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 262
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=; ADRUM_BTa=R:27|g:0ab82985-93c3-475d-b5f4-1644ae76ea60|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:114; utag_main=v_id:01887bbc777b000adfaf7d228c2c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704930171$ses_id:1685703128955%3Bexp-session$_pn:1%3Bexp-session; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C29003968767081097468100894450337948515%7CMCOPTOUT-1685710330s%7CNONE%7CvVersion%7C5.2.0; dti_apg=%7B%22_rt%22%3A%22DTY2JO97iQ7F8CmqqCyI4oYHY8uQ2nrz8lQ3%2BQOAj5Q%3D%22%2C%22c%22%3A%22TDJ6c1RSc3A0ZzdvUFE0dA%3D%3Dva1jpAJddj_WiqAAwU9g7uAnyuI1qR93hoSdpKQgXloJ6wXBCc7XN4mY7p7JDtsln5jmZ36TSdZ2tZ8cYJl4spGK7G8GO5-f8_k%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2FW7xZ%22%7D; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378; _cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0; _gcl_au=1.1.1978183931.1685703130
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:11 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 968
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-eb3638ee-0a46-480f-984d-7c8dcd5ce699' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:0ab82985-93c3-475d-b5f4-1644ae76ea60|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:114; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:8949b3d4-8ba6-486c-b98b-0624cd4f221e; Expires=Fri, 02 Jun 2023 10:52:41 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:8949b3d4-8ba6-486c-b98b-0624cd4f221e|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 10:52:41 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 10:52:41 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Fri, 02 Jun 2023 10:52:41 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:20; Expires=Fri, 02 Jun 2023 10:52:41 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=F83FC7FB573F533012B87FF3DED9BF61; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 01 Jun 2024 10:52:11 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202306020352111845188992; domain=.wellsfargo.com; path=/; expires=30 May 2033 10:52:11 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!F00Pw+D42wd+e2IGl7IZxfIs0wroUZhTn2zP2OzJ1WztzSGIMPsiX2tfznYKmge+yIoFbFs5fVK6EZE=; path=/; Httponly; Secure
DCID=2oN%2frdD2o5pYe6w06jENkR04nIGvQqjJwLZvp2xYOko%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:11 GMT;Httponly; Secure
_abck=27C37CD0E9B428C7600938F16CD07229~-1~YAAQ4KDVF7APuXiIAQAAHIK8ewkO/3nuMW/cmzRcXPiTbWg32yKAgq1jq/sa0E+45Rrp1F/fJqSJH+POrxu1h0nJNel+jNtkFK0rUX9rJiz0p12tId3jDfFHypArB6INSRs4KhtrITb+uFkXuYdI1O2YpsqZ2Wz4yJq3nWW5F8KZ6doPD8bxK4rsLP/tCG2DFBr7P31AwCs0VMxLkg4dLHH41X9JElZ9GUtnsSerfNKdrNL3McCX8y/pF2E069vwrQnCvZVo9/7msbJHXCooyGngZXpsVTHq0EFl1eEOz06kW7jAiAKfRFjBQ8vZcSkAI/9fCyLKY5u4slUXIZqn74lzzXHBXabUnfdVg5qUy/hsWpH2rAI0gt9kzIB7f5ql~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:52:11 GMT; Max-Age=31536000; Secure
bm_sz=F402E78BB60C02075B19183EB412E8BF~YAAQ4KDVF7EPuXiIAQAAHIK8exO6g0Olm2av+YWi4W20leDS7RW40+EKRNh8GoxIwyAVkb0ZgS8TrVBs/76kO6NAZPOHiZMRBd9n424Wr5AjAfpdpDEJNWGHC2dObJt6gk4nFmLkqI0RtFTKKBsEmd3gKu5loqI51h/KZbfYiLmq0YYTwHJL+6kcmo9MCgHe9k09IjC7wloAjmOGDnCKbYKsFMMjO4e9W+qNAoI5sLGqyCEYhLa4+h4Lh3jy2Xo/bSTYTPwGE7piyv0NX6UcZUJ2shRFDTEEFeo9wkhX7JNjqeKzg3zZ~3556152~3293746; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:52:11 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9db_kf182_7843-43474
www--wellsfargo--com--2449329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.132.220200 OK 972 B URL POST HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2440), with no line terminators
Hash df7da5c0b696acbf0fadd943aca3ff4e
1d1ee4e68f5d9f66eeaf4c05b7aac280d120b932
8fc9701dbeb8bc6a532ecb44353ce3eda000879d2d562d1c38cfba38e3e01961
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 266
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=; ADRUM_BTa=R:27|g:0ab82985-93c3-475d-b5f4-1644ae76ea60|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:114; utag_main=v_id:01887bbc777b000adfaf7d228c2c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704930171$ses_id:1685703128955%3Bexp-session$_pn:1%3Bexp-session; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C29003968767081097468100894450337948515%7CMCOPTOUT-1685710330s%7CNONE%7CvVersion%7C5.2.0; dti_apg=%7B%22_rt%22%3A%22DTY2JO97iQ7F8CmqqCyI4oYHY8uQ2nrz8lQ3%2BQOAj5Q%3D%22%2C%22c%22%3A%22TDJ6c1RSc3A0ZzdvUFE0dA%3D%3Dva1jpAJddj_WiqAAwU9g7uAnyuI1qR93hoSdpKQgXloJ6wXBCc7XN4mY7p7JDtsln5jmZ36TSdZ2tZ8cYJl4spGK7G8GO5-f8_k%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2FW7xZ%22%7D; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378; _cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0; _gcl_au=1.1.1978183931.1685703130
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:11 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 972
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-6abf218e-723d-469c-929c-6a9c66f16ab3' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:0ab82985-93c3-475d-b5f4-1644ae76ea60|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:114; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:b5d76c52-4248-4a32-b384-ddf79768c067; Expires=Fri, 02 Jun 2023 10:52:41 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:b5d76c52-4248-4a32-b384-ddf79768c067|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 10:52:41 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 10:52:41 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Fri, 02 Jun 2023 10:52:41 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:84; Expires=Fri, 02 Jun 2023 10:52:41 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=56E0E774EFFF9F1583E8B3BD66DD85EE; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 01 Jun 2024 10:52:11 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202306020352111346509680; domain=.wellsfargo.com; path=/; expires=30 May 2033 10:52:11 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!2/XljrQhE2V3QkAGl7IZxfIs0wroUYt07SyTS+eI2Jm3S7cG37UNRIVLrzDCiboE+MWBlGaHgxtyxEo=; path=/; Httponly; Secure
DCID=oWbS1mkuwTGkvThQUTeqytOCs3varO5RBuOWVwCvv3w%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:11 GMT;Httponly; Secure
_abck=CA85CBF4EF3D6F4BCED235DB7EA48AF9~-1~YAAQ2qDVF2RimDmIAQAARYK8ewmBEoNKobMf2xcLZL8bUu726yVXNlOzVZ3IO2Og/k5WPtNvKOxuEW9kL/vENjzKknXmJu8nlsmZkdSPihkvNxYAnSnCzf2dDwSf9m5sHOS00Tu9zZFsv8q0Xd8ignczWFuHKCTFT9zPDhPlaWCe80pfTgiKgUFKBRsqFx+aqINMt0xm+d7BKkwNPWJMuIGHx2QzW3xG1+rwXAFeHxzP3L5ZcrHDWdly5MaGy7lNnWi6ZYcB3vuOC5u+INDTUGX0kgToySLoLZtgX7LaYLNlr8QjGHVmSaH2pWC1P9+yt5uYQMMIOujz+qMdVGRqQt6DPUKYrdyZlZ3bTYF9OJxwxlgHdzGD7rgLO56HssaC~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:52:11 GMT; Max-Age=31536000; Secure
bm_sz=31C8D30237653CB1423F5E297B2FB4E2~YAAQ2qDVF2VimDmIAQAARYK8exMd6gm/fuAYTzzYCFuDdv3RVkK+QqLNXtDmtGU2I+631hlEqaaPDkmo/phaNscQkhz0SXi+RDq8a4pXmvSOYdRQNA9S3KyVBXC21LP7tHwIlgSj6l/1CtcIFqH/693Lco1VaX91HaqBnCFVfuhMyWCkt2pngHxgnj2HSyL6UZV54jIgj1kuhP5DYQ5yIlDII8kTlOz3xWoHT8O1dBj1OLkYRS3ReRVmDIyZ1rstmzMj8YFKooqvtib45gx1yCq4Uphe3munCnaEQ8ikE1ZsFHqIskL9~3556152~3293746; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:52:11 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9db_kf182_8210-12153
connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
23.36.79.24200 OK 607 B URL GET HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
IP 23.36.79.24:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with CRLF line terminators
Hash 566dda94252f1860a7a28665c715b530
6aa0455dc8ea41441b1f3a733985758dc40af736
43dd833f33570535401d009e6b6f9cde54bdac4e210fc6c89cfdcfcbaa9fc903
GET /auth/static/prefs/atadun.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 11 May 2023 19:12:37 GMT
Vary: Accept-Encoding
ETag: W/"645d3e25-4a0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Content-Encoding: gzip
Content-Length: 607
Date: Fri, 02 Jun 2023 10:52:11 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=9tzWiN3E4W0N+qcd4sSFHZYh8AMvP5yMe+SzcDtWGto%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:11 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.7921751673464478
23.36.79.24200 OK 137 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.7921751673464478
IP 23.36.79.24:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 137 kB (136585 bytes)
Hash c64d76eeff7fcec75f770e3a36b3ebc5
0b922c45bf154593e69a4324d364436aba42c38a
0815723d8b9d144d959fed2e43d3eedbdda619f4ca69bad208d85a7121dcb6c3
GET /AIDO/mint.js?dt=login&r=0.7921751673464478 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 136585
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 02 Jun 2023 10:52:12 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=OQLi+dEic+p3US7DjEpISdt8On0IknRRwuZpxaLqaPOZvWtYq6F2%2fc1k0z22POWe; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:12 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/AIDO/glu.js
23.36.79.24200 OK 37 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/AIDO/glu.js
IP 23.36.79.24:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash d5f571075ac00eb9f9e774992770ffe2
607b4b2cc579ddccbc163d0c83be6a448c280fe7
1d16e583433e2ef71ff93cf3423b5263fb95fe5a5cd8f88f1d8c06b65cceb0bb
GET /AIDO/glu.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 37186
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, OPTIONS
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Encoding: gzip
Date: Fri, 02 Jun 2023 10:52:12 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=zIR7ErmRcRUSC%2f4rF9EXW0MrA0r0PYTlAwPARvrbvxYaUPArqBJv4ENPK8vNDrC2; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:11 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/jenny/nd
23.36.79.24200 OK 18 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/jenny/nd
IP 23.36.79.24:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (2293)
Hash e9dbad27a6a74abca727ba3e412e9959
5a910aa83fc9a3a80db23230b8564a449202ce35
d7c753476558b8a72ad63685d927e7cd18807fced85394fcc9b4d5f40c5c3895
GET /jenny/nd HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/javascript;charset=ISO-8859-1
Content-Length: 17983
Date: Fri, 02 Jun 2023 10:52:12 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:55|g:2f114c59-50f8-41ac-9481-6bc709a0df9f; Expires=Fri, 02 Jun 2023 10:52:42 GMT; Path=/; Secure
ADRUM_BTa=R:55|g:2f114c59-50f8-41ac-9481-6bc709a0df9f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 10:52:42 GMT; Path=/; Secure
SameSite=None; Expires=Fri, 02 Jun 2023 10:52:42 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812; Expires=Fri, 02 Jun 2023 10:52:42 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812|e:4; Expires=Fri, 02 Jun 2023 10:52:42 GMT; Path=/; Secure
ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=41h4W21vU%2fyq7bL5akEr%2fIfO2LKRVgOU47lRds34tDgeYgKfhtLez6FbvjzhS6%2fU; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:12 GMT;Httponly; Secure
_abck=51E1C8E11FFEB5FFF055D35F5C361556~-1~YAAQFE8kF2lQ32+IAQAAyYW8ewlPWZNL8fRGHd61i01bB8wHx/wvEz3Dk+52bmorJIdxFJxLLNiedF9Vf8RRyD2gg+rZSwtykeUOQnCQh1J7Pvp1S0PL+ebiX0sJPGg/vFwMyRPxdbapCaRoLBlJ93jXJhvvRQ1aSbcxF67xIl5GTRWI8jrtuzuNCBvipDMqjsv8EZvnX3ZV48QlRzFi0Q9u98JKpjqMeL9xhzpGmeH7yKpaz5Dpv2sFSS31Q5qcKSB4j6zyetLh7APFlqKuwwUgTEO2qXGFGKUED1FchOViQFTqboXvvPhASAyZGL/SyJDxqU8DWfpdOjKFERQjoNH1w+pk6CidT5t8nwvw74dzxUWtxhrlHTOs93ZGEiZT~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:52:12 GMT; Max-Age=31536000; Secure
bm_sz=68793440BFE88242AF512570A94180C1~YAAQFE8kF2pQ32+IAQAAyYW8exOU++8fZQ20lI3UNWxsRukIuBLatMz1u1KR8BHnZwI4feUVT3i84Ry0IkyNDqjFF7aMzmg+9aYZE8LDRHlFwTdafKRpWiOCgKMKmMctaSdaukWORAC5EBJ0rV073o2YOJqRKuMpE8efUKK73aq4tconb4E01qZsIlOEJ3SeA9fdsEaAs7w2fCIV9XFBHuNG41hAiHTQE4GP8xgzgH94xh/SfbwLueRXeYhFRxTJX0X+Bv5sson+cD12kpuGwumCretmneYt78dlwzXZ7Hx1jV2lWZvI~4538679~3420728; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:52:12 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--2449329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
163.171.132.220200 OK 134 B URL POST HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 306c4b68a04a63238e456a7bc0e1d3cb
1db5a53e103fd9bcfee037cc65c88143fe04c61f
79c76b291904a0d64fff502949e07c2fe0f70344933e489b9938d578ce47a30f
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/dip/v1/dip HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
ADRUM: isAjax:true
Content-Length: 2044
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=; utag_main=v_id:01887bbc777b000adfaf7d228c2c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704930171$ses_id:1685703128955%3Bexp-session$_pn:1%3Bexp-session; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C29003968767081097468100894450337948515%7CMCOPTOUT-1685710330s%7CNONE%7CvVersion%7C5.2.0; dti_apg=%7B%22_rt%22%3A%22DTY2JO97iQ7F8CmqqCyI4oYHY8uQ2nrz8lQ3%2BQOAj5Q%3D%22%2C%22c%22%3A%22TDJ6c1RSc3A0ZzdvUFE0dA%3D%3Dva1jpAJddj_WiqAAwU9g7uAnyuI1qR93hoSdpKQgXloJ6wXBCc7XN4mY7p7JDtsln5jmZ36TSdZ2tZ8cYJl4spGK7G8GO5-f8_k%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2FW7xZ%22%7D; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378; _cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0; _gcl_au=1.1.1978183931.1685703130; _ga=GA1.2.734689497.1685703131; _gid=GA1.2.1437754246.1685703131; _gat_gtag_UA_107148943_1=1; ISD_WCM_COOKIE=!2/XljrQhE2V3QkAGl7IZxfIs0wroUYt07SyTS+eI2Jm3S7cG37UNRIVLrzDCiboE+MWBlGaHgxtyxEo=; ADRUM_BTa=R:27|g:b5d76c52-4248-4a32-b384-ddf79768c067|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:84
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:12 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 134
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
X-Akamai-Transformed: 9 206 0 pmb=mTOE,1
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=B%2fqB5qoagHLGEmsi1xVjwb157v44f2ibBO7FYX+k50w%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:12 GMT;Httponly; Secure
_abck=3CCFA2C6A3B224D5D78AAD500CFC5E18~-1~YAAQ4KDVF8EPuXiIAQAAxoW8ewlXeOxS5rFNlfakbo1t4g+U76EiQmjP5pueYSWY3jl1NlSzLjep9kqKDaTN2tKn5Czvb3s2FdrPiBg6eJMbEWcWAywPCuHCu99zQSN10YOKfX/s0Wee1sRUapSjqefDQXHceAjQJpGz0EzP7kjtFGDXi782CgE6R+zI9uZNnSot1x5XFBXyD4K+m3bkyEOqCkKUgZAuufK3kOY+HSFVKZkxH5yuWNXpKdEI/xnQ6IRIagECZw2aF0BFenUNBdhKznURN7cV0wv/7veDX7mzzpCWyZCQ+o5rqv1lLp5tvtlP2SbH8/A5TBJGB9G4UxSwUQehwq0nVu/Bc6s3suDiEwaL1gjmmKCss4ZdR6gy~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:52:12 GMT; Max-Age=31536000; Secure
bm_sz=0850E763A83B05CAC6CFCA002ED32BAD~YAAQ4KDVF8IPuXiIAQAAxoW8exPvOMoQIcTnwyf26OL53n3R+9/dpMz39w1CUSJuPvl/M2moEWFrgyCYSZoEd6ZhJwpI79F+63MePCiSfuaZzo7zimV1QBnh6BN/I93aFFLu5zen5iPJyKBAOoZdAiBbIQ61AxSNpbeDgk6hs94HmiKMS1h3piOy7UAsMOcxHVpBHK2TkkvIFquM9yYauMLzkWzKVpfhmWlcndwoF00j4jgwWrwZfQz0TGj2WhyVmpN8LgR/DNxlMkISqdkN1sjqauNWyWSADVQrbSv3fGoXtcsQpKup~4337729~3421508; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:52:12 GMT; Max-Age=14400
X-Via: 1.1 kf175:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9dc_kf182_7843-43505
connect.secure.wellsfargo.com/PIDO/pic.js?r=0.5835821971705266
23.36.79.24200 OK 52 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/PIDO/pic.js?r=0.5835821971705266
IP 23.36.79.24:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash c45db42c41e6f9cfafd5de9f472ce921
fbf06ed87204e86bf317d850e4fb8d7f72cc58ef
efd6b04d5b2ad971741ce732202cce002e9e5b70aba76213655f3d5ec10c0be1
GET /PIDO/pic.js?r=0.5835821971705266 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 52526
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 02 Jun 2023 10:52:12 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=lihgu8NXwk8ZVgWSmnUn8xoxqMwN6KN0%2fgiulZoeNYg%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:12 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
52.27.22.254200 OK 90 B URL POST HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP 52.27.22.254:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.eum-appdynamics.com
FingerprintFC:48:9F:81:33:3D:2B:6F:D9:CA:C8:3B:5F:11:C2:DC:DE:71:48:F5
ValidityTue, 14 Jun 2022 00:00:00 GMT - Sat, 15 Jul 2023 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 5ef18eebe4541d695afd6edb36777219
8b620e0d205a33698ff9b78afb12aa862a0c7fbc
f409087b2d61834529cef9ce870abd4d7ec1fc6326d10d6abfff9b1cf6037c78
POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 11128
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Jun 2023 10:52:12 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:55|g:9d4cd2e8-7a87-4384-bf79-69e341a8dea6; Path=/; Expires=Fri, 02-Jun-2023 10:52:42 GMT; Max-Age=30
ADRUM_BTa=R:55|g:9d4cd2e8-7a87-4384-bf79-69e341a8dea6|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e; Path=/; Expires=Fri, 02-Jun-2023 10:52:42 GMT; Max-Age=30
SameSite=None; Path=/; Expires=Fri, 02-Jun-2023 10:52:42 GMT; Max-Age=30; Secure
ADRUM_BT1=R:55|i:559461; Path=/; Expires=Fri, 02-Jun-2023 10:52:42 GMT; Max-Age=30
ADRUM_BT1=R:55|i:559461|e:9; Path=/; Expires=Fri, 02-Jun-2023 10:52:42 GMT; Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
www--wellsfargo--com--2449329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
163.171.132.220200 OK 265 B URL POST HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 09bd788b8004d6ac2c015506f681f876
470cb2a655c3a4ee6499ba4346cac7fd36377a83
e8eacedcec054f7e40cbe0c29efa80d6d67e9a6dc1976495750065687373a4bb
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/imp/v1.0/report/?m&fq=load HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
content-type: text/plain;charset=UTF-8
Content-Length: 852
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=; utag_main=v_id:01887bbc777b000adfaf7d228c2c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704930171$ses_id:1685703128955%3Bexp-session$_pn:1%3Bexp-session; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C29003968767081097468100894450337948515%7CMCOPTOUT-1685710330s%7CNONE%7CvVersion%7C5.2.0; dti_apg=%7B%22_rt%22%3A%22DTY2JO97iQ7F8CmqqCyI4oYHY8uQ2nrz8lQ3%2BQOAj5Q%3D%22%2C%22c%22%3A%22TDJ6c1RSc3A0ZzdvUFE0dA%3D%3Dva1jpAJddj_WiqAAwU9g7uAnyuI1qR93hoSdpKQgXloJ6wXBCc7XN4mY7p7JDtsln5jmZ36TSdZ2tZ8cYJl4spGK7G8GO5-f8_k%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2FW7xZ%22%2C%22diA%22%3A%22AdzJeWQAAAAAO4DFSA5pmfioaETdC5B3%22%2C%22diB%22%3A%22AcqJRvpzfD724TiLeTUSJCk5Kh9nDZLN%22%2C%22_fr%22%3A10000%7D; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378; _cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0; _gcl_au=1.1.1978183931.1685703130; _ga=GA1.2.734689497.1685703131; _gid=GA1.2.1437754246.1685703131; _gat_gtag_UA_107148943_1=1; ISD_WCM_COOKIE=!2/XljrQhE2V3QkAGl7IZxfIs0wroUYt07SyTS+eI2Jm3S7cG37UNRIVLrzDCiboE+MWBlGaHgxtyxEo=; ADRUM_BTa=R:27|g:b5d76c52-4248-4a32-b384-ddf79768c067|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:84; LSESSIONID=eyJpIjoiRWFUYTh4aWFDUlRKaWdGUWdHR3d1dz09IiwiZSI6IlM4dkF6RnFKZ2xsaVB3U2xoa1FhRjBUMkVva0QwbHR6VHVHXC9hNXR0UXU2UU5ySWhLVjdWMjg0U0dhNVQ2a0dkK1VuQUhCc1FBdHEyTlRNNjd5ODE3dTlkM3doTEJ5V0NEeFNWVHJuV2RmT3FicllsdksybnJyM1Y1QUgwSTExajg5allBdm01ZDdvRk43ekpMZHBObGc9PSJ9.8b59f3fa1c713a2f.MjE0YjliZTMxMmY1YzBiNTFlYTc3ZjY4YTBiNDAwNzdkMjllYzZlYzQwYjE1Yzg5ZGMxYWZjOWVmOTJmYjhhNQ%3D%3D; _imp_di_pc_=AdzJeWQAAAAAO4DFSA5pmfioaETdC5B3; ndsid=ndsammerf6jx26lieg4dc5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:13 GMT
Content-Type: text/plain
Content-Length: 265
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=njqJS4MZ7KPRbWRrAY8ofjiHKDOKtbopQv9g%2fiVFKww%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:13 GMT;Httponly; Secure
_abck=947DDC2F0BBCD8BCD31C3770289A1784~-1~YAAQ2qDVF2pimDmIAQAADYq8ewkeeDeV9ioj+hA4r8h7CL3lGQ0Zniv070Xfu6DEpaseJoHcJUTGiyqitWcEfB1Gwgtr96eQIWZrK392U4UPCco3JYtcT9OZDzSHc3XZAriEt4e3S1OBtpbc8eDL6mlmbHQ+SBL5YvucRKRr5x18v7/0ZaoXauIfqW5iO8jM0iNVGID3D4W/9rUbm7Cywg3FPAUApkHS+FcMELABZ0D+nWjbKx3S+XpwcHaks9/Su6PXm+vL92xomADVsoYjLXjcD0rhCaOMEJ+ypg/sOMOq1geRpfhR90zf1k6VfiHbDI4OWhpB4cJ305FCOa0JO0VLxlCH+ezRv8Qv5Wt4hof/klwAQuWWlKupKk2NxYcC~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:52:13 GMT; Max-Age=31536000; Secure
bm_sz=33EFBA85D790851EEC2FB1B51843E6D3~YAAQ2qDVF2timDmIAQAADYq8exNRxoWyb4UJbPYzZBTP9h7EOaKKir4gYQ1K0neOodTmA6fm3Kz0mLGGtc1OfmYuC5qe4EDO+7klH90qkUNHmTwSnOS/c72k306hHyasqtGIMPAut7yH6q3knWkjEQGokjp6MmCCjx6T6qjE9SWTShyXkjuYv2RcRYbMbSmxVIVnXV2VYeDWVBpqjIyxbdA/bCg0ycr259e6bN9qcK8sqh0qTTBAL9IpF6iPgtFiIh14dcG4jlnUWWs8thtKlfQf3YhC2FPqy1XwUQ/JuSWVGyiSyjOh~3420229~3420982; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:52:13 GMT; Max-Age=14400
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9dd_kf182_7843-43578
www--wellsfargo--com--2449329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?x
163.171.132.220200 OK 0 B URL POST HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?x
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/imp/v1.0/report/?x HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
content-type: text/plain;charset=UTF-8
Content-Length: 296
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=; utag_main=v_id:01887bbc777b000adfaf7d228c2c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704930171$ses_id:1685703128955%3Bexp-session$_pn:1%3Bexp-session; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C29003968767081097468100894450337948515%7CMCOPTOUT-1685710330s%7CNONE%7CvVersion%7C5.2.0; dti_apg=%7B%22_rt%22%3A%22DTY2JO97iQ7F8CmqqCyI4oYHY8uQ2nrz8lQ3%2BQOAj5Q%3D%22%2C%22c%22%3A%22TDJ6c1RSc3A0ZzdvUFE0dA%3D%3Dva1jpAJddj_WiqAAwU9g7uAnyuI1qR93hoSdpKQgXloJ6wXBCc7XN4mY7p7JDtsln5jmZ36TSdZ2tZ8cYJl4spGK7G8GO5-f8_k%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2FW7xZzyrPXR%2FLnmsKmX7%2B%22%2C%22diA%22%3A%22AdzJeWQAAAAAO4DFSA5pmfioaETdC5B3%22%2C%22diB%22%3A%22AcqJRvpzfD724TiLeTUSJCk5Kh9nDZLN%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%229OK62M9NSpyOty5gPotMVg%3D%3DdimhYW71wNNNOVPrq2uzreLfMt6g0Q05m2zVPp1RYUmJSxPz8utxMrM8anniup1_w2J29HySJJVe3Bo4H0W78wGlpsXDg67N-nt08BKMvAemdm1Gltbhq16bO4TBY98W1YPuMAIMkPAW8nBeIplfKQgSSAADSV9Je9dX5Vl-ou9gSR2GtiuxnCil%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VeAvaf7x6m1HgC8Ug%3D%22%7D; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378; _cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0; _gcl_au=1.1.1978183931.1685703130; _ga=GA1.2.734689497.1685703131; _gid=GA1.2.1437754246.1685703131; _gat_gtag_UA_107148943_1=1; ISD_WCM_COOKIE=!2/XljrQhE2V3QkAGl7IZxfIs0wroUYt07SyTS+eI2Jm3S7cG37UNRIVLrzDCiboE+MWBlGaHgxtyxEo=; ADRUM_BTa=R:27|g:b5d76c52-4248-4a32-b384-ddf79768c067|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:84; LSESSIONID=eyJpIjoiRWFUYTh4aWFDUlRKaWdGUWdHR3d1dz09IiwiZSI6IlM4dkF6RnFKZ2xsaVB3U2xoa1FhRjBUMkVva0QwbHR6VHVHXC9hNXR0UXU2UU5ySWhLVjdWMjg0U0dhNVQ2a0dkK1VuQUhCc1FBdHEyTlRNNjd5ODE3dTlkM3doTEJ5V0NEeFNWVHJuV2RmT3FicllsdksybnJyM1Y1QUgwSTExajg5allBdm01ZDdvRk43ekpMZHBObGc9PSJ9.8b59f3fa1c713a2f.MjE0YjliZTMxMmY1YzBiNTFlYTc3ZjY4YTBiNDAwNzdkMjllYzZlYzQwYjE1Yzg5ZGMxYWZjOWVmOTJmYjhhNQ%3D%3D; _imp_di_pc_=AdzJeWQAAAAAO4DFSA5pmfioaETdC5B3; ndsid=ndsammerf6jx26lieg4dc5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:20 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Y5Mm19Z0z280%2f9S0H8KOLeh1Xe+ZzU09kD+dFQhJpv8%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:20 GMT;Httponly; Secure
_abck=C58477E5FBB4E787C2FAE5E61BEDAEF7~-1~YAAQ2qDVF3ximDmIAQAAMKS8ewl8h0iGGYYJhxMQoqOeFjo7hQ+LC+M7bTbap3ckZtv44d+uGXXXbFz2tSJEjSMnkDrsDLwakDjzzYs13YUSMAAEILyJZMWOQaOdy5LVy9Uqywkiwm4zbVX0gLA1wP5YIBdUqnGREhOb2sKJOHN1FDsIoob9gfrMPq19KCX6O6TNvoDcJznaTO1FYwEgW7gQY6GMElyR4Lmx47EGUDHD1HlSKI1xW08hV+UyOu51p7pVQPzuTd74kPHL6fAnc5rS5qNyKGSHgOoWcq+jdjGAe108YmxbFaCmv931YXgukvlZihs39MJHW4Ss8uTN51cYxkizBmU+gde+Q8GCqiZzsiVIQVHn2uH/u9h19xyZ~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:52:20 GMT; Max-Age=31536000; Secure
bm_sz=E21BED558F467969FD3A28134669C532~YAAQ2qDVF31imDmIAQAAMKS8exPMxKo0o54KyspEcampA9gjGdu0u2UHikORfJJjJpMwjK5zXnUhnYbGpx56ti14TMTWVaVmEQ/Mp4iiIxaEbpRHrUu3smG4YQE1h3mDmv2X1sPGx8wWRaUyhw2sdfgCABqxoU/cM21Zg5xCEQ3F6NY4axMxL7ltsq4dCNZYKT1eLArUrBfECpmPtXIfuwrpUIyrhT9XmNo1QMZGZfspEqUkmx1pIRBcdtq3hUYlRSxHxGZJ0fGMAqHOkls/+dvo9Qt6NFaHAZTHpEAqqG81nlUNUczi~3490881~4342597; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:52:20 GMT; Max-Age=14400
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9e4_kf182_7843-43788
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0&_cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378&pid=bc9c56b2-0613-46c7-bbe1-3d0e070a3c57&sn=2&cfg=32a3f9ce&pv=2&aid=
23.36.79.9200 OK 165 B URL POST HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0&_cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378&pid=bc9c56b2-0613-46c7-bbe1-3d0e070a3c57&sn=2&cfg=32a3f9ce&pv=2&aid=
IP 23.36.79.9:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 97622550fafd5a694ce32e6539752162
aa1f5864768112595a02b7dc2566e6c655caa15e
779322e27ae49ea07687a68518bf2001eca95803a741cf273062ee3dbddc901a
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0&_cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378&pid=bc9c56b2-0613-46c7-bbe1-3d0e070a3c57&sn=2&cfg=32a3f9ce&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 34125
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=32a3f9ce; _cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0; _cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 165
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Fri, 02 Jun 2023 10:52:21 GMT
Connection: keep-alive
Set-Cookie: ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!CAQLO2u2UhUsmqgq/D2JHXmrrcNtC6Q8TeRW2JsibMHk/qtD8sARb5JfnA0misWfnbBfncwQetKoaA==; path=/; Httponly; Secure
DCID=f3LRwCXhMybkeRCL2n0o9ROc3+qJGYCjFu0GQpKnUhqVeALLoqbBOZJSupDf9yDW; Domain=rubicon.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:21 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0&_cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378&pid=bc9c56b2-0613-46c7-bbe1-3d0e070a3c57&sn=3&cfg=32a3f9ce&pv=2&aid=
23.36.79.9200 OK 165 B URL POST HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0&_cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378&pid=bc9c56b2-0613-46c7-bbe1-3d0e070a3c57&sn=3&cfg=32a3f9ce&pv=2&aid=
IP 23.36.79.9:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 97622550fafd5a694ce32e6539752162
aa1f5864768112595a02b7dc2566e6c655caa15e
779322e27ae49ea07687a68518bf2001eca95803a741cf273062ee3dbddc901a
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0&_cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378&pid=bc9c56b2-0613-46c7-bbe1-3d0e070a3c57&sn=3&cfg=32a3f9ce&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 51453
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=32a3f9ce; _cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0; _cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 165
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Fri, 02 Jun 2023 10:52:21 GMT
Connection: keep-alive
Set-Cookie: ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!yKmFfZQwQrpZHpvpnNE5eVRfS7HzYz1lGHZD+xHtb8WjF9aQ/jV5Zn2TfU/iwQa5O7inJB/tdvVP0Q==; path=/; Httponly; Secure
DCID=LF%2fwNgso83FcuPBRTF7shB692XU6UES0LMvlbdgwX8wQrFeVHa7x4RPp08McZeHW; Domain=rubicon.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:21 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.77e559b79db575fffbe9.chunk.js
23.36.79.24200 OK 1.6 MB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.77e559b79db575fffbe9.chunk.js
IP 23.36.79.24:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
Size 1.6 MB (1572812 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /accounts/static/7M/accounts/public/js/wfui.77e559b79db575fffbe9.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 331228
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
X-Cnection: close
Vary: Accept-Encoding
ETag: "645c0402-50ddc"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Fri, 02 Jun 2023 10:52:10 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=EMamlEAjiAbcrUIMhm9mnCy7SfGYnIEXlC7EeYMsnoqqa9PlvBe4t5hvNxXESCEv; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:10 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
52.27.22.254200 OK 26 B URL GET HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
IP 52.27.22.254:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.eum-appdynamics.com
FingerprintFC:48:9F:81:33:3D:2B:6F:D9:CA:C8:3B:5F:11:C2:DC:DE:71:48:F5
ValidityTue, 14 Jun 2022 00:00:00 GMT - Sat, 15 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6a43099d5c8fe991a7aa7ebaca53069d
5bce2f0d57305c58c7b05bfce29ebb39a18f5570
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 02 Jun 2023 10:52:11 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
52.27.22.254200 OK 26 B URL GET HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
IP 52.27.22.254:443
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.eum-appdynamics.com
FingerprintFC:48:9F:81:33:3D:2B:6F:D9:CA:C8:3B:5F:11:C2:DC:DE:71:48:F5
ValidityTue, 14 Jun 2022 00:00:00 GMT - Sat, 15 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6a43099d5c8fe991a7aa7ebaca53069d
5bce2f0d57305c58c7b05bfce29ebb39a18f5570
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 02 Jun 2023 10:52:11 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
www--wellsfargo--com--2449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130494&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_chk_digitalcashbonusrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32&promoSlot=2
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--2449329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130494&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_chk_digitalcashbonusrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32&promoSlot=2
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F&cb=1685703130494&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_chk_digitalcashbonusrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32&promoSlot=2 HTTP/1.1
Host: www--wellsfargo--com--2449329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!LPt8g9G0bELQNelnfhFjdbQk89YdznNN0t8Kqcgu8szX2fJi+Bp0y5p7elUSGv+G45rSqtfRcK/SONU=; ADRUM_BTa=R:27|g:0ab82985-93c3-475d-b5f4-1644ae76ea60|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:114; utag_main=v_id:01887bbc777b000adfaf7d228c2c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704930171$ses_id:1685703128955%3Bexp-session$_pn:1%3Bexp-session; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C29003968767081097468100894450337948515%7CMCOPTOUT-1685710330s%7CNONE%7CvVersion%7C5.2.0; dti_apg=%7B%22_rt%22%3A%22DTY2JO97iQ7F8CmqqCyI4oYHY8uQ2nrz8lQ3%2BQOAj5Q%3D%22%2C%22c%22%3A%22TDJ6c1RSc3A0ZzdvUFE0dA%3D%3Dva1jpAJddj_WiqAAwU9g7uAnyuI1qR93hoSdpKQgXloJ6wXBCc7XN4mY7p7JDtsln5jmZ36TSdZ2tZ8cYJl4spGK7G8GO5-f8_k%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2FW7xZ%22%7D; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=f2c02436-2eb7-41b3-9bd7-f86ef8e87378; _cls_s=d41f2929-9724-4455-b5f1-099c6e227072:0; _gcl_au=1.1.1978183931.1685703130
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:52:11 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 10:52:11 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=Rl4BGrDh5dxp2s2Cfo%2f4V78viEF1okDoA9mfq4U0BsdAXnw8DUf21TpMLWTo0w2P; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:11 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9db_kf182_7891-29422
connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBpZG5PbXpxbjI4bzVXNU85K25obUFZVk01TFV6Q0ZlSGpUZy9sWklWQllyQlh1Z2FHQW96dFN2YkZQcHBLSWk4dDBwdEpQSU4xNktGblkyeWkydm1HL3lPeThHcnQybmc3ZUlXamV2dmdlRmI1OWpvb3FJeTNsdGE0bGRvV0RPcmc5RGlMT2dBbXpqbVZIcW1jWVpKQmhuTFB2YlkwR2ZOWitnN2RSbHdkdHVOZjEwbE4zVTVhNVBpYlRkVnY5TFJmeTFJYkt1bmFsMlArS29lMkhpL0kzU050VG9pSFdONzBWdVFvUTRUd2VnTWpmcHhhb0ZZQ0NGb3pWUHR3WGJDV054RU1yTU91bk9ZT3NWR3I5eEp4NThYNzBnTFl1clZIbDg4cEE0PXwwYjlkMzg1YWQwZTgwMGQzMjg4MTczNzQ4MzBiYWQ1NTNhZDI4MDAyNGU2MmFiYjczZGFmMmU3YjBkMjgyZTM3Y2MzYjlmOWM1Y2M0YjQ4NjU4ZmUyOTMzOTExMjE4ZmU1NWNjODBiMWRkMTU3NzhkYzczMTk2ZmMyMzhjYjdiYjM0NDBkMzIyNGRkYjljMGE4YzhhNzRiMjY0ZTUyMmNiNDU2YTlhZGJlMTNhNTg3YzhhY2U4MGYzMDg1NWNmN2ExYTBkNjI2YTQwZjVhZTIzZDU4NjkxMjIyZjcxNjI5YmRjNzEwZTA2ZGQ1Yzc4MmFjNDY5Y2NkM2Y4ODRlMzc3NzE4MTE2OWY0NmRlZGY3ZDBiOTk3MGQzNTZmYjFiNmYwMjNjNjQ4MzhmNjJmMGJkNGRkNzg0YmI4NWExN2Q0YTQ3OWY3ZWVhOTY4NTA5NGEwOGFkOTI0NWJlOTU5NmYzY2NkNTI4MWI5ZjJjYmQ3ZjU1NGI4YTkyMzJiM2FhYTE5Nzg1ZTkzZjM4YTA1ZDIxYWNlZTQ1N2FlODQ3YTcyMjMwNTE2YjYyNzUzMDZmYTQ2YjNiMTQ4MTIxY2ZiNjgwMjhlY2FlZDEwY2I1ODMwY2RlMTZiMjYyNjY2NGM1NWU1NDc4ZjVkNzUyYzI2NDhjMTNhN2RmOWU1ODdjYmE2YXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com&t=jsonp&c=_mymmoxvygllsnsu&eu=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F
23.36.79.24200 OK 90 B URL GET HTTP/1.1 connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBpZG5PbXpxbjI4bzVXNU85K25obUFZVk01TFV6Q0ZlSGpUZy9sWklWQllyQlh1Z2FHQW96dFN2YkZQcHBLSWk4dDBwdEpQSU4xNktGblkyeWkydm1HL3lPeThHcnQybmc3ZUlXamV2dmdlRmI1OWpvb3FJeTNsdGE0bGRvV0RPcmc5RGlMT2dBbXpqbVZIcW1jWVpKQmhuTFB2YlkwR2ZOWitnN2RSbHdkdHVOZjEwbE4zVTVhNVBpYlRkVnY5TFJmeTFJYkt1bmFsMlArS29lMkhpL0kzU050VG9pSFdONzBWdVFvUTRUd2VnTWpmcHhhb0ZZQ0NGb3pWUHR3WGJDV054RU1yTU91bk9ZT3NWR3I5eEp4NThYNzBnTFl1clZIbDg4cEE0PXwwYjlkMzg1YWQwZTgwMGQzMjg4MTczNzQ4MzBiYWQ1NTNhZDI4MDAyNGU2MmFiYjczZGFmMmU3YjBkMjgyZTM3Y2MzYjlmOWM1Y2M0YjQ4NjU4ZmUyOTMzOTExMjE4ZmU1NWNjODBiMWRkMTU3NzhkYzczMTk2ZmMyMzhjYjdiYjM0NDBkMzIyNGRkYjljMGE4YzhhNzRiMjY0ZTUyMmNiNDU2YTlhZGJlMTNhNTg3YzhhY2U4MGYzMDg1NWNmN2ExYTBkNjI2YTQwZjVhZTIzZDU4NjkxMjIyZjcxNjI5YmRjNzEwZTA2ZGQ1Yzc4MmFjNDY5Y2NkM2Y4ODRlMzc3NzE4MTE2OWY0NmRlZGY3ZDBiOTk3MGQzNTZmYjFiNmYwMjNjNjQ4MzhmNjJmMGJkNGRkNzg0YmI4NWExN2Q0YTQ3OWY3ZWVhOTY4NTA5NGEwOGFkOTI0NWJlOTU5NmYzY2NkNTI4MWI5ZjJjYmQ3ZjU1NGI4YTkyMzJiM2FhYTE5Nzg1ZTkzZjM4YTA1ZDIxYWNlZTQ1N2FlODQ3YTcyMjMwNTE2YjYyNzUzMDZmYTQ2YjNiMTQ4MTIxY2ZiNjgwMjhlY2FlZDEwY2I1ODMwY2RlMTZiMjYyNjY2NGM1NWU1NDc4ZjVkNzUyYzI2NDhjMTNhN2RmOWU1ODdjYmE2YXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com&t=jsonp&c=_mymmoxvygllsnsu&eu=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F
IP 23.36.79.24:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 5655f9decce47a5c7899771be86036a5
5b18e5ca5da8d183c0150ccef4cf660cf6fb1e6f
f78d39efa3b137c6651cea774714ea006e0ad462c6cc3168b41a999a72c8b28d
GET /AIDO/vyHb?d=ZW5jZEBpZG5PbXpxbjI4bzVXNU85K25obUFZVk01TFV6Q0ZlSGpUZy9sWklWQllyQlh1Z2FHQW96dFN2YkZQcHBLSWk4dDBwdEpQSU4xNktGblkyeWkydm1HL3lPeThHcnQybmc3ZUlXamV2dmdlRmI1OWpvb3FJeTNsdGE0bGRvV0RPcmc5RGlMT2dBbXpqbVZIcW1jWVpKQmhuTFB2YlkwR2ZOWitnN2RSbHdkdHVOZjEwbE4zVTVhNVBpYlRkVnY5TFJmeTFJYkt1bmFsMlArS29lMkhpL0kzU050VG9pSFdONzBWdVFvUTRUd2VnTWpmcHhhb0ZZQ0NGb3pWUHR3WGJDV054RU1yTU91bk9ZT3NWR3I5eEp4NThYNzBnTFl1clZIbDg4cEE0PXwwYjlkMzg1YWQwZTgwMGQzMjg4MTczNzQ4MzBiYWQ1NTNhZDI4MDAyNGU2MmFiYjczZGFmMmU3YjBkMjgyZTM3Y2MzYjlmOWM1Y2M0YjQ4NjU4ZmUyOTMzOTExMjE4ZmU1NWNjODBiMWRkMTU3NzhkYzczMTk2ZmMyMzhjYjdiYjM0NDBkMzIyNGRkYjljMGE4YzhhNzRiMjY0ZTUyMmNiNDU2YTlhZGJlMTNhNTg3YzhhY2U4MGYzMDg1NWNmN2ExYTBkNjI2YTQwZjVhZTIzZDU4NjkxMjIyZjcxNjI5YmRjNzEwZTA2ZGQ1Yzc4MmFjNDY5Y2NkM2Y4ODRlMzc3NzE4MTE2OWY0NmRlZGY3ZDBiOTk3MGQzNTZmYjFiNmYwMjNjNjQ4MzhmNjJmMGJkNGRkNzg0YmI4NWExN2Q0YTQ3OWY3ZWVhOTY4NTA5NGEwOGFkOTI0NWJlOTU5NmYzY2NkNTI4MWI5ZjJjYmQ3ZjU1NGI4YTkyMzJiM2FhYTE5Nzg1ZTkzZjM4YTA1ZDIxYWNlZTQ1N2FlODQ3YTcyMjMwNTE2YjYyNzUzMDZmYTQ2YjNiMTQ4MTIxY2ZiNjgwMjhlY2FlZDEwY2I1ODMwY2RlMTZiMjYyNjY2NGM1NWU1NDc4ZjVkNzUyYzI2NDhjMTNhN2RmOWU1ODdjYmE2YXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com&t=jsonp&c=_mymmoxvygllsnsu&eu=https%3A%2F%2Fwww--wellsfargo--com--2449329d48d6c.wsipv6.com%2F HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--2449329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 90
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Fri, 02 Jun 2023 10:52:12 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=fIu5YOAiYfERSramdw5gNQTDEPhKg27qz6FCGx1CxGo%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:07:12 GMT;Httponly; Secure
_abck=15DC9818FC54263FF25BD784BF833C2A~-1~YAAQFE8kF3lQ32+IAQAAmYa8ewlmaDF6zb18i20o7M/cBQeSZcvdhKP5Kho9kHq5htF9Z4AukNT7ZSDQcjb86soXituPhcAv6n/dzIW+Vj9OgIi6RbOQoXWK4o35/lLcNLrgwb40NhXeqX3pGONF+Af2t7rbtE9Wnm4XAEcOXBKMXalExKMuU2cfohiYGQDRFMOVsrfblJOtO2zYWCW+7dxDle5eXGMghnhxdjON9Vh8Ktk3UfdcdM79+tb26MyM+wcZEMmcgPfn4BUZLP3D92wP2KiG/H79TAPX8DMUWmyeZ8nuDCwgOsK426paLpY63FUtizvnAXgB1S9KNNt79ziz5M+FFh8hLDX+GwMQcmPAYzqbKtg+B/chriWoh+lz~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:52:12 GMT; Max-Age=31536000; Secure
bm_sz=6851EDE532EC34EE2E85EE7AA8CFDB0D~YAAQFE8kF3pQ32+IAQAAmYa8exPx6pZvWen/vl+57KA1+OO5lysHjCPUeF72/1jX0GfdJSzeHunRceqm1RmaoTExRbcwiQdFmGvcWx5NFwTU5IvJfHOGexffEB8ltLjUcczRjA337ZTj1NJa2e3FL3x0nzzI+p1+xwLWLtMHcIgMryDpEV1cZ5wYFtsiYRWbVRERCKFoZLwuVpXKQFFdlVr23iMKOG+PIAvvTyX7EBZjtMeXBzYaHITAUc/U6f+JG7jdjBzhdwnbUo1I95FnwwTKtHizwl2tgyghdp8BUg5sb7riR4GI~4538679~3420728; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:52:12 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains