ocsp.dcocsp.cn/
47.246.44.224 471 B IP 47.246.44.224:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 3d25d4accc054841904c210030f2765b
5586a01c7f26c3f1b55ffe41fe5ae219492a5334
733dd1e500076a819ae487f05161dd050d436d49a72c1d11e5c58760ef008bcf
POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Thu, 01 Jun 2023 23:55:06 GMT
Ali-Swift-Global-Savetime: 1685663706
Via: cache21.l2de2[0,0,200-0,H], cache21.l2de2[1,0], cache1.se1[23,22,200-0,M], cache1.se1[24,0]
Age: 1819
X-Cache: MISS TCP_REFRESH_MISS dirn:11:344379876
X-Swift-SaveTime: Fri, 02 Jun 2023 00:25:25 GMT
X-Swift-CacheTime: 1781
Timing-Allow-Origin: *
EagleId: 2ff62c9516856655257074497e
www--wellsfargo--com--w549329d48d6c.wsipv6.com/
163.171.132.220200 OK 19 kB URL User Request GET HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (731), with CRLF line terminators
Hash faf382a86dae2960bc15581eeb190402
7b50376b8fc9bd737e413d08de2565ef4b0bb92f
e541feb2ae54ae0d3be86d50238e565180131a71597d13ec09c7c9a245b5d806
Analyzer Verdict Alert openphish Wells Fargo & Company
GET / HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:26 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 18841
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; prefetch-src 'self' *.wellsfargo.com *.wellsfargomedia.com; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://resources.digital-cloud-prem.medallia.com https://www.knotch-cdn.com https://www.units.knotch.it https://*.knotch.it/; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.ads.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://www.linkedin.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://*.mworld.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://www.units.knotch.it; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-e784aad9-2ce3-48d8-8e1c-f63d1c0de8c0' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.ads.linkedin.com https://www.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Language: en-US
X-Akamai-Transformed: 9 18771 0 pmb=mTOE,1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:03e6f5d5-3307-4f26-89e9-cdf332fc6e52; Expires=Fri, 02 Jun 2023 00:25:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:0|g:03e6f5d5-3307-4f26-89e9-cdf332fc6e52|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 00:25:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 00:25:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894; Expires=Fri, 02 Jun 2023 00:25:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:68; Expires=Fri, 02 Jun 2023 00:25:55 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=1120230601172525230500458; domain=.wellsfargo.com; path=/; expires=30 May 2033 00:25:25 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=; path=/; Httponly; Secure
DCID=k5T1AtDREUgwpB1ceIyjA6iRFtUQDGvgxoEN8jtVSeTYy6F3xCdnzQ36ZfaAcal+; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:25 GMT;Httponly; Secure
_abck=ED9004C3BDA681D43CA2844DA36C28D9~-1~YAAQjtAXAirUdW2IAQAAjLF+eQmxtfVLX5rlYoqZkVB1dSopHQKEHRVKoP7nvsOR/eGQzQdzXtJNAwwcFYhnPHOcpHqvAwDUEoyB9CPbCaFUqa3z9jG6BbkFvn1085L8jaekyFuINnI3CXuYzwmh4br4QIhu7DY10SnvK38b4N8pMFusNLcniVy2m7iQD2DUUFC3b2FParXpoQoFICJ3zHU77d0Lt4gFxzltTrKgg/6fCbKpUHWnVrCdm3U+y/YzeTg7LdkxSmGpK7uYJxoMQy4I7hun3zSuHnFE/1Iyh5ksh4lVeFh+cbVRO03TTsB6kk0bGJhGbcOot906QCegsoFCvoo06t96eZTb9xNWclHIz3Dyixve1xCuMJdkfRnK~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:25:26 GMT; Max-Age=31536000; Secure
bm_sz=CF1A68781ECAF098D66BEE9B97A84ACF~YAAQjtAXAivUdW2IAQAAjLF+eRNtEQTZ4qcL8Dc0pMpi+3f4lEvjK845F+JgNJCv/SsuljW57S/V0qY44HOG3T+sl+6LxMWXDZO39u7XjPHRnEMS5+ehcKdjiJPf2xvPgRwXpPyREZiRvkjFgcKJM7Squ7leOAvQt+OwumtMkGzl7Ug3gjUd5eTHs8Sertx0baga2AQeeo8aQU2U+pef0IVhx0by20v+7R/xINvRNgXjLQ/PUUcEi7XcDBceS1t76y0slxCNZMRjpIDGLGoRFqPQMR7ATq2PYXGKkyObqoQYVFl8uCsY~3356481~4536375; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:25:25 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f5_kf173_12394-39379
static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
23.36.79.27200 OK 901 B URL GET HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
IP 23.36.79.27:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (1952), with no line terminators
Hash e7cf4c458b327ab7ed31e0936ccd404f
970bf05073f91ad6b8f21521f7c9886f71f2af1d
52b687a685d2239142be0db5335c5710951ba8c2b39a44431a40f156b4d9312d
GET /assets/js/wfui/appdynamics/appdEUMConfig.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 20 Jan 2022 02:38:25 GMT
Vary: Accept-Encoding
ETag: W/"61e8cb21-7a0"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 901
Date: Fri, 02 Jun 2023 00:25:26 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=dfbcARhgC4DiVHqfDP7mKA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
104.110.27.78200 OK 1.7 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash c939da49d435a33b6da79639dd7b449e
b5c908f157d240c4b78f1e7a6c0808aa898c9c23
60088561eb43fca42fc2f9c996af43347355642872eabfa97a943d2f28ee474d
GET /assets/images/rwd/wf_logo_220x23.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61bcfcce-10c2"
last-modified: Thu, 20 Apr 2023 01:30:26 GMT
server: Akamai Image Manager
x-serial: 853
x-check-cacheable: YES
content-length: 1712
content-type: image/webp
cache-control: private, no-transform, max-age=1213378
expires: Fri, 16 Jun 2023 01:28:24 GMT
date: Fri, 02 Jun 2023 00:25:26 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/choice-privileges-card-79x50.png
104.110.27.78200 OK 1.4 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/choice-privileges-card-79x50.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 723ea3757b670b62e78a271262f7a226
0eaa5d0a1bde4446a39f3d9c60a2719581c38837
ce9903039a68a570fa3787c621e9ea79efd40f4b24afd194c4025d085d48abed
GET /assets/images/rwd/choice-privileges-card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "64396a1c-1f52"
last-modified: Thu, 20 Apr 2023 01:30:29 GMT
server: Akamai Image Manager
content-length: 1441
content-type: image/avif
cache-control: private, no-transform, max-age=1213349
expires: Fri, 16 Jun 2023 01:27:55 GMT
date: Fri, 02 Jun 2023 00:25:26 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
104.110.27.78200 OK 26 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 1f8dadb2c78b667abbb3e1869fb823fd
7ac507de2102b9198b6590d339ed4ebbe5a4db27
c19b0b9b383a1efa5a50fe1c6e48fa46e03512e47666e17cfab1c7bb77c182ef
GET /assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "62057fd1-14ef3"
last-modified: Thu, 20 Apr 2023 01:31:58 GMT
server: Akamai Image Manager
x-serial: 1294
x-check-cacheable: YES
content-length: 25648
content-type: image/avif
cache-control: private, no-transform, max-age=1213538
expires: Fri, 16 Jun 2023 01:31:04 GMT
date: Fri, 02 Jun 2023 00:25:26 GMT
X-Firefox-Spdy: h2
www--wellsfargo--com--w549329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
163.171.132.220200 OK 19 kB URL GET HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (33363), with NEL line terminators
Hash 1f9ca16f9fc2bfd6185aa57f8e9e1996
9a32e9cd41b9f7e4ebf0cb2364a333414f1f3e52
f1f5d2d31133a2c5bd964ef6422e45e1d1c5741d98b605d6a2cbf7257092d1ab
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /ui/javascript/homepage-ui/homepage_iaoffer.js HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:03e6f5d5-3307-4f26-89e9-cdf332fc6e52|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:68; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:26 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 19159
Connection: keep-alive
Expires: Fri, 02 Jun 2023 00:11:33 GMT
Last-Modified: Tue, 18 Apr 2023 15:19:30 GMT
ETag: "643eb502-e805"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01hzl162:0 (Cdn Cache Server V2.0), 1.1 kf175:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f6_kf173_12520-45666
www--wellsfargo--com--w549329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
163.171.132.220200 OK 24 kB URL GET HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash faeacce8b6ad342cd86a6a8d5e4b52c7
818f0301128768ed137adc0a80759721b57027c8
befa04abc1ca69b01f6d8b97af7399611e49e69b541bf33554ab37f5b6b776c7
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /ui/css/homepage-ui/ps-homepage.css HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:03e6f5d5-3307-4f26-89e9-cdf332fc6e52|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:68; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:26 GMT
Content-Type: text/css
Content-Length: 23837
Connection: keep-alive
Expires: Fri, 02 Jun 2023 00:11:33 GMT
Last-Modified: Tue, 18 Apr 2023 15:19:30 GMT
ETag: "643eb502-2a973"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01hzl162:2 (Cdn Cache Server V2.0), 1.1 kf182:9 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f6_kf173_12562-40706
www--wellsfargo--com--w549329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
163.171.132.220200 OK 58 kB URL GET HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65500), with no line terminators
Hash 817137481b98432168705ff99aa7ca57
9049c9adaa1e735f5e8c1b17f72a88f8fad3994c
884b8a0cdadbb630b742a414622856e833532ecf5eb3ba87b6066bceb521f086
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /ui/javascript/homepage-ui/ps-homepage.js HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:03e6f5d5-3307-4f26-89e9-cdf332fc6e52|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:68; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:26 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 58231
Connection: keep-alive
Expires: Fri, 02 Jun 2023 00:11:33 GMT
Last-Modified: Tue, 18 Apr 2023 15:19:30 GMT
ETag: "643eb502-2c686"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01cV0174:4 (Cdn Cache Server V2.0), 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f6_kf173_12550-5915
www--wellsfargo--com--w549329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
163.171.132.220200 OK 77 kB URL GET HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
Hash 3b2227177307401f0ad66f16a01dfd5e
098aee523bc90b9abd2658dc3cad2b8d984c148c
f9fce767b48efa5ba940f180d7210d6f9d5c1569743951fb756e574c8e8ce86e
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34 HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:03e6f5d5-3307-4f26-89e9-cdf332fc6e52|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:68; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:26 GMT
Content-Type: application/javascript
Content-Length: 76583
Connection: keep-alive
Stored-Attribute-Sha-Checksum: f9fce767b48efa5ba940f180d7210d6f9d5c1569743951fb756e574c8e8ce86e
Last-Modified: Wed, 26 Apr 2023 15:12:23 GMT
ETag: "5b8f9de7319f5214c46d203ee7c78f9bf749d0b7eaa059e3b1056741a3d903ac"
Content-Encoding: gzip
Cache-Control: max-age=21600
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=pgNFIcK5dU%2fosvZhjqYwVw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=3312F8E15DC6B0CBD1FD55326E621637~-1~YAAQjtAXAj3UdW2IAQAAHbN+eQlPmsE0Q1xPnA4CTpOgV6BgoGBLsx4sAer4zsOOo72284j3aXBrwPccz0TteAz5C9MXYOCdYO5Euw7GnWFuLT58xB3B40QsL796Gm0IukcZZkFipZXwEWEXeHAzroKoi4pjQ6PL50vUALL3cJfvA2e2r5CpQrL5EImRZKHlDbwPyQZEOKbdtbyNeULvU7ZV6C9iyi6zLr21dA4RU0eGiCaAd4h+10KT4fJfd4DANhFBKzV43Jk+IpxBVsy6EqzTQiMk2hsN3S9iqxDQRdyDeKg20JpBmgVkG3/E7MOsMlrWQFkj+b4Rc6G2HThj8kvJ6NSjCGrxLpB08D/ky19n0VCkSUChWBkqtiqzexKL~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:25:26 GMT; Max-Age=31536000; Secure
bm_sz=670FBAC340E25A65B54981FEDAAABC46~YAAQjtAXAj7UdW2IAQAAHbN+eRNgf1RlNd/rx8BGLQBdkpbGeqHZ0skptyRLq807IDS/JDOkqlG4PzDPbnWs5Q9/+h1wGg+l+DnrnxmF5JhY+/8lJbiafgR0zwyV6wVplb2Vx2jr2Qit7PisnbNedPi4n1+pe7NeMV0sIWJYpIW1/51cvRF31wH35kVMrQcPW2/ZUioFL3s0kNhL7+If2nVtoFMMGF+rw+Dj6ZvaAdACkqb9/cRaU4ukPib9ZB9AS+5Qxy6nLth7QKxvB+dBMWdflWYvO5qFLZAztRJgE9Cho7nfePWn~3617329~4536130; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:25:26 GMT; Max-Age=14400
X-Via: 1.1 kf182:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f6_kf173_12353-24825
static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
23.36.79.27200 OK 16 kB URL GET HTTP/1.1 static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
IP 23.36.79.27:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (45298)
Hash 308e427d5e59a148900bf524ecd5829a
73baa209d84f2d15c88606b28280d2121efd878c
c15cbdeb4d6f20c36afa165203fc74d9ee00c6d77954971b0e1ba2e5ec222b07
GET /assets/js/wfui/container/wfui-container-bottom.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 07 Mar 2023 21:05:06 GMT
Vary: Accept-Encoding
ETag: W/"6407a702-b125"
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15731
Date: Fri, 02 Jun 2023 00:25:26 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=61kcBF%2fLdjULeLdAMhpULg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--w549329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
163.171.132.220200 OK 4.3 kB URL GET HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type ASCII text, with very long lines (9269)
Hash 5ada8b51890b60d79b493c14bae392ab
885ee2bc1c0ef79a01292299c61266531f91affb
13c8fb42a5ce4f6033f4137392a4d9ee20ea6b28b9162f6fa27d658a06074791
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /auth/login/static/js/general_alt.js?single HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:03e6f5d5-3307-4f26-89e9-cdf332fc6e52|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:68; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:26 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 4287
Connection: keep-alive
Content-Encoding: gzip
Expires: Fri, 02 Jun 2023 00:25:26 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=Ax2zfnmIAQAAdIl9f7kKkBx8zCXa_4RxB7l1Sahp2cdOy5jBDMccX8K9JYUaAaOrhK-cuNk0wH8AADQwAAAAAA|1|0|c5283ea97cf6f0bfd9af741e804b9086635f0cc2; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=QcCWXeVd9KtG00w8vz7M80Wr6VprLwxDyBXUInBE6mk%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:26 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f6_kf173_12394-39410
www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
104.110.27.78200 OK 49 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type PNG image data, 1187 x 406, 8-bit colormap, non-interlaced\012- data
Hash 4576998e5446061faba47c4c609823e0
3beff60a8beab6ef65403e7bc02f996509c737a2
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39
GET /assets/images/sprite/responsive-sprite-v7.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 48569
last-modified: Thu, 21 Jul 2022 20:05:23 GMT
etag: "62d9b183-bdb9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=6495147
expires: Wed, 16 Aug 2023 04:37:53 GMT
date: Fri, 02 Jun 2023 00:25:26 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
104.110.27.78200 OK 22 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Hash 0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=14032898
expires: Sat, 11 Nov 2023 10:27:04 GMT
date: Fri, 02 Jun 2023 00:25:26 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
104.110.27.78200 OK 23 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Hash 83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
GET /assets/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5848"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=14032898
expires: Sat, 11 Nov 2023 10:27:04 GMT
date: Fri, 02 Jun 2023 00:25:26 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
104.110.27.78200 OK 22 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Hash f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704
GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=13879725
expires: Thu, 09 Nov 2023 15:54:11 GMT
date: Fri, 02 Jun 2023 00:25:26 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
104.110.27.78200 OK 22 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107\012- data
Hash 1a2740c8df445989e4ee5f5396b6474c
a3f8545619fdd5b2a481952cd9e2c7b169bb43a6
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc
GET /assets/fonts/wellsfargosans-lt.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 21636
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5484"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=14032865
expires: Sat, 11 Nov 2023 10:26:31 GMT
date: Fri, 02 Jun 2023 00:25:26 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
c1.wfinterface.com/tracking/hp/utag.js
23.36.79.32200 OK 55 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/hp/utag.js
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (14989)
Hash 9c21270445d8d24ac6f6cd64ba2d2b87
9b6efc3ccfdefe0993369d64c73d1adb15420700
d0a902bf3de91f273513b56ce62fff64de0a89e4c8e05446546c99ab4a1910b9
GET /tracking/hp/utag.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 28 Mar 2023 20:08:18 GMT
Vary: Accept-Encoding
ETag: W/"64234932-31f01"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 54703
Date: Fri, 02 Jun 2023 00:25:26 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=GfgMQ+cSG6aeBnygcI2brg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--w549329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
163.171.132.220200 OK 18 B URL GET HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
POST /DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34 HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2297
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:03e6f5d5-3307-4f26-89e9-cdf332fc6e52|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:68; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 201 Created
Date: Fri, 02 Jun 2023 00:25:26 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=clpjs%2f1WT5rHIktMsktFPg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=clpjs%2f1WT5rHIktMsktFPg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=A212CFE022911B38BE12A44C8D1A7B18~-1~YAAQjtAXAk3UdW2IAQAA1rR+eQkYAS2QjuPaAWudK4zTN0X4xUIOPBn8Htzt6QKUDS/ORJmQ8cB8Gfdz6IEM6u4RQcPl6RnEHckOEC1fSMgWJl0zsHVD7SP+XYBELBQzThbFv/RUHns63PWYB43R519Dd+NGp6qz9D29lKBfanmDzhwoUbpmmDZMq+OqWW4x6rH3ATK8/RWCtFc+ih2MKChSPiPzswLLLpUXsaqjoiSRyAsF8W+pL0goTUdOVps3SQSSwMJgCKRRdAtwvpo7HMS6vTCMA2oEw71hw+S2pDR4u7InnUqs6SKY6vJ6/ts9dIBMkZHdggXtA6XDOjpOP4MUOZ1id3Llh9UQoc9BzYlvLhHL9Z8VP741+HGYQDTv~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:25:26 GMT; Max-Age=31536000; Secure
bm_sz=CF8831F7E0DA246050D876FCF0E026BC~YAAQjtAXAk7UdW2IAQAA1rR+eRNpWV4cLM1BDMSAVhgfrFdW6zVYx2VHhfGpgx4DUAB1MMeLtgYilPMhH2OD6EaLjtUwoK0eRv6LAVXuKJpIyZVyDVYfxMBC5nVKYLutjPpn9GOkdnGwjXpkeFaB3CJxV5N2uz3Op5tLqdENUSe7Z5Eu5SG4ApMDcFpEJeR9pPkqliokup01/bjA4183MWDxc3cITBT5BXmp674EAmLyMrv4Oda/HCCEw51zqpU9LHGbnlCWP4IFY0iZdfgWLNFuwqYujiOAsxyoBx5YIKa+bTEB1evR~3617329~4536130; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:25:26 GMT; Max-Age=14400
X-Via: 1.1 kf182:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f6_kf173_12520-45673
www--wellsfargo--com--w549329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AABoZ3mIAQAAEURTKUxq09SzpUhNCF2xQCyvJhTVihets3Swys87QU1kF4Og&X-G2Q3kxs3--z=q
163.171.132.220200 OK 150 kB URL GET HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AABoZ3mIAQAAEURTKUxq09SzpUhNCF2xQCyvJhTVihets3Swys87QU1kF4Og&X-G2Q3kxs3--z=q
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 150 kB (149915 bytes)
Hash 69d302852fd4317535f4ba421d30c7f7
3f38f3570c9f6758fe28f76019fbe53e49df39a3
59209c212f4533e495fab08e2776007e94ebb606600d42a9335bbb1a042fcc2e
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /auth/login/static/js/general_alt.js?async&seed=AABoZ3mIAQAAEURTKUxq09SzpUhNCF2xQCyvJhTVihets3Swys87QU1kF4Og&X-G2Q3kxs3--z=q HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:03e6f5d5-3307-4f26-89e9-cdf332fc6e52|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:68; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:27 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Fri, 02 Jun 2023 00:25:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=AyW0fnmIAQAAZJjqTR4ss016ScYHHtfoqAWdUxPbkmSq3wLmKqYBGLtJwaXzAaOrhK-cuNk0wH8AADQwAAAAAA|1|0|a4d394c0d0096e8d00b52e1253c61dea6ab7bd15; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=std5P9PlS6iz3ehW1XXrkkBSYm0HRXsodnSeFBoj4+UEVJXdnSis0DZXa%2fzZzg5%2f; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:26 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f6_kf173_12353-24826
www--wellsfargo--com--w549329d48d6c.wsipv6.com/target/offers/conversations
163.171.132.220200 OK 2.0 kB URL POST HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/target/offers/conversations
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (10563), with no line terminators
Hash c427147814dfca47f153c58da1fb8d77
9f40fa135bb37af0ffdafbc3882ad7eb3dad5993
8f8262d63ba21a75c9ff8fd71b1f5e2cbd8b9a10afe9ac7fdd50d1b07ab59b74
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /target/offers/conversations HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 105
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:03e6f5d5-3307-4f26-89e9-cdf332fc6e52|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:68; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:27 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 1993
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; prefetch-src 'self' *.wellsfargo.com *.wellsfargomedia.com; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://resources.digital-cloud-prem.medallia.com https://www.knotch-cdn.com https://www.units.knotch.it https://*.knotch.it/; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.ads.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://www.linkedin.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://*.mworld.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://www.units.knotch.it; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-077994bc-35f7-405c-bea8-44b0a2642e70' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.ads.linkedin.com https://www.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:03e6f5d5-3307-4f26-89e9-cdf332fc6e52|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:68; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:60cdd62a-936a-4e08-8af6-3893891de7f0; Expires=Fri, 02 Jun 2023 00:25:56 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:60cdd62a-936a-4e08-8af6-3893891de7f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 00:25:56 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 00:25:56 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893; Expires=Fri, 02 Jun 2023 00:25:56 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:165; Expires=Fri, 02 Jun 2023 00:25:56 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=1120230601172526464894383; domain=.wellsfargo.com; path=/; expires=30 May 2033 00:25:26 GMT; secure=true; SameSite=Lax; HttpOnly
wcmcookiehp=E8FA38DCA036768931180EFD2CFD2C16; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
DCID=rKbwzXLmNLZ3lYj4s5RRE9y%2fdqgKj6y%2fM5YytKJgImPpe1GZXeLLuVEmYPc2A4RV; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:26 GMT;Httponly; Secure
_abck=3035720EE1A96A023E2325C18CB58015~-1~YAAQjtAXAlPUdW2IAQAAfrV+eQljOGe28+bYX/UOO7IOY7go4tBnw1ikXfwcxt78TZD5RhmLKJYxbrmrOwwgSm3RlvtRz/zgwTLT2eIbaSi9xAC45P1wODwCgxEWJWFZr3uxBIcAk90mDhKV5c0hmHFfTNnWr2TvSxG3cl9kFo994SpRoptwfC2/hNf75Nd2zDajDwhhWEQlLqv5zXP8UYouIgXLxmtYaQOVPBrqzfOVgSZPi7Wql1W9/3NqHkgGQDa2MBQwaEm4owkilqRd3gfalN4/5kKd5ICEutdZzUz87o9GvTnZ129DX7GqDHl028ZesJ2CeyyGPTV5zWiUE4d3AljHIQq4qlYxWQ1xEgocNLlnspQnoCnq/iGbygz4~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:25:27 GMT; Max-Age=31536000; Secure
bm_sz=B4E76FA73955AFEF6D420648E5D503A8~YAAQjtAXAlTUdW2IAQAAfrV+eRPz4HeiDNGtB2fYjLWWpt0TPKgyIGpn4Jf3DhTHzzHVcKtdn2rLIT27WMD1zC/lPiwAgURyedGSUSSjsoX6H3Hwozd8yR0DPsWV6WvE95X81aEJT7/3NXXz0YkK6joC5YRZvICJFxNQ7P99mXF89o4SBkR5cSOW9/vmS5v6iVjvngmKamUxoctsiFHpNdxvzdMfQw6QYbsrYxZBG7xw63WNlGrerU4Z1VLjSUva+DcN+mEWIR2E0nM0m3fUR3nyItHj0rF7b7xlxtc3UrTJW33vnWO5~3617329~4536130; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:25:26 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf173:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f6_kf173_12562-40711
www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
104.110.27.78200 OK 9.2 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash cd112f1acb59ef6e59e09c0effd8ce2a
bc104cd92adc32a8f695300d2b0cc69c2776f6af
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c
GET /assets/images/icons/ico/favicon.ico HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/x-icon
content-length: 9198
last-modified: Fri, 17 Dec 2021 21:10:38 GMT
etag: "61bcfcce-23ee"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=47226
expires: Fri, 02 Jun 2023 13:32:33 GMT
date: Fri, 02 Jun 2023 00:25:27 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
104.110.27.78200 OK 964 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 7f9f34586bf809f8eb21ceb6b46045d7
90691768aff809a00ce2b33df7e37e34dcdbcbe0
dca86ff9007564cbcb0515ec84dfc727fd8648005a8f12eb0bf5a3278431d6e0
GET /assets/images/icons/icon-hires_192x192.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6116f9a6-dcf"
last-modified: Thu, 20 Apr 2023 01:32:50 GMT
server: Akamai Image Manager
content-length: 964
content-type: image/avif
cache-control: private, no-transform, max-age=1213524
expires: Fri, 16 Jun 2023 01:30:51 GMT
date: Fri, 02 Jun 2023 00:25:27 GMT
X-Firefox-Spdy: h2
www--wellsfargo--com--w549329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
163.171.132.220200 OK 313 kB URL GET HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type ASCII text, with very long lines (65357)
Size 313 kB (313270 bytes)
Hash 86b0428bd52fbfeaf6fc736f21b79f1e
357a952f524df35ccf680ecc30ed8764444266bb
fe4623c9de643567800b8518f0a5163d4d6d634f87d93ab792b221834592d5ab
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /auth/login/static/js/general_alt.js?1js HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:03e6f5d5-3307-4f26-89e9-cdf332fc6e52|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:68; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:27 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Fri, 02 Jun 2023 00:25:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: DCID=Ev7LUa3hgkRaMHH05h7IQFWbru8%2fw3M%2fGZYNOPtQFC5hiw0ErM0LrQ1dHOikYcZm; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:26 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f6_kf173_12550-5921
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_o_enjoy300_1700x700.jpg
104.110.27.78200 OK 1.6 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_o_enjoy300_1700x700.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash f4ea54d2de3587734104a7fe6ac34593
abb69048123b667ad90dcba04da4f08a4a4aeeb7
e802f40411f32bc8331100de87c647c70071bbd2e29a44befcd52e48c6020205
GET /assets/images/contextual/responsive/hpprimary/wfi_ph_o_enjoy300_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63f63d12-aabe"
last-modified: Thu, 20 Apr 2023 01:43:32 GMT
server: Akamai Image Manager
content-length: 1646
content-type: image/avif
cache-control: private, no-transform, max-age=1214350
expires: Fri, 16 Jun 2023 01:44:37 GMT
date: Fri, 02 Jun 2023 00:25:27 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg
104.110.27.78200 OK 25 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash bf978a151ba3f10a7412e8cd5fbdb863
2af8e9c16c4f1e96ba1e86beee63521c802c2cce
ac555d446e447b4c8cf2bf2dd377d53c3b21faf83da3259dc8839c782eba1d9e
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6350580a-d82f"
last-modified: Thu, 20 Apr 2023 01:30:23 GMT
server: Akamai Image Manager
x-serial: 1019
x-check-cacheable: YES
content-length: 24880
content-type: image/avif
cache-control: private, no-transform, max-age=1061122
expires: Wed, 14 Jun 2023 07:10:49 GMT
date: Fri, 02 Jun 2023 00:25:27 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
104.110.27.78200 OK 562 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2bcde1c3190b4af34b91259d18dcc641
3e6b6735a8876b4a326648142fab032a8bc57999
de658330c0f53de61d10240f572508c31ee9db580f34b856430724f2e499104c
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63cb7c4d-769"
last-modified: Thu, 20 Apr 2023 01:30:29 GMT
server: Akamai Image Manager
content-length: 562
content-type: image/webp
cache-control: private, no-transform, max-age=1213399
expires: Fri, 16 Jun 2023 01:28:46 GMT
date: Fri, 02 Jun 2023 00:25:27 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_557715963_616x353.jpg
104.110.27.78200 OK 16 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_557715963_616x353.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 093dc61fd7b0036526bf39ae69597887
a27c677f83b0554434422c99b5519ace95ddb23a
f5a1bee943c64e915cc0223d3cc7e402b70794950377eb8ef040c835fad7e156
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_557715963_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63cb7c4a-ce5a"
last-modified: Thu, 20 Apr 2023 01:31:11 GMT
server: Akamai Image Manager
content-length: 15941
content-type: image/avif
cache-control: private, no-transform, max-age=1213454
expires: Fri, 16 Jun 2023 01:29:41 GMT
date: Fri, 02 Jun 2023 00:25:27 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_900217040_616x353.jpg
104.110.27.78200 OK 24 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_900217040_616x353.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 87b3f9d652a18e74ea8ef53a99b251d6
8773c9b3a11fb9247039d731888724ccfb74bb5d
86e522c61649a3fd7b76ea8d8304d88fa1b86d029a349c64a2e4ee3683d019c4
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_900217040_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63cb7c49-e902"
last-modified: Thu, 20 Apr 2023 01:30:31 GMT
server: Akamai Image Manager
content-length: 23508
content-type: image/avif
cache-control: private, no-transform, max-age=1213461
expires: Fri, 16 Jun 2023 01:29:48 GMT
date: Fri, 02 Jun 2023 00:25:27 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
104.110.27.78200 OK 1.1 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 89a0759ff4f79071f11a1f90bffd9337
2d734cb1eda293788a673c1fae36b2c1d7e92bae
2223c16db671322ea90112c50128563ee80413e33769d718bd92b99da094712c
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "633eedd3-e69"
last-modified: Thu, 20 Apr 2023 01:30:30 GMT
server: Akamai Image Manager
content-length: 1131
content-type: image/avif
cache-control: private, no-transform, max-age=1213441
expires: Fri, 16 Jun 2023 01:29:28 GMT
date: Fri, 02 Jun 2023 00:25:27 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_hplp_savings_1600x700.jpg
104.110.27.78200 OK 2.0 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_hplp_savings_1600x700.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 54e10b9c13d7d34c19657767d4bab80c
e34a8ab8569f015fcc331eb9eea548cffb7466fd
3059d71b7591fed5674007cbfe04627a88397d42cc58f9a107becb0c269d825b
GET /assets/images/contextual/responsive/lpromo/wfi_ph_hplp_savings_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6453c985-8adb"
last-modified: Wed, 17 May 2023 14:04:04 GMT
server: Akamai Image Manager
content-length: 1950
content-type: image/avif
cache-control: private, no-transform, max-age=1258853
expires: Fri, 16 Jun 2023 14:06:20 GMT
date: Fri, 02 Jun 2023 00:25:27 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_piggy-bank_color-gradient_64x64.png
104.110.27.78200 OK 1.4 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_piggy-bank_color-gradient_64x64.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 965f76605b195f4ccfe05353f99ec406
7cc5b65bebc32a1835e778bf984d202fe472bd30
7bb20bbccd8f33fc25b907e8fcbefb0d73b1a9ae7076f8e688fc633f09690de6
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_piggy-bank_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "64501bd4-10f8"
last-modified: Tue, 16 May 2023 13:54:43 GMT
server: Akamai Image Manager
content-length: 1420
content-type: image/avif
cache-control: private, no-transform, max-age=1171788
expires: Thu, 15 Jun 2023 13:55:15 GMT
date: Fri, 02 Jun 2023 00:25:27 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
104.110.27.78200 OK 463 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 4ba6a57b8c9f52ede1b958bd4b63700b
22a693eb43a2a76ab994782bc50cc262f986a240
c13a85df86fed8e3d77b952a59a1736743127f1422873b47b4d0a59092c62de2
GET /assets/images/homepage/position-1-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-9f2c"
last-modified: Thu, 20 Apr 2023 01:30:38 GMT
server: Akamai Image Manager
content-length: 463
content-type: image/avif
cache-control: private, no-transform, max-age=1213538
expires: Fri, 16 Jun 2023 01:31:05 GMT
date: Fri, 02 Jun 2023 00:25:27 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
104.110.27.78200 OK 831 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 026f5e731899c436dbbec268e870905a
160ed7b7fe9a30e81aae6f1136db6ce939113a7e
2a242450947c5c9d9496cd2d4acb67d50b269f5ce36070c3b98c4f88db3307db
GET /assets/images/homepage/position-2-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-cf3e"
last-modified: Thu, 20 Apr 2023 01:33:02 GMT
server: Akamai Image Manager
x-serial: 1447
x-check-cacheable: YES
content-length: 831
content-type: image/avif
cache-control: private, no-transform, max-age=1213501
expires: Fri, 16 Jun 2023 01:30:28 GMT
date: Fri, 02 Jun 2023 00:25:27 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
104.110.27.78200 OK 405 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 08e3eec615bb3f7d07a95e1e79f96189
c05ef7184eedcb31aee442ad8c474ff306b1d473
89026cd6ac7b7314c1a5b075471d09a9b672ac011254541c9d2b521b90c6cb3e
GET /assets/images/homepage/position-3-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-7b35"
last-modified: Thu, 20 Apr 2023 01:33:39 GMT
server: Akamai Image Manager
content-length: 405
content-type: image/avif
cache-control: private, no-transform, max-age=1213790
expires: Fri, 16 Jun 2023 01:35:17 GMT
date: Fri, 02 Jun 2023 00:25:27 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
104.110.27.78200 OK 840 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 6ec98f68003e2c6714282b232614e8d1
2e159a3a6e6796d1cc201770ac015f96f905ef56
f9c237c7739705ea404e9682f13e557a1d984f2493f6f619bdfce44c9a71445d
GET /assets/images/rwd/Active-Cash-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-1d25"
last-modified: Thu, 20 Apr 2023 01:31:18 GMT
server: Akamai Image Manager
x-serial: 1153
x-check-cacheable: YES
content-length: 840
content-type: image/webp
cache-control: private, no-transform, max-age=1213477
expires: Fri, 16 Jun 2023 01:30:04 GMT
date: Fri, 02 Jun 2023 00:25:27 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
104.110.27.78200 OK 962 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 699a91c4d536a60f1a4bd48622194f70
91b303fbf65778043ddd2fe6f39f4798f207f320
8c456a47b3f97fa54853761f544146ab5b5277a11603a18f080947d76e31d54a
GET /assets/images/rwd/wf_autograph_card_79x50.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-81c"
last-modified: Thu, 20 Apr 2023 01:32:43 GMT
server: Akamai Image Manager
content-length: 962
content-type: image/avif
cache-control: private, no-transform, max-age=1108329
expires: Wed, 14 Jun 2023 20:17:36 GMT
date: Fri, 02 Jun 2023 00:25:27 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
104.110.27.78200 OK 712 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 89489c444f1ee92b133eb97304e31020
62ea0737595301aabcda8a6dbe95184ba9a75558
e06b14ec84ac8651fc009b444e0560a78c1919f45df8106a9c14cd708d5b804e
GET /assets/images/rwd/Reflect-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-1c20"
last-modified: Thu, 20 Apr 2023 01:30:55 GMT
server: Akamai Image Manager
x-serial: 1166
x-check-cacheable: YES
content-length: 712
content-type: image/webp
cache-control: private, no-transform, max-age=1213349
expires: Fri, 16 Jun 2023 01:27:56 GMT
date: Fri, 02 Jun 2023 00:25:27 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
104.110.27.78200 OK 1.1 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 21385ee55bb1e5a680bb48257446fb86
9639eb9d1c5805fa350013eaa2f11c08835459e0
cfcc50571ad947e067c5a0853534d3016eaaef2fd98ffdb9b0d4d3c1bdda0273
GET /assets/images/rwd/bilt_card_79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fc445-1be6"
last-modified: Thu, 20 Apr 2023 01:31:08 GMT
server: Akamai Image Manager
content-length: 1083
content-type: image/avif
cache-control: private, no-transform, max-age=1213485
expires: Fri, 16 Jun 2023 01:30:12 GMT
date: Fri, 02 Jun 2023 00:25:27 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
104.110.27.78200 OK 1.7 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash e218a28576f6620622d48155284b5551
d189e371b0ce3dac93f0b9e660c426d932da9274
f990b81e77666bac79e3f1f9399b7763ca7eb64b1d70acea21cbe954413cc0c3
GET /assets/images/rwd/first_time_experience-account_summary.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "618287e9-14da"
last-modified: Thu, 20 Apr 2023 01:30:31 GMT
server: Akamai Image Manager
content-length: 1662
content-type: image/avif
cache-control: private, no-transform, max-age=1213504
expires: Fri, 16 Jun 2023 01:30:31 GMT
date: Fri, 02 Jun 2023 00:25:27 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
104.110.27.78200 OK 7.4 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash c885a0955f4f35b25bceca71830f266d
4bbdc15de0149dee5e6feae4fb32a520a983a1ca
5c18c7230c1e013e39d16af91a84fdedd4a6cb5874e26729f0883978c4ba229e
GET /assets/images/rwd/Native_App_Phone_Personal_v8.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6328cc17-9829"
last-modified: Thu, 20 Apr 2023 01:39:11 GMT
server: Akamai Image Manager
x-serial: 7
x-check-cacheable: YES
content-length: 7363
content-type: image/avif
cache-control: private, no-transform, max-age=1213723
expires: Fri, 16 Jun 2023 01:34:10 GMT
date: Fri, 02 Jun 2023 00:25:27 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
104.110.27.78200 OK 20 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 87490ccdfd428eee95e906fbce88432a
e1c384061e5aaf77bcf202341510db8cdc2ae350
936c825f599809216670e9444d31e555e587b6f9943a89681cfef3621c5b0843
GET /assets/images/rwd/volunteers_cars_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "618017dd-cd21"
last-modified: Thu, 20 Apr 2023 01:30:41 GMT
server: Akamai Image Manager
content-length: 19628
content-type: image/avif
cache-control: private, no-transform, max-age=1213393
expires: Fri, 16 Jun 2023 01:28:40 GMT
date: Fri, 02 Jun 2023 00:25:27 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/women-in-greenhouse_616x353.png
104.110.27.78200 OK 31 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/women-in-greenhouse_616x353.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 6e75964fb01ae452f65c9fa41cd3326e
1a0909cc3f5290bb291f4d35abdc4df63767ef9e
417df9b440b214aa81b429a205291afb424c1ae8a3c9143dd22e17befaada5e2
GET /assets/images/rwd/women-in-greenhouse_616x353.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6410d4f7-b51b"
last-modified: Thu, 20 Apr 2023 01:30:32 GMT
server: Akamai Image Manager
x-serial: 1698
x-check-cacheable: YES
content-length: 30860
content-type: image/avif
cache-control: private, no-transform, max-age=1213394
expires: Fri, 16 Jun 2023 01:28:41 GMT
date: Fri, 02 Jun 2023 00:25:27 GMT
X-Firefox-Spdy: h2
www--wellsfargo--com--w549329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
163.171.132.220200 OK 18 B URL GET HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
POST /DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34 HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2646
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=; utag_main=v_id:0188797eb38900000009374e858b05046003700900918$_sn:1$_se:1$_ss:1$_st:1685667326666$ses_id:1685665526666%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:60cdd62a-936a-4e08-8af6-3893891de7f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:165
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 201 Created
Date: Fri, 02 Jun 2023 00:25:27 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=l0Vkmvbu1dOw9nRX14OPuA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=l0Vkmvbu1dOw9nRX14OPuA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=D7402F563284CCA285CADD195F175A3A~-1~YAAQjtAXAojUdW2IAQAAjrh+eQmib+InIpa6hISBkYQWA5VcYfkDmKwdIV0yPjnc7ZU690YtDvnt8ZNs0pNRvuIHXAPIFf8++Y2b/wpAwq/BiObyM7r20B5cbJCCl3UhKIzTa4EP/lMidWH3OgUfXKbqvrmQoiPu9qyIhj27P5P4SGGA1zCmBSqY71hQwK2Apd9XSyk67cknrZMsdFwEWALPsgsK7O+lwqlzHG/5imWsYhUmcE/pg549h7Ur6hoyJ+hbJnLHmlue0L8cmU8XKEVOr6RdjSBx34bhFp0/vFHv/FyQnLP1CZBCZRyVqAfipQ49Y5URZnQ1QljPW6vcQf3VpQPWshSIqFj8no6hYRLumVPwCdZHUWdpVPA5dQLN~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:25:27 GMT; Max-Age=31536000; Secure
bm_sz=D5B90F4EA1EC3C281BC08523B6A56CE2~YAAQjtAXAonUdW2IAQAAjrh+eRNTW33NczHKxOxx5XpQXmQYAXUPqBZ3nF4Koy5HtYSybZ8ZoGsxiIY/Mqrha2Vl9CU/A2sOmjol7+AK7GQJR5qpPP7rM63FwtiI0TgPlvvWwomd0vue15xlAYtHQTWgXD+9yB5I4TNknYfSLm0ZgM7rm5z5edWgzvTp2+IQavS5lUCVQSx4nCpd2aPhbD28OaltW7u//Y4BGPhUIl22y0c/iDy/KGLoDQ9ljoFAgBrKxI3g259UwAKS6JYF2bhPQOkYvzjcCecH5TR1Ut+OuoA/yJpg~3749686~3752500; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:25:27 GMT; Max-Age=14400
X-Via: 1.1 kf182:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f7_kf173_12550-5933
connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
23.36.79.24200 OK 571 B URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
IP 23.36.79.24:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
Hash 6497c4493a39dde646c25ba77769bdff
a274bf8eeb1162704dffb48a94fa7984257d5bb0
87539e9903c436b134e3eedeb2fba22286fbca83cfd766afd62e6de9d10167aa
GET /accounts/static/7M/accounts/short/accounts-cache.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: W/"645c0402-497"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 571
Date: Fri, 02 Jun 2023 00:25:27 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=w9vN9d2YWIOv00OSO4cxMMEOkXjWsTqK2x5ZWggVNzXNxMIkT8XaLD8yhpdRqJN7; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
23.36.79.24200 OK 151 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
IP 23.36.79.24:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 151 kB (151383 bytes)
Hash 8602eb90698e4938f434bd96ef0acbbb
50aa1da4bb2f0e38e7b05ef2aea805e0950747ec
85e42191f53108469a044d6389ada854b713bf150b1f1d03b5a5518420bc9172
GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Allow: GET, POST, OPTIONS
Access-Control-Allow-Methods: POST
X-Frame-Options: SAMEORIGIN
ETag: W/"645d3f60-1854"
Last-Modified: Thu, 11 May 2023 19:17:52 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Fri, 02 Jun 2023 00:25:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
WesdAksn=A0G4fnmIAQAAUNgRE7hspN_8VWPHq0xxY5R2HFR19X2PFUxTQBUyE0Z7MfppAVtaKpqcuNk0wH8AADQwAAAAAA|1|0|98ea5d509bc993a5af20f0a950493466caf3472c; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=uyVCQkkStgkldE3g5rzqL6YLVnQUkaWv2sOPk6rwzO8%2fZFrfRSkLOgrohPc65Hco; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
23.36.79.27200 OK 14 kB URL GET HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP 23.36.79.27:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (32088), with CRLF line terminators
Hash 5f310e2e2a558d76b916e137aee73462
c7ff0190c9c2c414321211f3863e9e27f32b713e
385196f0fce7cea80c2c99d971780ecb73df9dea6e5b2d95d19df3aa849c7b1f
GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 14304
Date: Fri, 02 Jun 2023 00:25:28 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=YtCe1wf33jVdTsV%2f9tdhYQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.6f78b5133f378c92c1b9.chunk.css
23.36.79.34200 OK 24 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.6f78b5133f378c92c1b9.chunk.css
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 7761c210936c5ffbc16bf3a859c5c649
30b0294e872a612bbb44fef185397b20839a6a7f
5b306356aae0365e64f0f2aeb36e88aaebcfad3cede0791f87a2cd3d8fbbe9af
GET /accounts/static/7M/accounts/public/stylesheets/main.6f78b5133f378c92c1b9.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 23979
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-5dab"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Fri, 02 Jun 2023 00:25:28 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=sl5j9RAvkBtnPRAE%2fVSSBQ%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
23.36.79.32200 OK 45 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 02 Jun 2023 00:25:28 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=ppPWAgyJRnBJpYOUal9p5Q%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.df910294345cedd2922e.chunk.css
23.36.79.34200 OK 39 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.df910294345cedd2922e.chunk.css
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 1415f9572acbb3f9c9b735caa721379c
b028e1c6270ffbbeaaad4df08669a519dabef72c
38526f61faf9a7f3f0612e909fb6f786a7ffba9b899c4d37ee66a7f08dd8f69d
GET /accounts/static/7M/accounts/public/stylesheets/wfui.df910294345cedd2922e.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 39080
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-98a8"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Fri, 02 Jun 2023 00:25:28 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=lSWyHGEeXBWwDDX0OD8+gg%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/gb/detector-dom.min.js
23.36.79.32200 OK 138 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/gb/detector-dom.min.js
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65434)
Size 138 kB (138549 bytes)
Hash c71e354b6a3fbb7e60e42b5cd392761e
b0abcc1cda4144fb29550225f7c3dd0342d11fbf
c5efd80b0945674f1ffbb895395fb45f44b6030a3d2c6380b03202e667c51923
GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 28 Mar 2023 20:08:12 GMT
Vary: Accept-Encoding
ETag: W/"6423492c-7049c"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 138549
Date: Fri, 02 Jun 2023 00:25:28 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Pldh8r2uytjBT409ZXRxeA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.0b407b6e491f76ce3813.js
23.36.79.24200 OK 3.8 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.0b407b6e491f76ce3813.js
IP 23.36.79.24:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (7626), with no line terminators
Hash 376eecf5abc22210cbcec8dc18f21cf6
be2406fc2ef24c86c85eb04a9c36559ef1fa3d7b
a56f4f80c32f2fd3a8d47679dfd0456765d23a853a0f12c5bdf7e8bae4c65a20
GET /accounts/static/7M/accounts/public/js/runtime.0b407b6e491f76ce3813.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: W/"645c0402-1dca"
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Content-Encoding: gzip
Content-Length: 3788
Date: Fri, 02 Jun 2023 00:25:28 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=xj9xtiAtvhyVwCUp+0TfRpxmRK+GkdWyC%2fOhYn+GiLWYRiL434w1H86yWrHhAJJH; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:28 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.a939a86ee26c77766c4a.chunk.js
23.36.79.34200 OK 308 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.a939a86ee26c77766c4a.chunk.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 308 kB (307653 bytes)
Hash c85014374233a557bb0c3371506bb5a0
aeb987debdb406b79606440a165a027770ee03c7
79c53c9a2acedfe344e6246a510b6c7a687fb868006a15f7afd5886a1b88abf1
GET /accounts/static/7M/accounts/public/js/main.a939a86ee26c77766c4a.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 307653
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-4b1c5"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Fri, 02 Jun 2023 00:25:28 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=xc8QOUuoQIggCIABZKN7T4y6JnlZAFBLCwWBZucGZQ2PlJH0RY5z1d3v+29fMC24; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:28 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--w549329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
163.171.132.220200 OK 175 B URL POST HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 8251c2135f86a66ea4920a8fa398441d
b99eec81bef68bb7f7af944a4499d3410856f8c0
5389f2c3caac6acaecc71f4a06047cb823a5a2cc892706798f1b4dc29785fecc
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Content-Type: multipart/form-data; boundary=---------------------------296323349930186935861791536600
Content-Length: 171
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=; utag_main=v_id:0188797eb38900000009374e858b05046003700900918$_sn:1$_se:1$_ss:1$_st:1685667326666$ses_id:1685665526666%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:60cdd62a-936a-4e08-8af6-3893891de7f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:165; dti_apg=%7B%22_rt%22%3A%22DQwFKPpNtxbF8CmqlmHPp94jfYbc6CyA3kQ8tQDl3d8%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:28 GMT
Content-Type: application/json
Content-Length: 175
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
x-envoy-decorator-operation: ingress DeviceCategoryPost4
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=lWSTWuFzGKV+%2f+b%2flpvsqtF%2fDh7SBmVJkFEaq2jXkTM%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:28 GMT;Httponly; Secure
_abck=77F8F27EFAC29357C460DB4254D891D6~-1~YAAQlNAXAqEhbHaIAQAAeLp+eQkkh4oLgPoHCkcuV4EcCAWAlLZcYveNIkYSiw61448p+D5Ai4m1if6JnVvAi7rtSPFyJx7XCRQ6h65i2A9BYVH90mHWeSPPCeUNHn7kwLUv4xVM3MUbcgMw+yZJZLm4qCykfmE8gql6NObbH7klgJ7orzV5UqEW08rFyZjpL/Ig/zkWjpR0IB42RwPMx9lYjvM2YaIsFbndAOYP8NwczJqZfAAWBlrHV/mo5iUKzeUbg96UBLJTFihbAcs1s0IKyqUZJY9IPVul1QMzuqxx2hYQXLScfS7FMfcnhNjCSEHLC6rBIg0upU2ds4J8ToX4lGkeq5P2D8/DP3FWUzVE003gWA72wcHRW2g6fcaL~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:25:28 GMT; Max-Age=31536000; Secure
bm_sz=7BBAFA9C6AD7C15FF212E8B9D93B2C8E~YAAQlNAXAqIhbHaIAQAAeLp+eRP7ccgzfFWTFoYOhY4+kkZlMownM61bjzLRYyKuw4vjXvLyphwdcD5JM67ISmbpgxgRGGGKcnFqDxWCeEZ3tu2zjSgPyyXunWk7C3YlJ+MTPxtyXWJTBmdgpj1/Vzdw1w6ZH1VDqEmSIz7sLXslnoVdBsMgEtcsQMKKISPcjtyOQxn/cJZ7GQH2f0fvIOh0knbcist70V8S6tuTc8G5e74AZwlm7qC/kTOea1mo6Ss2UaDKsWcM4OSuQIRLWJiewEOZPxz5dh4cmFVURM4PVeevZByG~4408370~3553349; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:25:28 GMT; Max-Age=14400
X-Via: 1.1 kf175:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f8_kf173_12550-5938
connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
23.36.79.24200 OK 607 B URL GET HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
IP 23.36.79.24:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with CRLF line terminators
Hash 566dda94252f1860a7a28665c715b530
6aa0455dc8ea41441b1f3a733985758dc40af736
43dd833f33570535401d009e6b6f9cde54bdac4e210fc6c89cfdcfcbaa9fc903
GET /auth/static/prefs/atadun.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 11 May 2023 19:12:37 GMT
Vary: Accept-Encoding
ETag: W/"645d3e25-4a0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Content-Encoding: gzip
Content-Length: 607
Date: Fri, 02 Jun 2023 00:25:28 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=wWsCcq4Eur52q805uFzgKvd3NbktWTBe97HlLRNRDZKAYXsjL%2fUf2i9OZ4yonPsb; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:28 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--w549329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
163.171.132.220200 OK 18 B URL GET HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
POST /DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34 HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
ADRUM: isAjax:true
Content-Type: text/plain;charset=UTF-8
Content-Length: 2549
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=; utag_main=v_id:0188797eb38900000009374e858b05046003700900918$_sn:1$_se:2$_ss:0$_st:1685667328238$ses_id:1685665526666%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:60cdd62a-936a-4e08-8af6-3893891de7f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:165; dti_apg=%7B%22_rt%22%3A%22DQwFKPpNtxbF8CmqlmHPp94jfYbc6CyA3kQ8tQDl3d8%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C57803541130796398560653695532567926031%7CMCOPTOUT-1685672728s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c; _cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 201 Created
Date: Fri, 02 Jun 2023 00:25:28 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=h2wL5HWhXeWkQ7vPBz%2fSKA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=h2wL5HWhXeWkQ7vPBz%2fSKA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=C40A88A2F78FE4E90B244104BC18A7E7~-1~YAAQjtAXArTUdW2IAQAAnbt+eQlCDwakMk2I4x5+Q0OHOkKRmC/J4eqb3OZLh0nriGN4dN/4fNzwkH7xW317IseFrLapl3j/udSLZyp4xiEIK3xq67bpZiuvOVELDOuIxGMRxI9+qDDibT71m5bTvPvyiKWm1qazeAD8IE1KDElI0c3Uy0A8GWjQKxqCb3iVmgQJlUiQmZa+E91SOplu8Y6/FZ0Te7Ats/E0F9ApLQI0vGXnj+eu4fIg9hOJXw+WJUEmpnZk2bFtK8Z4wwLYXPqlgiXu0cGPMbgizHzVsvETs/iz1loqgYKUisDoNkxyaqVpYA5IqRNjhfFj9kzF9JCW/yVbBdRl8ueIx9HG7SGWB3FROah+UgANBWr0cX3h~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:25:28 GMT; Max-Age=31536000; Secure
bm_sz=042286A7F939322485DA4DBCAA65530F~YAAQjtAXArXUdW2IAQAAnbt+eRMvu/cSucvUxI8rJ870PwRLUdMYFw1bp+dqHv1MMtW9/3H9KWtvIJDdMAZLixjQw+AoKI3692XCjHnuZmjtlkTBJKnZnVgvhFAATIi+kb6XIfFfFk1cLd/1fIndXe9gre8Q43qDwWaGlc+jFCEpjHsMamEsLFHRc4Np931JnxY3DnikahvkFivyoen6DRI2VoItQnyz6Gdtf2Xn4cO4s//HcuaEQt/8JiqnIVPZJLsldZ1As1G3gWD4tlCMTBUUa6k9odZwLSPdvggvTQpkn/bmKaRN~4408370~3553349; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:25:28 GMT; Max-Age=14400
X-Via: 1.1 kf182:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f8_kf173_12550-5946
c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
23.36.79.32200 OK 45 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?t=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 02 Jun 2023 00:25:28 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=cKbknLdnP47mkv98YMRlGQ%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
23.36.79.32200 OK 45 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 02 Jun 2023 00:25:28 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=MDNqN53a9zdvIpeheCdfzg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3%3A0&_cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c&pv=2&f_cls_s=true
23.36.79.33200 OK 1.1 kB URL GET HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3%3A0&_cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c&pv=2&f_cls_s=true
IP 23.36.79.33:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (4589), with no line terminators
Hash b4b7b67d7a0ff4e9d4da3fd0e8eb6193
8f97d30618500b7c2aa1f4bca58b49fe75995895
d7dc46f5f9123b034fc979c6f8a2c8e2985595961c92ebe7e2e3710ab0c62694
GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3%3A0&_cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1141
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Fri, 02 Jun 2023 00:25:28 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=32a3f9ce; Secure; SameSite=None;HttpOnly;Secure
_cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0; Secure; SameSite=None;HttpOnly;Secure
_cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!XoJJdPm8q8yU/E/pnNE5eVRfS7HzY4gqhqSUdu7s5Y+JcM4jsVy3tp5kmbFBd4ZJOORqevxKNgnpnA==; path=/; Httponly; Secure
DCID=M81ZUTosFu4M6qFTDOWI94j1r3NZNd0L1gKPY7MeKMB4JcMdF2Gohon49+9LyIKt; Domain=rubicon.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:28 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
23.36.79.27200 OK 16 kB URL GET HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
IP 23.36.79.27:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (599)
Hash aeccb854b0a76aa9f478e466c8011b29
625d31cbeb8978cf2419f58d14bba92a42dbb45c
7f0d10bc282c3d7b0eb4d7527303490f8d3b86a1c65e293c2d9f0793006441e6
GET /assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 Mar 2021 23:46:24 GMT
Vary: Accept-Encoding
ETag: W/"60401fd0-bbed"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15970
Date: Fri, 02 Jun 2023 00:25:28 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=GPP59BHXNH57PZBusJvMUQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.77e559b79db575fffbe9.chunk.js
23.36.79.34200 OK 347 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.77e559b79db575fffbe9.chunk.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type gzip compressed data, max compression, from Unix\012- data
Size 347 kB (347296 bytes)
Hash da467358aa285b80ae5888bd88804170
e29abbc0d3e0dee832a40eee3378235267007429
ffd20618f1ae4279ea2a8fedbdf0764b195a1f5f00afe94213072087a38958e1
GET /accounts/static/7M/accounts/public/js/wfui.77e559b79db575fffbe9.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 331228
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-50ddc"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Fri, 02 Jun 2023 00:25:28 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=plrpf8rIjaBUA1dghiUDcAUdh4sUxBcGVx8mjWOl+iFJht8kIsXOfOubyX7xeVqx; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:28 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--w549329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528397&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528397&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528397&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=; utag_main=v_id:0188797eb38900000009374e858b05046003700900918$_sn:1$_se:2$_ss:0$_st:1685667328238$ses_id:1685665526666%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:60cdd62a-936a-4e08-8af6-3893891de7f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:165; dti_apg=%7B%22_rt%22%3A%22DQwFKPpNtxbF8CmqlmHPp94jfYbc6CyA3kQ8tQDl3d8%3D%22%2C%22c%22%3A%22clI4V215eXExUFRrZGVGcQ%3D%3DWEX62JPHbIgQfYVmDFjg3r7BBLo5NHcJM7B3ocJSVL1EXpPkPnzR7-_icIdlJZVWz30KBc-0o6RY3UahsvSdHeq5_BUrL2cqyMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtqTKVy%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C57803541130796398560653695532567926031%7CMCOPTOUT-1685672728s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c; _cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 00:25:28 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=oE331RCQ6zxkidR1USaq8B+S7+McuBM7vW7bjgQbTbwp2o2jrok0paQzNgjKeano; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:28 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f8_kf173_12550-5947
www--wellsfargo--com--w549329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.132.220200 OK 968 B URL POST HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2440), with no line terminators
Hash 94d2d9553bec2c331677a7925738df02
79f76e8fac98d3afdabae04b454eb4395a511df7
1b2e847c2619b61b641b3e9bbb59043dcec7f68b747833134386ebd35775edc2
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 265
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=; utag_main=v_id:0188797eb38900000009374e858b05046003700900918$_sn:1$_se:2$_ss:0$_st:1685667328238$ses_id:1685665526666%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:60cdd62a-936a-4e08-8af6-3893891de7f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:165; dti_apg=%7B%22_rt%22%3A%22DQwFKPpNtxbF8CmqlmHPp94jfYbc6CyA3kQ8tQDl3d8%3D%22%2C%22c%22%3A%22clI4V215eXExUFRrZGVGcQ%3D%3DWEX62JPHbIgQfYVmDFjg3r7BBLo5NHcJM7B3ocJSVL1EXpPkPnzR7-_icIdlJZVWz30KBc-0o6RY3UahsvSdHeq5_BUrL2cqyMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtqTKVy%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C57803541130796398560653695532567926031%7CMCOPTOUT-1685672728s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c; _cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:29 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 968
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-7e96255a-4fc6-4d3b-a54e-71ea1bc2db72' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:60cdd62a-936a-4e08-8af6-3893891de7f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:165; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:f9ab270b-36c4-41bb-863e-7caf73788d09; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:f9ab270b-36c4-41bb-863e-7caf73788d09|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:17; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=0DB6AEDC9D0F78F8888C7756C567CCC3; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 01 Jun 2024 00:25:29 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202306011725291024482744; domain=.wellsfargo.com; path=/; expires=30 May 2033 00:25:29 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!sk2oCe26bc/ehA8Gl7IZxfIs0wroUTiUec06VCVKNCDw/V3r6qMWe1bnJ6Z+GIbQHYhJ3V2elcBFA08=; path=/; Httponly; Secure
DCID=cBoSoGUpFjTuMLR6AYjkALo%2fvArr1Eq+T6USmfKVNEU%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:28 GMT;Httponly; Secure
_abck=4D6F6B7F94D6041E664FAC705E32A0CB~-1~YAAQlNAXAqMhbHaIAQAAYL1+eQmFAdjuv238wAh4qepvPqJuZQrUAttY33pyuSJaZ/k5Kg/nE4+0UgL6PC60pa90k44rcfLQJa54l4q3vycrI3xc0Ckdxy6bZPXCJmyWssojCciBtCR18YXI6fojBQrXRg/xCa2PgvQF8kxwjDvX2NCY036zu34uyU9Kg7T6R/h2W+2kZ6XZALinkjOdQwA1Nq+b8GX3MFlAB4DTjnkdZVtouQJIXfr1K7WlIzmc8SA2jkcELJSo7L1KSJx0xYlVJmM92TUFIWUWRd0qgGntNBMrfyORf+ctG8x198FBslGSjpGx1BCJ+HUQDbis5FiBC3dM2o994VmXO+1NKQB5Lyry/wm2JEYY1lel51zq~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:25:29 GMT; Max-Age=31536000; Secure
bm_sz=0308AD1B4866855A7E5016B11024CC2C~YAAQlNAXAqQhbHaIAQAAYL1+eROjrqTj/wBlD+q+E8xxs+ZzAQbDuWpCmOg0dTYVN0490pGm7mPM1uyNo4TjwC6yYxwvqjkKfBGK+FjzldiR3sNoT/XeMWF9FH2H0HOyQsF8y2icZ++8V0/wIdgnmKpbVDd4MEa81yjZIgWj24w5FIYFFMgzz39WTUGqtsNQn1FPCcC/6ciiaOvVcH+k/s3jWwF5zOhPV+1WBDynx3Kj6/lJZWASKIMvH9D3YyHFqJgopSZF/ihta/ZdZvdTw9IdWv5xgGDllxMH4a2cX9SoKjK4wyAU~4408370~3553349; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:25:28 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f8_kf173_12520-45726
c1.wfinterface.com/tracking/ga/ga.js
23.36.79.32200 OK 20 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/ga.js
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (49163)
Hash 8402e9ebdf9290c018b0617018227681
2d840fcd6c3008d9aca747ba0ce056b496db8e1b
0b2af045acafbdf14516bf55f310568036ace959946d16edb1acebcd58029d22
GET /tracking/ga/ga.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-c025"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 19477
Date: Fri, 02 Jun 2023 00:25:29 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=SGBRXEJ0LbOlasRLJPtaWA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--w549329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.132.220200 OK 973 B URL POST HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2440), with no line terminators
Hash 8de1e294ffbfecd1e8a7f4824abe9b20
707f8127e29c52280393b183f53005f66e7b7236
531799550ce83239e683a84d05205e4237078a05f9d6ad8909a2ac4aef46163c
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 265
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=; utag_main=v_id:0188797eb38900000009374e858b05046003700900918$_sn:1$_se:2$_ss:0$_st:1685667328238$ses_id:1685665526666%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:60cdd62a-936a-4e08-8af6-3893891de7f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:165; dti_apg=%7B%22_rt%22%3A%22DQwFKPpNtxbF8CmqlmHPp94jfYbc6CyA3kQ8tQDl3d8%3D%22%2C%22c%22%3A%22clI4V215eXExUFRrZGVGcQ%3D%3DWEX62JPHbIgQfYVmDFjg3r7BBLo5NHcJM7B3ocJSVL1EXpPkPnzR7-_icIdlJZVWz30KBc-0o6RY3UahsvSdHeq5_BUrL2cqyMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtqTKVy%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C57803541130796398560653695532567926031%7CMCOPTOUT-1685672728s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c; _cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:29 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 973
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-331ef3e8-7d95-4835-9556-f0f2ae54da5e' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:60cdd62a-936a-4e08-8af6-3893891de7f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:165; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:61fd98fb-3b2b-4db7-91db-8439dc929f97; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:61fd98fb-3b2b-4db7-91db-8439dc929f97|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:64; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=DA51E2DFA895053615AE291BC2D89970; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 01 Jun 2024 00:25:29 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202306011725291332847124; domain=.wellsfargo.com; path=/; expires=30 May 2033 00:25:29 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!EtMnjQz5d5L0AlUMntjHYqEj2JIOPPszgPz4oOkEgGBUyoVa/tgs3mymOS2UMyhSgEARvC81lMVzEbw=; path=/; Httponly; Secure
DCID=qH%2fUN7+nNxm9ZRdlGb55qlORT1QfYkQa9++QJzIx4LkrSfmR3QdW6bf+4aczHR3t; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:28 GMT;Httponly; Secure
_abck=99F1298A3E4079984552F8F51AC5BCDE~-1~YAAQlNAXAqUhbHaIAQAAa71+eQnGDvOeXXrBjGDigwGK5FOQ/dTobQLPd4iPq9givO5zo9rrabOQvJrTFj6JU9Z+CUOKdWb3PzxdtUYiAl3i6BfVcFt3pJuSK/96HoNAsuOBCM4rmsHlFAsKHSJkBYhG4G7Zquu50OaAKJAx/OQv9FLC2CReF+WC+G8ZkEufiCOAVy90J7MaURvh4G7xtJCrxWIrRtevnBAOrJPdnYNIHgZTSEgo8eVrdesum2bnORq2AXJ/RQ80K1Mk/za4VZ9sJ9rFaLNHJ0xPi8sEh9rVjfrY1vxQDP5EA6wPwA465Xk1BnRWKBCWSCAp8hmkv8EWdhLr0Wj2UM9NsPIglspmLih9PF7P1q/Mt1gwk6uk~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:25:29 GMT; Max-Age=31536000; Secure
bm_sz=A6092C62CE3B851348A7D1263A11E860~YAAQlNAXAqYhbHaIAQAAa71+eRMqtudWIAd25i4kgbueMHjCxVmVzu3hlxZ1rLe7haKt0KgZfVI2ugK7nwaY368XcxZja8SO/0ur5nMLRjQtiagAQCNi+a1QjLPllVfNNgCWDHtByEbOS9L+n8lJy1fNXZk3v8N49UFrzRPAIjlBCLTaWgmgICLuA3rmCMDf6evcslvodv8dpaWHBHou4RNOVxgaSHgvWaQbOsQFjAg/4s8kpJTOmbQJl4sK3Wyc9ZyMLHAo4J1w1jk/B8/WqvgoinOQ9aSTT7ayMI4cCUcxF50oVjvK~4408370~3553349; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:25:28 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f8_kf173_12353-24854
www--wellsfargo--com--w549329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.132.220200 OK 969 B URL POST HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2437), with no line terminators
Hash d0482e86586fadf0ff2779ad890a344a
175ab01aff50a88e6c39cf9361a7bc9620f7e138
5ba89f18165a5d8f3f03a6fd966531b6745338b7ab0496edb9673b08a66c08c8
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 262
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=; utag_main=v_id:0188797eb38900000009374e858b05046003700900918$_sn:1$_se:2$_ss:0$_st:1685667328238$ses_id:1685665526666%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:60cdd62a-936a-4e08-8af6-3893891de7f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:165; dti_apg=%7B%22_rt%22%3A%22DQwFKPpNtxbF8CmqlmHPp94jfYbc6CyA3kQ8tQDl3d8%3D%22%2C%22c%22%3A%22clI4V215eXExUFRrZGVGcQ%3D%3DWEX62JPHbIgQfYVmDFjg3r7BBLo5NHcJM7B3ocJSVL1EXpPkPnzR7-_icIdlJZVWz30KBc-0o6RY3UahsvSdHeq5_BUrL2cqyMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtqTKVy%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C57803541130796398560653695532567926031%7CMCOPTOUT-1685672728s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c; _cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:29 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 969
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-b41ed029-8d18-4c71-a0b6-d473a851be52' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:60cdd62a-936a-4e08-8af6-3893891de7f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:165; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:767612e6-788d-4474-b111-0f3bf97ff9ab; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:767612e6-788d-4474-b111-0f3bf97ff9ab|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:54; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=CC97C954F5680CB9B8C1C8644134A07E; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 01 Jun 2024 00:25:29 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202306011725291330548225; domain=.wellsfargo.com; path=/; expires=30 May 2033 00:25:29 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!92GGjtzrv+EScwcMntjHYqEj2JIOPEer8QuzeaFoTzXOp+ZaVpOKNfclLNm+gDDj3Xfm7CgPIWUZbEQ=; path=/; Httponly; Secure
DCID=9Xe82G4RTqh0koO0yHlz+ylHkjqj0EXIr2WwbKACRgrNfC6Cf964gl9dl1H7AOia; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:28 GMT;Httponly; Secure
_abck=CF379904C70AD45DF872AA1E23AA9D44~-1~YAAQjtAXAsfUdW2IAQAAgb1+eQnxYfTGlJiaUYzOylZY/OcQiqvhV2XaoclhZFdE2uHrbngJnuEB1LQeTf8WQUMQqJ5idjTvBDJBfGuF+Y/rK+gGzixXpe0xohAn0gXpo1lQMkFQL2RmW5B8IBprKCHKTJMUU89FtfS4aOPm9Hw4xG9ySPW6xZqRIo8avXpzyNAoa+nQw3yXkcG7uahTD8K/BZlO80x2QHct0H9qFJbQ7oKi7UrCcTMxLiKw5xPy3BSqTlJGUrtyKCBj/612PEBD+f2cUBohXWRmq8EkyTxPbYy/VriGzm/1s+GxyK9iePEsdLpM1xuCeXSn+fqZdTBp7wsITv6r2kNOY7HYgxMb7eBy/eOk6a45TeubLLYN~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:25:29 GMT; Max-Age=31536000; Secure
bm_sz=D10865F1F1D57FEAE01CF8C53C308D52~YAAQjtAXAsjUdW2IAQAAgb1+eROFIVqFDdIKVnOInB8uiIKwVwJQo3TZrFwm5q+rMzOV6Ax7DRfiD1r5p5DKSeGOjJeodhU/DIO7cubSo2kTb4vR1s6IQzk5eoHbAAbczxlu6WVKlRd6Y+/ytBG16reBF8cM1Tm2WgA9/ZD7AqGcXSM7veDaXrapBpqTsgo4nx2+wDHJToAm6Ea8VPaHlYjlXMjfXOEyBdJw3Is5hTVbKUAuEWpKQgVK2A/xA37cBpB5JdxhEUUJcJyOQuVLHRt258a9Er0cHUWojuNK1vYAwLHl/jGq~4408370~3553349; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:25:28 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f8_kf173_12394-39438
www--wellsfargo--com--w549329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528482&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528482&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528482&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32 HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=; utag_main=v_id:0188797eb38900000009374e858b05046003700900918$_sn:1$_se:2$_ss:0$_st:1685667328238$ses_id:1685665526666%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:60cdd62a-936a-4e08-8af6-3893891de7f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:165; dti_apg=%7B%22_rt%22%3A%22DQwFKPpNtxbF8CmqlmHPp94jfYbc6CyA3kQ8tQDl3d8%3D%22%2C%22c%22%3A%22clI4V215eXExUFRrZGVGcQ%3D%3DWEX62JPHbIgQfYVmDFjg3r7BBLo5NHcJM7B3ocJSVL1EXpPkPnzR7-_icIdlJZVWz30KBc-0o6RY3UahsvSdHeq5_BUrL2cqyMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtqTKVy%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C57803541130796398560653695532567926031%7CMCOPTOUT-1685672728s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c; _cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 00:25:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=oGiI%2fgxYnSpjBywhFt1LiJQgihMHrW6T0phYPgGZBdkQ9pT1MzYIgAZpi6PGqvMA; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f9_kf173_12550-5951
www--wellsfargo--com--w549329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528476&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528476&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528476&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32 HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=; utag_main=v_id:0188797eb38900000009374e858b05046003700900918$_sn:1$_se:2$_ss:0$_st:1685667328238$ses_id:1685665526666%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:60cdd62a-936a-4e08-8af6-3893891de7f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:165; dti_apg=%7B%22_rt%22%3A%22DQwFKPpNtxbF8CmqlmHPp94jfYbc6CyA3kQ8tQDl3d8%3D%22%2C%22c%22%3A%22clI4V215eXExUFRrZGVGcQ%3D%3DWEX62JPHbIgQfYVmDFjg3r7BBLo5NHcJM7B3ocJSVL1EXpPkPnzR7-_icIdlJZVWz30KBc-0o6RY3UahsvSdHeq5_BUrL2cqyMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtqTKVy%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C57803541130796398560653695532567926031%7CMCOPTOUT-1685672728s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c; _cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 00:25:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=y0HvNOFpi32wEGHSiBP94WiuPxTdkxJIxh7rxUzpL8sOMSw+umr4+m1iPzKz47+F; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f8_kf173_12394-39439
connect.secure.wellsfargo.com/PIDO/pic.js?r=0.44916458647483626
23.36.79.34200 OK 52 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/PIDO/pic.js?r=0.44916458647483626
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash f83d761dcf541f1630bcf349f13f08dd
d77ca9cd7954f7bb1ff0179e640f4649be3a88b8
2bbb1f3f4378f26597cd218cc249a5b37b1cbf956ec37849617f8b367fd66ffb
GET /PIDO/pic.js?r=0.44916458647483626 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 52527
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 02 Jun 2023 00:25:29 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=9MztPMllxNqF29xbTrEO97W870hLPCfw7LDo+SSwYfD3GcT19p3PpOZcPAOVNBO4; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/AIDO/glu.js
23.36.79.24200 OK 37 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/AIDO/glu.js
IP 23.36.79.24:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 87d0c3108a3a3be23c45dc0d1d757d01
8032bf44dcd4ad8ec5ab89240a13753e3b819101
be06e1f946a81619756725b6150669c3f7331661a91313cd0c242aad3f45e6c4
GET /AIDO/glu.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 37168
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, OPTIONS
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Encoding: gzip
Date: Fri, 02 Jun 2023 00:25:29 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=otVT4jN4MIAFKGSrstDeI6bIsrBZwThUtdTVy0cL0HerjSyRj7un%2fE8sFVFXjCno; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:28 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0&_cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c&pid=25908bd4-e761-47a4-858b-11b10e4bd254&sn=1&cfg&pv=2&aid=
23.36.79.33200 OK 1.1 kB URL POST HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0&_cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c&pid=25908bd4-e761-47a4-858b-11b10e4bd254&sn=1&cfg&pv=2&aid=
IP 23.36.79.33:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (4589), with no line terminators
Hash b4b7b67d7a0ff4e9d4da3fd0e8eb6193
8f97d30618500b7c2aa1f4bca58b49fe75995895
d7dc46f5f9123b034fc979c6f8a2c8e2985595961c92ebe7e2e3710ab0c62694
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0&_cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c&pid=25908bd4-e761-47a4-858b-11b10e4bd254&sn=1&cfg&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 3591
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=32a3f9ce; _cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0; _cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1141
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Fri, 02 Jun 2023 00:25:29 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=32a3f9ce; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!h0jbZlWwq4qrJHXpnNE5eVRfS7HzYza+g9ikk4lUZlsU8VrEJoBjrzY1nBweSQpNmRkqCWkou3Lpvw==; path=/; Httponly; Secure
DCID=YsRK%2fa2IR1TJpznVm7EjgI5mfRK7ulwyFPSZCYcyGsD85aEKHtcUFDFlaa+BAQLJ; Domain=rubicon.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--w549329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.132.220200 OK 970 B URL POST HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2435), with no line terminators
Hash 5116ac9dbd9f16536a5b8a9fbe4d4d4d
2df363e511806824e90783653c209e159f1bd60f
9cfffba1e869139961e6b8ae3c78a52e7e359e439543f56d736b084d4041e3a8
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 264
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=; utag_main=v_id:0188797eb38900000009374e858b05046003700900918$_sn:1$_se:2$_ss:0$_st:1685667328238$ses_id:1685665526666%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:60cdd62a-936a-4e08-8af6-3893891de7f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:165; dti_apg=%7B%22_rt%22%3A%22DQwFKPpNtxbF8CmqlmHPp94jfYbc6CyA3kQ8tQDl3d8%3D%22%2C%22c%22%3A%22clI4V215eXExUFRrZGVGcQ%3D%3DWEX62JPHbIgQfYVmDFjg3r7BBLo5NHcJM7B3ocJSVL1EXpPkPnzR7-_icIdlJZVWz30KBc-0o6RY3UahsvSdHeq5_BUrL2cqyMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtqTKVy%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C57803541130796398560653695532567926031%7CMCOPTOUT-1685672728s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c; _cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:29 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 970
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-f5ab0e52-655a-460c-afb0-b22495dd6e34' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:60cdd62a-936a-4e08-8af6-3893891de7f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:165; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:f20079e8-aebe-4d9e-b78a-2d77152a6851; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:f20079e8-aebe-4d9e-b78a-2d77152a6851|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:54; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=FDBD9B17429043DC376060986373960C; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 01 Jun 2024 00:25:29 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=112023060117252918337139; domain=.wellsfargo.com; path=/; expires=30 May 2033 00:25:29 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!JE3bAJSnS6oiwgYMntjHYqEj2JIOPEiapxL2GcOixmlunZGkgBz5zfcLrfHMAwLj3NyCIkbZkuRwD80=; path=/; Httponly; Secure
DCID=HVYk1bwojlotkvFsgHu0JqFQtp%2fvy4jcFtslScyHNd2jq7nRlixpWJiPZRvDNh29; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:28 GMT;Httponly; Secure
_abck=FA2C151706990DEFE7518735297A7793~-1~YAAQjtAXAtPUdW2IAQAADr5+eQnf0XR6sa5O+N4cUh+w//KriHEz7ZwY1kQRwVSCyVK1FV1fB9bNWNTTUgCQJv67RYzdNKuyLK8mgw75Ed1WzVD5Nnacffq8uwpcu2D+Hkuh3BkBlN1w211MQgq9HwmKpSG+gpMR/EB5tztfVQmjhP1WlFS7kP1FYRm5RvRRRQlOwyQbj/pjSg/K2kAQPnxRMyrOot8MdGj6RHlyTAeQmEFBrlWLRdv10i4fkDB5Ec1gDgKsJXZdDSmTdVjZ9m7r3K0nQh7KYrMdJyfNzXtlBs3bJeEBN0+d3TYxnRa0VTsvGinJK6iYJQ2Sajvx3XZm3RQXHaWSIzyhQd3qLkyy+8OYWbhYDnEESO8f35jD~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:25:29 GMT; Max-Age=31536000; Secure
bm_sz=9DFF868B385DEDD7B48B44CC845956B9~YAAQjtAXAtTUdW2IAQAADr5+eRNS6Ieabx47H3bR5/hmZ/PD5OXcktTlgJ5NoVHE61xv6JbMH5o+Z1ZVbGobdVepDwhXdNIrXuI3/QQ9+zjRVY8Xm31s8JP/ZXef7yD9DXabDYTga5jO20ZBXuwwPhjx7WI0K9C5p9u3S+rt5r8OZZ7Je26XL55D5fFcSNUmaEcYNo/bGvatBUloCVTdufqPEvlTBg4wFMDV4lY113ROQXif33tudIE3citHYH/ttsZdgCbsB1tbU9oOcqO0cbX2GsyLb0qKWgwqEEgYg/4brfbej1hp~4408370~3553349; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:25:28 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f8_kf173_12562-40748
www--wellsfargo--com--w549329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528502&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_chk_digitalcashbonusrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528502&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_chk_digitalcashbonusrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528502&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_chk_digitalcashbonusrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=; utag_main=v_id:0188797eb38900000009374e858b05046003700900918$_sn:1$_se:2$_ss:0$_st:1685667328238$ses_id:1685665526666%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:60cdd62a-936a-4e08-8af6-3893891de7f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:165; dti_apg=%7B%22_rt%22%3A%22DQwFKPpNtxbF8CmqlmHPp94jfYbc6CyA3kQ8tQDl3d8%3D%22%2C%22c%22%3A%22clI4V215eXExUFRrZGVGcQ%3D%3DWEX62JPHbIgQfYVmDFjg3r7BBLo5NHcJM7B3ocJSVL1EXpPkPnzR7-_icIdlJZVWz30KBc-0o6RY3UahsvSdHeq5_BUrL2cqyMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtqTKVy%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C57803541130796398560653695532567926031%7CMCOPTOUT-1685672728s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c; _cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 00:25:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=kcDjxmE6FEjaMTKPY0R8SitvP%2fYAGsDOunMKaPkSDG0fgwWz2jpdRLgJ2RVdawfD; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f9_kf173_12394-39441
www--wellsfargo--com--w549329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528510&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=1
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528510&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=1
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528510&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=1 HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=; utag_main=v_id:0188797eb38900000009374e858b05046003700900918$_sn:1$_se:2$_ss:0$_st:1685667328238$ses_id:1685665526666%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:60cdd62a-936a-4e08-8af6-3893891de7f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:165; dti_apg=%7B%22_rt%22%3A%22DQwFKPpNtxbF8CmqlmHPp94jfYbc6CyA3kQ8tQDl3d8%3D%22%2C%22c%22%3A%22clI4V215eXExUFRrZGVGcQ%3D%3DWEX62JPHbIgQfYVmDFjg3r7BBLo5NHcJM7B3ocJSVL1EXpPkPnzR7-_icIdlJZVWz30KBc-0o6RY3UahsvSdHeq5_BUrL2cqyMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtqTKVy%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C57803541130796398560653695532567926031%7CMCOPTOUT-1685672728s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c; _cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 00:25:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=dNuyc28wWA1M7VEJCT7WMsz5EvpBDkA7EK0PA2PE+sjzILfFQ7+gpgoJ3OyhVJdZ; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f9_kf173_12394-39442
www--wellsfargo--com--w549329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528506&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528506&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528506&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=; utag_main=v_id:0188797eb38900000009374e858b05046003700900918$_sn:1$_se:2$_ss:0$_st:1685667328238$ses_id:1685665526666%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:60cdd62a-936a-4e08-8af6-3893891de7f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:165; dti_apg=%7B%22_rt%22%3A%22DQwFKPpNtxbF8CmqlmHPp94jfYbc6CyA3kQ8tQDl3d8%3D%22%2C%22c%22%3A%22clI4V215eXExUFRrZGVGcQ%3D%3DWEX62JPHbIgQfYVmDFjg3r7BBLo5NHcJM7B3ocJSVL1EXpPkPnzR7-_icIdlJZVWz30KBc-0o6RY3UahsvSdHeq5_BUrL2cqyMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtqTKVy%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C57803541130796398560653695532567926031%7CMCOPTOUT-1685672728s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c; _cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 00:25:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=NpHgWEAVAzRem%2fRLGHLOb7%2fY+vnuj3ndA7QpE21HV81zI8TLmMPjKItvo3dmF48j; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f9_kf173_12550-5952
ort.wellsfargo.com/securereporting/reporting/v1/csp
23.36.79.17 0 B URL ort.wellsfargo.com/securereporting/reporting/v1/csp
IP 23.36.79.17:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /securereporting/reporting/v1/csp HTTP/1.1
Host: ort.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 3398
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Length: 0
X-Vcap-Request-Id: 738c0d5a-7ff1-4535-4a8e-51ab8fa6bcb6
X-Xss-Protection: 1; mode=block
Date: Fri, 02 Jun 2023 00:25:29 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:0|g:685c7a9f-a156-467f-b936-c76de32ded47; Max-Age=30; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure
ADRUM_BTa=R:0|g:685c7a9f-a156-467f-b936-c76de32ded47|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Max-Age=30; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure
SameSite=None; Max-Age=30; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766; Max-Age=30; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:6; Max-Age=30; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:6|d:7; Max-Age=30; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure
DCID=gxMGHd7d9pRNGNhe7fs0vnHFO4GcwtY%2fRHtsePIZ8Uc%3d; Domain=ort.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:29 GMT;Httponly; Secure
_abck=A76EB3302608AF51569919D2B7FFE4D7~-1~YAAQDU8kFwdkvmyIAQAArL5+eQnmwm9GzjMw1k/hxtty3wUGk7u7kotRF7GBRy8fYjENsJ2B7DdFnsHmIShhAvPFYqXe/USbT9KhkZmyI5QJrgPHYGi/tLOFb5Go1evqY0/d/U6ghjERtltNtP17JArKQsxOdBEGDNIZ084PlooWcJlmysVkj4NDz1zZHE8aVf01R33wQuoecIFTqpAZFn3T3+L8CbQ6Ogb3MdmOykJYmGwxbOfqjHOJMA3ppi7g/3g7kNzMivq5eaZueemZiLZG4Srqcg2fKHxLicKDczlyafPSLQnNk86BEv/E/UrbEMhz9oX/Gy24YWxR9fg/jWTM1GQhYgdhcbzcZAR1EE/doQIpr0CoUQifkyXpHSlb~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:25:29 GMT; Max-Age=31536000; Secure
bm_sz=FE3A4618D7F80D82FCF6DF633054A9F8~YAAQDU8kFwhkvmyIAQAArL5+eRNOhDpBDil4IVOgqWdEH7tDTm+6reMO59ElKVhpoVTnxqieIL6nGalnDFnjYuiQ90itY7bm/hWuxVXi48zeuaB2Zl4N0fRuD88zcMpzQYnmrbb/HwdD16d9xnaCd/SKeq0ktTj3l8gizqA9wnpsWPt+U4d83oKhOhZUJfIRsBt6m0vinPyhj1N75O+gV9jb1l7jVvdLdpGGemzXcB04+xo8wirzDoI9R31d59m4GBvAz7WAFNoc2i7LR+zxb2YDOICvHzS/F2GF9yrgXKBnG3VDtbyo~3487045~3291189; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:25:29 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--w549329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528499&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528499&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528499&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=; utag_main=v_id:0188797eb38900000009374e858b05046003700900918$_sn:1$_se:2$_ss:0$_st:1685667328238$ses_id:1685665526666%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:60cdd62a-936a-4e08-8af6-3893891de7f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:165; dti_apg=%7B%22_rt%22%3A%22DQwFKPpNtxbF8CmqlmHPp94jfYbc6CyA3kQ8tQDl3d8%3D%22%2C%22c%22%3A%22clI4V215eXExUFRrZGVGcQ%3D%3DWEX62JPHbIgQfYVmDFjg3r7BBLo5NHcJM7B3ocJSVL1EXpPkPnzR7-_icIdlJZVWz30KBc-0o6RY3UahsvSdHeq5_BUrL2cqyMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtqTKVy%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C57803541130796398560653695532567926031%7CMCOPTOUT-1685672728s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c; _cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 00:25:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=NiaOfZw3WQHeEIIjsA4H00MuSacWaV0NcPzD9mKDluY%2fAYEruQISb34uAEiOp+l4; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f9_kf173_12353-24860
c1.wfinterface.com/tracking/ga/ec.js
23.36.79.32200 OK 1.3 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/ec.js
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (2771)
Hash 0ae62a83927125e9b9dfa97f89af9d3f
efb68f49f2b9b6b5567bf26a17015ede289e429d
618688d9849fef712931832c71e01be145d1791d6da917a702ab86a74ce66089
GET /tracking/ga/ec.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-aed"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1313
Date: Fri, 02 Jun 2023 00:25:29 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=LOjCWuQS2au1H55jVc3Eow%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/jenny/nd
23.36.79.34200 OK 18 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/jenny/nd
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (2293)
Hash fd84add9ed27b6aa5d0cddb1be1d07cf
07d7f552e82c7b83c71b16358b7efb063d78cb5d
9c654e7372a81694d6ef749266dc5a5297433a6a8eb57e1aef8f7735720db0f7
GET /jenny/nd HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/javascript;charset=ISO-8859-1
Content-Length: 17970
Date: Fri, 02 Jun 2023 00:25:29 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:55|g:3e7bc611-d692-4cd5-b797-28375ace278a; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure
ADRUM_BTa=R:55|g:3e7bc611-d692-4cd5-b797-28375ace278a|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure
SameSite=None; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812|e:3; Expires=Fri, 02 Jun 2023 00:25:59 GMT; Path=/; Secure
ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=1Lz9AGff37LPq1+7NffNHtH9Adlw0L%2fj7DVr42xj70Fk3HnnXhDIENc5eBbplyqf; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:29 GMT;Httponly; Secure
_abck=957133947505CB1C7ED7BCA3FA71949A~-1~YAAQHk8kF7ujKW2IAQAAHL9+eQkXdla5InzjhzQt2tu57fsfRWXZlg4/dXRdmp2pciDylMdA/wI1zQf0UaNy6E+oLXlu0jtNbbQpqRzl46mz6eDFEGUyWPHRNtTZSeCMZQO0MsEk+5qye219v0m98K40823uR7Uz/YceY2tgeXGDsKF+SvWB7wNqbYh8G7TTKsVoEFUY30hRBorobc7aAKKP9DygDnafc5yhQX42goRREHQV4vHd9AsCIJuRMgql+012EwRmsZcCEfaf8RjIAFJangCsqLX0JDdl4x743ENxa0pAJnwMr5C3HGehwcyXqYHcnkjQgAUy96YFqwjDSHS4Fooz7k1YM6FEYw16D8VtWwuCWQ8px9KxyFnodyTx~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:25:29 GMT; Max-Age=31536000; Secure
bm_sz=4C46B937A36E8B0E009B2D908F2C3668~YAAQHk8kF7yjKW2IAQAAHL9+eRPuMb+ILWvL1tPxIryDQ5d0t85x6pbSz0KOOn1pJgq28j77LSkNXFFJNI92WgHQFYryHy0x46h4pc4+aHv0jKPxTX+7LrF3zehtt6uQyYJnsK1TOlAZjFNfbo1rOzt8KyIm+5wB3IGZLa2UvfN/ED1MPKetUIvyqKnCInL6dis7LIi9pe1l+BgNYweSZF+pIC6UCmqNi7FVF83yAKAp2SVRzosCwmSrPMWla6vjZ4IUB07qYHAicAMN6KIQDkE0yLIKPfGJAAAJLAO3u46AG3j8TEAv~4273459~3359029; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:25:29 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--w549329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528514&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528514&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528514&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=; utag_main=v_id:0188797eb38900000009374e858b05046003700900918$_sn:1$_se:2$_ss:0$_st:1685667328238$ses_id:1685665526666%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:60cdd62a-936a-4e08-8af6-3893891de7f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:165; dti_apg=%7B%22_rt%22%3A%22DQwFKPpNtxbF8CmqlmHPp94jfYbc6CyA3kQ8tQDl3d8%3D%22%2C%22c%22%3A%22clI4V215eXExUFRrZGVGcQ%3D%3DWEX62JPHbIgQfYVmDFjg3r7BBLo5NHcJM7B3ocJSVL1EXpPkPnzR7-_icIdlJZVWz30KBc-0o6RY3UahsvSdHeq5_BUrL2cqyMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtqTKVy%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C57803541130796398560653695532567926031%7CMCOPTOUT-1685672728s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c; _cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 00:25:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=UkTpqIcGfRX1kNBCy4huA30hN459gkF2gZPxkw9XU7n5uXjnCsprJ3hndD29IMi7; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f9_kf173_12562-40753
www--wellsfargo--com--w549329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528518&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_sav_savingsprospectrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32&promoSlot=2
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528518&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_sav_savingsprospectrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32&promoSlot=2
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528518&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_sav_savingsprospectrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32&promoSlot=2 HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=; utag_main=v_id:0188797eb38900000009374e858b05046003700900918$_sn:1$_se:2$_ss:0$_st:1685667328238$ses_id:1685665526666%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:60cdd62a-936a-4e08-8af6-3893891de7f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:165; dti_apg=%7B%22_rt%22%3A%22DQwFKPpNtxbF8CmqlmHPp94jfYbc6CyA3kQ8tQDl3d8%3D%22%2C%22c%22%3A%22clI4V215eXExUFRrZGVGcQ%3D%3DWEX62JPHbIgQfYVmDFjg3r7BBLo5NHcJM7B3ocJSVL1EXpPkPnzR7-_icIdlJZVWz30KBc-0o6RY3UahsvSdHeq5_BUrL2cqyMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtqTKVy%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C57803541130796398560653695532567926031%7CMCOPTOUT-1685672728s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c; _cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 00:25:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=hdzCWsTqS8xCf+odHdPCO5uY2IMM%2foW%2fmwGBW5OPQPd+79+rl0B7ijiKaLcWJUTQ; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f9_kf173_12394-39443
www--wellsfargo--com--w549329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528521&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528521&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528521&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=; utag_main=v_id:0188797eb38900000009374e858b05046003700900918$_sn:1$_se:2$_ss:0$_st:1685667328238$ses_id:1685665526666%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:60cdd62a-936a-4e08-8af6-3893891de7f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:165; dti_apg=%7B%22_rt%22%3A%22DQwFKPpNtxbF8CmqlmHPp94jfYbc6CyA3kQ8tQDl3d8%3D%22%2C%22c%22%3A%22clI4V215eXExUFRrZGVGcQ%3D%3DWEX62JPHbIgQfYVmDFjg3r7BBLo5NHcJM7B3ocJSVL1EXpPkPnzR7-_icIdlJZVWz30KBc-0o6RY3UahsvSdHeq5_BUrL2cqyMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtqTKVy%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C57803541130796398560653695532567926031%7CMCOPTOUT-1685672728s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c; _cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 00:25:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=%2fr218OdNgPyOEuXwcUZLFxP79dpLlWuQGxfjOOLehnN0Q01CMRn74MmDyGCODavg; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f9_kf173_12394-39444
c1.wfinterface.com/tracking/ga/ga_conversion_async.js
23.36.79.32200 OK 14 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/ga_conversion_async.js
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (35846)
Hash 0a40602db7616a31c9da4548ee920190
878e01cb0c90cb247aabc137327655a6fcffcbd5
6c771bd1c269646a76015f2f6410a40c031e5adea88f665bfe9ae15a972ab6ab
GET /tracking/ga/ga_conversion_async.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-8c31"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 13593
Date: Fri, 02 Jun 2023 00:25:29 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=V6Df24eYH16I4eYXpxrWuw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--w549329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528529&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528529&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528529&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32 HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=; utag_main=v_id:0188797eb38900000009374e858b05046003700900918$_sn:1$_se:2$_ss:0$_st:1685667328238$ses_id:1685665526666%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:60cdd62a-936a-4e08-8af6-3893891de7f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:165; dti_apg=%7B%22_rt%22%3A%22DQwFKPpNtxbF8CmqlmHPp94jfYbc6CyA3kQ8tQDl3d8%3D%22%2C%22c%22%3A%22clI4V215eXExUFRrZGVGcQ%3D%3DWEX62JPHbIgQfYVmDFjg3r7BBLo5NHcJM7B3ocJSVL1EXpPkPnzR7-_icIdlJZVWz30KBc-0o6RY3UahsvSdHeq5_BUrL2cqyMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtqTKVy%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C57803541130796398560653695532567926031%7CMCOPTOUT-1685672728s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c; _cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 00:25:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=UwQX4VkHi4kspvW0ucrJJt2nQ+mQKhaXRA4f6OW1kJfiTI6X9c%2ffOyIlPS8Ov%2f8X; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f9_kf173_12353-24867
www--wellsfargo--com--w549329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528486&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528486&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528486&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8 HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=; utag_main=v_id:0188797eb38900000009374e858b05046003700900918$_sn:1$_se:2$_ss:0$_st:1685667328238$ses_id:1685665526666%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:60cdd62a-936a-4e08-8af6-3893891de7f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:165; dti_apg=%7B%22_rt%22%3A%22DQwFKPpNtxbF8CmqlmHPp94jfYbc6CyA3kQ8tQDl3d8%3D%22%2C%22c%22%3A%22clI4V215eXExUFRrZGVGcQ%3D%3DWEX62JPHbIgQfYVmDFjg3r7BBLo5NHcJM7B3ocJSVL1EXpPkPnzR7-_icIdlJZVWz30KBc-0o6RY3UahsvSdHeq5_BUrL2cqyMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtqTKVy%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C57803541130796398560653695532567926031%7CMCOPTOUT-1685672728s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c; _cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 00:25:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=1nfDgmp3FL2vfoW3hNkWJDvwNGKRQO1LDAcohkKJK01v5V4Xfpq80lRiWijrf4ef; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f9_kf173_12520-45730
connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBSSnhaMURETVpXUVY3OGkrMEUvMXdCdHg5cC9WVkgwL3cwU3dNcndobm0vemJtemR6UlBJZzE0eUJvM1FRbDFQNUMwUVN0S0RxWTd4YjIraE1Dc0VHcEMyNHFmMmtmcnVZaDV1WU5ISTB4MGlqdm9sbi9rNmQwVmxZdjV4M2NWaWpNTlRVMkhlMkRJVWFiMEZDeGxWMkdrY0dRRHA4cTVuVytuanY5TU5xaXVMT1VBU0NSelArWDJ6cUFJWHpKY0NDQkZ6V3dNUEhEZnpBL0FKblBSUUU2Q3pxajNESGNkbzdrQ1pLRjJ6Z21sbkprVW5JaThCajVCbEpGbTRrSFQ0WjVHcUM2Rnp4S2xsYkx5MmVhYURaSGthWGtmVVRPTDk1cUdCeXZVPXw5MTU2MzRkOWZjMzY4ODUyMjIyYWU2ZmQ5YTBjMzdmNWE2M2FkODNkMTdlMDIwOTEzOGI3ZmFiZWQxMDhmNTcwMDVkYzBkYTk2OWY1NzNkZjZhZWZlZmY2ZDJlNWZjNzNmZTRlNWFhNDdjMWZmYzRhMzk5ZTZmYzIxOTY5ZTk4ODU5Yzk4MmQxOTY3MjJmY2QxZmI4YWI4ZDg2MzU5YjNmNDQ0OWQ4ZTRmMmQ1ZWQ1MmFmNDRiZGUzNWZkZGY0NTUyYmQ0MmMyZDYyNjQ2MDE4MWVhMmJhZWQxMjNlZTc0ZWIwZWNkNGJkNDZjOTJiNTUzZjkyYzNlMGNhZjQxOGM2YzBmZjc3OGI0ZTE0MmU5NjZkZmNkYzIxY2Y2MWY1MGY3MmUzYzk1MjA4ODdkYTFjZDQ2Yzk5ZWU5Y2U2MzAwNTZhZDY0ZTZhNjQyMjExMzM1MzhkZWM1NDcwY2Y2OWYwMGE5NzRkYWNmMDMyNjIzYzlmMzE0M2NlYTEyOTY3ZWQ3ZDM1ZWMyNDMwZWRmYWY1ODM4ZjExMzlmOWM3ZTcyYjU5NWE5MjVmNWJkMWY0MDUxNjIwNTk5NjcwYzRhMzc2MzA0MjEwNDRiNjRiNzZjOWQzNGM2ODI4YmVkMDEzZGM5ODg3Y2M5MmEzYmQyNjM0NjQ0YjQwNmM1OThlZmY2NXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com&t=jsonp&c=cstaiqnfzsxpapr_&eu=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F
23.36.79.34200 OK 90 B URL GET HTTP/1.1 connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBSSnhaMURETVpXUVY3OGkrMEUvMXdCdHg5cC9WVkgwL3cwU3dNcndobm0vemJtemR6UlBJZzE0eUJvM1FRbDFQNUMwUVN0S0RxWTd4YjIraE1Dc0VHcEMyNHFmMmtmcnVZaDV1WU5ISTB4MGlqdm9sbi9rNmQwVmxZdjV4M2NWaWpNTlRVMkhlMkRJVWFiMEZDeGxWMkdrY0dRRHA4cTVuVytuanY5TU5xaXVMT1VBU0NSelArWDJ6cUFJWHpKY0NDQkZ6V3dNUEhEZnpBL0FKblBSUUU2Q3pxajNESGNkbzdrQ1pLRjJ6Z21sbkprVW5JaThCajVCbEpGbTRrSFQ0WjVHcUM2Rnp4S2xsYkx5MmVhYURaSGthWGtmVVRPTDk1cUdCeXZVPXw5MTU2MzRkOWZjMzY4ODUyMjIyYWU2ZmQ5YTBjMzdmNWE2M2FkODNkMTdlMDIwOTEzOGI3ZmFiZWQxMDhmNTcwMDVkYzBkYTk2OWY1NzNkZjZhZWZlZmY2ZDJlNWZjNzNmZTRlNWFhNDdjMWZmYzRhMzk5ZTZmYzIxOTY5ZTk4ODU5Yzk4MmQxOTY3MjJmY2QxZmI4YWI4ZDg2MzU5YjNmNDQ0OWQ4ZTRmMmQ1ZWQ1MmFmNDRiZGUzNWZkZGY0NTUyYmQ0MmMyZDYyNjQ2MDE4MWVhMmJhZWQxMjNlZTc0ZWIwZWNkNGJkNDZjOTJiNTUzZjkyYzNlMGNhZjQxOGM2YzBmZjc3OGI0ZTE0MmU5NjZkZmNkYzIxY2Y2MWY1MGY3MmUzYzk1MjA4ODdkYTFjZDQ2Yzk5ZWU5Y2U2MzAwNTZhZDY0ZTZhNjQyMjExMzM1MzhkZWM1NDcwY2Y2OWYwMGE5NzRkYWNmMDMyNjIzYzlmMzE0M2NlYTEyOTY3ZWQ3ZDM1ZWMyNDMwZWRmYWY1ODM4ZjExMzlmOWM3ZTcyYjU5NWE5MjVmNWJkMWY0MDUxNjIwNTk5NjcwYzRhMzc2MzA0MjEwNDRiNjRiNzZjOWQzNGM2ODI4YmVkMDEzZGM5ODg3Y2M5MmEzYmQyNjM0NjQ0YjQwNmM1OThlZmY2NXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com&t=jsonp&c=cstaiqnfzsxpapr_&eu=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 9e5f6176e2391e0a01202185d82a0c7d
995eee42dbe3de0c4ccbf657b17765d366a70bbc
53d83853b0eb9411f446a178376842e110e4e06c6782c555f0e6b40c37735732
GET /AIDO/vyHb?d=ZW5jZEBSSnhaMURETVpXUVY3OGkrMEUvMXdCdHg5cC9WVkgwL3cwU3dNcndobm0vemJtemR6UlBJZzE0eUJvM1FRbDFQNUMwUVN0S0RxWTd4YjIraE1Dc0VHcEMyNHFmMmtmcnVZaDV1WU5ISTB4MGlqdm9sbi9rNmQwVmxZdjV4M2NWaWpNTlRVMkhlMkRJVWFiMEZDeGxWMkdrY0dRRHA4cTVuVytuanY5TU5xaXVMT1VBU0NSelArWDJ6cUFJWHpKY0NDQkZ6V3dNUEhEZnpBL0FKblBSUUU2Q3pxajNESGNkbzdrQ1pLRjJ6Z21sbkprVW5JaThCajVCbEpGbTRrSFQ0WjVHcUM2Rnp4S2xsYkx5MmVhYURaSGthWGtmVVRPTDk1cUdCeXZVPXw5MTU2MzRkOWZjMzY4ODUyMjIyYWU2ZmQ5YTBjMzdmNWE2M2FkODNkMTdlMDIwOTEzOGI3ZmFiZWQxMDhmNTcwMDVkYzBkYTk2OWY1NzNkZjZhZWZlZmY2ZDJlNWZjNzNmZTRlNWFhNDdjMWZmYzRhMzk5ZTZmYzIxOTY5ZTk4ODU5Yzk4MmQxOTY3MjJmY2QxZmI4YWI4ZDg2MzU5YjNmNDQ0OWQ4ZTRmMmQ1ZWQ1MmFmNDRiZGUzNWZkZGY0NTUyYmQ0MmMyZDYyNjQ2MDE4MWVhMmJhZWQxMjNlZTc0ZWIwZWNkNGJkNDZjOTJiNTUzZjkyYzNlMGNhZjQxOGM2YzBmZjc3OGI0ZTE0MmU5NjZkZmNkYzIxY2Y2MWY1MGY3MmUzYzk1MjA4ODdkYTFjZDQ2Yzk5ZWU5Y2U2MzAwNTZhZDY0ZTZhNjQyMjExMzM1MzhkZWM1NDcwY2Y2OWYwMGE5NzRkYWNmMDMyNjIzYzlmMzE0M2NlYTEyOTY3ZWQ3ZDM1ZWMyNDMwZWRmYWY1ODM4ZjExMzlmOWM3ZTcyYjU5NWE5MjVmNWJkMWY0MDUxNjIwNTk5NjcwYzRhMzc2MzA0MjEwNDRiNjRiNzZjOWQzNGM2ODI4YmVkMDEzZGM5ODg3Y2M5MmEzYmQyNjM0NjQ0YjQwNmM1OThlZmY2NXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com&t=jsonp&c=cstaiqnfzsxpapr_&eu=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 90
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Fri, 02 Jun 2023 00:25:29 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=jrwBA9bXrQ9ReWZY0nh%2fxojKcfvbPji%2fINHbgjO34d1zsihZ4R5ZjzAFs5qJa+vs; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:29 GMT;Httponly; Secure
_abck=F23982A2289F73BD44B454AA088337C2~-1~YAAQHk8kF76jKW2IAQAAD8B+eQlYUQFglwV9jcz0LuWF2Q2qqDHw0mm9si5D/YI8n8MDOChkjXAu10YbxwHw0UWf8CiLeLJdBIrOmSZ/xecwIFCXMOR1Tc0FWMPbGX0sEsw+qd1fN9sMlz9hzZYfwz+RO9TPr/mPL0CHSb29QGkx6ZAFa94krwRGBX/PYnHfKBi/vsxCw8JQmMlouwMWiJeAwI/pN8TN0iq7gpqBAIqDKl/G5O+JnUxelSxqFAqRtZM5hpTUVITn6wmhKr6P3rK5u3ijo2k5KHMmtGJbm3hMt0OgO+rMGbq5ej1Cw1+DYINYgrnOV4j3hOapgqoL3u6rZhyxbYCvI10XONV3bCyFuMnJBdOk9qPhG+r/0qS0~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:25:29 GMT; Max-Age=31536000; Secure
bm_sz=E093A4646EA445E6DF4A2B6F81A7364D~YAAQHk8kF7+jKW2IAQAAD8B+eRPi0g6lrisxSWZ2ceak4Ti/ny703lgBKkthcXpVz13g8y3bV3svxt3xw8LFbQ2IP79p8AqZa65nPAEoagGUtiThPnQaes7SudOJ8gYemilCrdxGLepVwHp4j1Jj0KoKQGrKFNu8AgkvHCNp+F/COZQeAGfmmHHaI31G5AG7Pl7PwXYk9ztjPdm2iYqDXYBDXseJqYF6CT+xdhb2c2snQ4JRFJivd4qwflcneHu2CmGPiKYZF3Jwhz2KBGsCn35m73iTV71zsXtgujaVM5G5bzOqefiw~4273459~3359029; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:25:29 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--w549329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528524&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528524&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--w549329d48d6c.wsipv6.com%2F&cb=1685665528524&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3 HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=; utag_main=v_id:0188797eb38900000009374e858b05046003700900918$_sn:1$_se:2$_ss:0$_st:1685667328238$ses_id:1685665526666%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:60cdd62a-936a-4e08-8af6-3893891de7f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:165; dti_apg=%7B%22_rt%22%3A%22DQwFKPpNtxbF8CmqlmHPp94jfYbc6CyA3kQ8tQDl3d8%3D%22%2C%22c%22%3A%22clI4V215eXExUFRrZGVGcQ%3D%3DWEX62JPHbIgQfYVmDFjg3r7BBLo5NHcJM7B3ocJSVL1EXpPkPnzR7-_icIdlJZVWz30KBc-0o6RY3UahsvSdHeq5_BUrL2cqyMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtqTKVy%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C57803541130796398560653695532567926031%7CMCOPTOUT-1685672728s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c; _cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:29 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 00:25:29 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=R7bs6XlG8wMHCH2ISNnAL4XygCnWNuAoE1sHy123siMklO4+Sb9VgoR6XfBwFy3+; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936f9_kf173_12550-5954
connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.3645495232264151
23.36.79.24200 OK 137 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.3645495232264151
IP 23.36.79.24:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 137 kB (136675 bytes)
Hash 55dde79b841228547f0e4a5918d8d74f
19d17cd98ddfc28c373009ab14e1d68c8bbe25cd
ebab1241b6fafeffdc745e3b0fad7ba6e864fce72c66e6bc36c1b1058ff064b3
GET /AIDO/mint.js?dt=login&r=0.3645495232264151 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 136675
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 02 Jun 2023 00:25:30 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=qnRrS0L2gNkqCkeAUmVUGpcJoq3KoLMt+8I7gyhvgVtFeTL8H4zI20cMMiND8vsX; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--w549329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
163.171.132.220200 OK 134 B URL POST HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 7b53756d5da31ae42d57f9024a7e6298
1c9ee8329f0f4fbc456db98dd2d2178115aa18ed
b556d7e1b220072a101bb61babf61952b13ea6e5b3313b05eace21e663e7d633
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/dip/v1/dip HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
ADRUM: isAjax:true
Content-Length: 2046
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=; utag_main=v_id:0188797eb38900000009374e858b05046003700900918$_sn:1$_se:2$_ss:0$_st:1685667328238$ses_id:1685665526666%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQwFKPpNtxbF8CmqlmHPp94jfYbc6CyA3kQ8tQDl3d8%3D%22%2C%22c%22%3A%22clI4V215eXExUFRrZGVGcQ%3D%3DWEX62JPHbIgQfYVmDFjg3r7BBLo5NHcJM7B3ocJSVL1EXpPkPnzR7-_icIdlJZVWz30KBc-0o6RY3UahsvSdHeq5_BUrL2cqyMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtqTKVy%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C57803541130796398560653695532567926031%7CMCOPTOUT-1685672728s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c; _cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0; _gcl_au=1.1.1790592339.1685665529; ISD_WCM_COOKIE=!JE3bAJSnS6oiwgYMntjHYqEj2JIOPEiapxL2GcOixmlunZGkgBz5zfcLrfHMAwLj3NyCIkbZkuRwD80=; _ga=GA1.2.1130712454.1685665529; _gid=GA1.2.1728868986.1685665529; _gat_gtag_UA_107148943_1=1; ADRUM_BTa=R:27|g:f20079e8-aebe-4d9e-b78a-2d77152a6851|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:54; LSESSIONID=eyJpIjoibFdGQUg1TVVZczZ4YnFvVFdrMGxCZz09IiwiZSI6ImtQUGFjMERNTVlvQXBrM0lrRnI4WkhZZjdmcmRFaEU4ZGVzOVVESWpBalRLUFJaV1pJc1FrUDU5U1J5UGlNMFJSQThQZWRCMUZUS1FMbkQ3S3hNUHdqR3owZEI0c3hnbCs0Y2dURFI3VkE3ZFVYOEFtWXhzT3RFR1dLZlV5cndqN3hWMXVSeWJcL3FERGRGWG0zWFVUc3c9PSJ9.fd851f41df3d7642.YjBhM2NlYTM1ODEyMjI0OWYyMzliODM2MzJmNGI0MjhiMmVhZmUzNjhjNGE0ZDA0NmYxOWNhMGVkMTBjYmQ0Yg%3D%3D; ndsid=ndsanai61bfv6wjlidtqer1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:30 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 134
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
X-Akamai-Transformed: 9 206 0 pmb=mTOE,1
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=RHIShO2THhuPYGT50fdZ3kdTmH5McsB5ek6Pu6ubxur%2f6YLh+upKfo2y2VuYSi0u; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:30 GMT;Httponly; Secure
_abck=7236B231C14A6946ECDD5DB4177BF661~-1~YAAQjtAXAvzUdW2IAQAAkMN+eQnrTT300OBrAx5ikk60R2b2YxiJ7L5BHgu3+AuaD2s9u9qAFzRD4Yoh5HCTGFS42VClejWyuL8Aifiv2FD+du2z4lQGdnIgFztWmiKkuwed8lW7AK4ap+LQVAEvIVlAzjtJi0K1aQyNvynByChBaaJp4PU6jy97GymCgsuamRAoruMhyJzKeCitLsm9ddaA3pmIguhic+W1KyzrsVn+bddDyKGwYgYXOkhJIrqDWOrU86Xv+0exhmzsXQmYFDVif9U0InK8pkh9F6w8hyQD+XtjL4P6EMAcQqw87Z+MhBB/kXDyhVUrLqCxhF1oIHoG1wMvD1l5LRnsmOAK/cxSzPF0glldcyfxSWVYNVEc~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:25:30 GMT; Max-Age=31536000; Secure
bm_sz=610548996845460A0F73AC7A9A43EB50~YAAQjtAXAv3UdW2IAQAAkMN+eRMsfM7vqiUmUgD2El8TbG0bKIg2AFeTfGcL6yA94040d1sP9bHK9vnbEfVn10ZRQIAC4R8Xk9lSoF9P+JerTiBHBwnW8yliz8ApyvAC6MqkZFlcW0g8JZ2ybIjTBqj1oY4DOi8Wr3RASQTBAd4XwPlJyjHg8+EDqVNqwbK18WfWsYaJy2tqQc+AXQWXGlmbxPdRseB72W3aaD3+mw+9hoUmfqdcT+sAeGhhp9HpSW4UZ7xuqPGwUCy0UYjF7EWxKnsE13koNrPmMgLamH70sRXW4FL0~3485749~3486532; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:25:30 GMT; Max-Age=14400
X-Via: 1.1 kf175:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936fa_kf173_12550-5967
www--wellsfargo--com--w549329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
163.171.132.220200 OK 265 B URL POST HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 3f2302179b8edf00747e41553e19fad3
13027bfdeecee5efb221cf45fb5df43780ac8dc4
1464bc035f2f0c34b7ac679bcc70b39fbc5b095f396fa6f8d5048dea7271b199
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/imp/v1.0/report/?m&fq=load HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
content-type: text/plain;charset=UTF-8
Content-Length: 852
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=; utag_main=v_id:0188797eb38900000009374e858b05046003700900918$_sn:1$_se:2$_ss:0$_st:1685667328238$ses_id:1685665526666%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQwFKPpNtxbF8CmqlmHPp94jfYbc6CyA3kQ8tQDl3d8%3D%22%2C%22c%22%3A%22clI4V215eXExUFRrZGVGcQ%3D%3DWEX62JPHbIgQfYVmDFjg3r7BBLo5NHcJM7B3ocJSVL1EXpPkPnzR7-_icIdlJZVWz30KBc-0o6RY3UahsvSdHeq5_BUrL2cqyMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtqTKVy%22%2C%22diA%22%3A%22Afo2eWQAAAAA0oMji0ih3fQAjDMG%2B1Gw%22%2C%22diB%22%3A%22AcqJRvpzfD724TiLeTUSJCk5Kh9nDZLN%22%2C%22_fr%22%3A10000%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C57803541130796398560653695532567926031%7CMCOPTOUT-1685672728s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c; _cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0; _gcl_au=1.1.1790592339.1685665529; ISD_WCM_COOKIE=!JE3bAJSnS6oiwgYMntjHYqEj2JIOPEiapxL2GcOixmlunZGkgBz5zfcLrfHMAwLj3NyCIkbZkuRwD80=; _ga=GA1.2.1130712454.1685665529; _gid=GA1.2.1728868986.1685665529; _gat_gtag_UA_107148943_1=1; ADRUM_BTa=R:27|g:f20079e8-aebe-4d9e-b78a-2d77152a6851|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:54; LSESSIONID=eyJpIjoibFdGQUg1TVVZczZ4YnFvVFdrMGxCZz09IiwiZSI6ImtQUGFjMERNTVlvQXBrM0lrRnI4WkhZZjdmcmRFaEU4ZGVzOVVESWpBalRLUFJaV1pJc1FrUDU5U1J5UGlNMFJSQThQZWRCMUZUS1FMbkQ3S3hNUHdqR3owZEI0c3hnbCs0Y2dURFI3VkE3ZFVYOEFtWXhzT3RFR1dLZlV5cndqN3hWMXVSeWJcL3FERGRGWG0zWFVUc3c9PSJ9.fd851f41df3d7642.YjBhM2NlYTM1ODEyMjI0OWYyMzliODM2MzJmNGI0MjhiMmVhZmUzNjhjNGE0ZDA0NmYxOWNhMGVkMTBjYmQ0Yg%3D%3D; ndsid=ndsanai61bfv6wjlidtqer1; _imp_di_pc_=Afo2eWQAAAAA0oMji0ih3fQAjDMG%2B1Gw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:31 GMT
Content-Type: text/plain
Content-Length: 265
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=xSfOY+eIxAAWdieGowbk40AoYah0Yv0OmP8diQV3YtVBTKwgjH+LjQEA7MnE3Vuf; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:31 GMT;Httponly; Secure
_abck=9B68FFF8DBA6CB8E197A2E82C298EFF8~-1~YAAQjtAXAhLVdW2IAQAAPcZ+eQkBdaZlgk+sR491zuc6q7dGyKIfo/uy9FgVY3fbnNiG4fPPnQ/QhlX+XQ6ZkZPN8yj3mIH+XSVrxW2JUfZm7pmcWv5tBVs+ahisrIqyAMIpmdkLUiBwDrmiif/Nl0hsWZ9OKIDtE3N6CQsnjVhJleaHBpWPNblY8dTy1QlVIYm7y4RFa1dvL/A+Sr5RRiD5frSwDn3zwJQlfZtfDGAID/hTFo3XGQ7fk4txVBiSh2f/qrIklGCOKkNnNGo/ASt4nIlKsbg0HXtRDbu2DoWBA7SORyFxhVgsgUaOcaWDvJqDadhHzxYWUiseoexqpug7FLk8uc2jEC+QQdd5+6PREz2x72kIq8Hl3myJHh/k~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:25:31 GMT; Max-Age=31536000; Secure
bm_sz=313B4AF3FC58E0B2C61D6CFD47351D5E~YAAQjtAXAhPVdW2IAQAAPcZ+eRMdGRt1yBjHTU1esd4BwdZIu9AIW8o9bSRkXO8RfkwBT8X5MhNjn7Ndye4mAJuUCXASZUkTv6ZKr1jeR8PuoSXwNQGm8gYWrRQ81WeuLv6IHHuk2OzBWujUKNmER6UXA7KIj5SIwmmwYEJUb/1oEMRciiKKp6ABHac/LsiHmLCMJBV6oKf63JJt0DPm5VLFCHeeeh0q9ws6voF1FqT5VPa843pWIvVZsZU/ErqWNB9EgvcOhcMedOq4nJpsXgBGvl9ev1hGcX7EVohheTTIdwJ/YjNT~3553586~3621942; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:25:31 GMT; Max-Age=14400
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647936fb_kf173_12550-5971
www--wellsfargo--com--w549329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?x
163.171.132.220200 OK 0 B URL POST HTTP/1.1 www--wellsfargo--com--w549329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?x
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/imp/v1.0/report/?x HTTP/1.1
Host: www--wellsfargo--com--w549329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
content-type: text/plain;charset=UTF-8
Content-Length: 296
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!EuPm55hBtzaZoeCs0q/LsATxthJGHjBdgM4E3MhWtikhYTXT5+UR9MIh2YRAbuZppItqAePiN7pXZ+E=; utag_main=v_id:0188797eb38900000009374e858b05046003700900918$_sn:1$_se:2$_ss:0$_st:1685667328238$ses_id:1685665526666%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQwFKPpNtxbF8CmqlmHPp94jfYbc6CyA3kQ8tQDl3d8%3D%22%2C%22c%22%3A%22clI4V215eXExUFRrZGVGcQ%3D%3DWEX62JPHbIgQfYVmDFjg3r7BBLo5NHcJM7B3ocJSVL1EXpPkPnzR7-_icIdlJZVWz30KBc-0o6RY3UahsvSdHeq5_BUrL2cqyMw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtqTKVy%2FyrPfiTagX0KmX7%2B%22%2C%22diA%22%3A%22Afo2eWQAAAAA0oMji0ih3fQAjDMG%2B1Gw%22%2C%22diB%22%3A%22AcqJRvpzfD724TiLeTUSJCk5Kh9nDZLN%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22DxKJTxDJaCppQ3zKMp9xIA%3D%3DDky8Eudjn4LSOfTuo4FbsISQ8mgZ90MWIG2edWanWTmGMaWLe3rS52qy5fi0PWbt-1XMjXTJjc-wCQ2hJeHRVEKvBKHaiOqhWbV7nABJwI2sqKXoNFtQ4srhNnat5bZoicDNIXkotpJG35zKjfWsqg3nbc5_XDuaLQmjuHilQHnb--AH9jE0EAqr%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VeAveY7xyi1n4M%2FE8%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C57803541130796398560653695532567926031%7CMCOPTOUT-1685672728s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c; _cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0; _gcl_au=1.1.1790592339.1685665529; ISD_WCM_COOKIE=!JE3bAJSnS6oiwgYMntjHYqEj2JIOPEiapxL2GcOixmlunZGkgBz5zfcLrfHMAwLj3NyCIkbZkuRwD80=; _ga=GA1.2.1130712454.1685665529; _gid=GA1.2.1728868986.1685665529; _gat_gtag_UA_107148943_1=1; ADRUM_BTa=R:27|g:f20079e8-aebe-4d9e-b78a-2d77152a6851|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:54; LSESSIONID=eyJpIjoibFdGQUg1TVVZczZ4YnFvVFdrMGxCZz09IiwiZSI6ImtQUGFjMERNTVlvQXBrM0lrRnI4WkhZZjdmcmRFaEU4ZGVzOVVESWpBalRLUFJaV1pJc1FrUDU5U1J5UGlNMFJSQThQZWRCMUZUS1FMbkQ3S3hNUHdqR3owZEI0c3hnbCs0Y2dURFI3VkE3ZFVYOEFtWXhzT3RFR1dLZlV5cndqN3hWMXVSeWJcL3FERGRGWG0zWFVUc3c9PSJ9.fd851f41df3d7642.YjBhM2NlYTM1ODEyMjI0OWYyMzliODM2MzJmNGI0MjhiMmVhZmUzNjhjNGE0ZDA0NmYxOWNhMGVkMTBjYmQ0Yg%3D%3D; ndsid=ndsanai61bfv6wjlidtqer1; _imp_di_pc_=Afo2eWQAAAAA0oMji0ih3fQAjDMG%2B1Gw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:25:38 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=YMp8Fq7vdHQYnEZS6fSecybn7%2fWLgIAp4xgsYfJ7R+MJ3QoexW+YaswaPa9TeNZ6; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:38 GMT;Httponly; Secure
_abck=03E4647BE982C0FBCD25B635C260192C~-1~YAAQjtAXAk/WdW2IAQAAHuF+eQlF2729X0vrqJ6pT6syOTJO+l1/xBdIpR+O80rnfZIBWVga6K4UsDeSaNXdpRWs1k30AFOa56Ba7N7p0cTISPHh+islvqUtIC+4opwDYUargcnhb4PVD/gqEeLdif7+FtSwAPSjg2urn5R7fXY3CAyXo3HZfo9DQmMAU+KAWuYUohkhT1/oWWnjBA3dfdFGhSu7gSYbUYxfGRkQSXPrV+A4dYElNVaHHDC5hMcErMzY9on04UMsp0/26ySpKkwYISVLc8TLXVOuk+bqyne5WhD1G4sxcB1H6E3q2D8wryJEVYRSf6NWnGFs2tX90ZAShkltzz7EPB/ofty0yqUpkE77cAAOZhFFDCS32L9u~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 00:25:38 GMT; Max-Age=31536000; Secure
bm_sz=191543A44CBBD67AB4177014824E5C5F~YAAQjtAXAlDWdW2IAQAAHuF+eRNs3LQRaInQzU5hXUSa1mmRqrCRbb1I7HgIjgsn5+vjF5TEaRcqcMYhsNGaqpJbAHkAw/xJPNl1ea7PCZOV3a0Rg0pr/c+WY/T6dOgAJO2xAeQy7mm/ipT3dB3h85MK80lKAwiaycPsLwZwpbak+kPtKDMLkDnGbkY91/0l3djqENB82Ax50upFAmd91V5Eyj194H9kviqsjd/G4ciHnHiaUS1WgNIkBKNyMztvO8MJPDvdlXal0YYg6ynTf2L+YYwlYcdXVPgGdT42r9/vLjB7LaWP~4404279~4272945; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 04:25:38 GMT; Max-Age=14400
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64793702_kf173_12550-6038
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
44.239.233.219200 OK 165 B URL POST HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP 44.239.233.219:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.eum-appdynamics.com
FingerprintFC:48:9F:81:33:3D:2B:6F:D9:CA:C8:3B:5F:11:C2:DC:DE:71:48:F5
ValidityTue, 14 Jun 2022 00:00:00 GMT - Sat, 15 Jul 2023 23:59:59 GMT
File type gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)\012- data
Hash 681c650c18ec1fa0543781551afd5d5d
3a7959ffe3ac721b2c068607b21d28651e0b65f3
f1d05d2dabfa526b96a5e869729cc954d87cd6f1379285cc7497f4f70ad372ea
POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 629
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Jun 2023 00:25:35 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:55|g:e9ceb557-da08-4e99-b69f-83cb0d4d0b2c; Path=/; Expires=Fri, 02-Jun-2023 00:26:05 GMT; Max-Age=30
ADRUM_BTa=R:55|g:e9ceb557-da08-4e99-b69f-83cb0d4d0b2c|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e; Path=/; Expires=Fri, 02-Jun-2023 00:26:05 GMT; Max-Age=30
SameSite=None; Path=/; Expires=Fri, 02-Jun-2023 00:26:05 GMT; Max-Age=30; Secure
ADRUM_BT1=R:55|i:559461; Path=/; Expires=Fri, 02-Jun-2023 00:26:05 GMT; Max-Age=30
ADRUM_BT1=R:55|i:559461|e:15; Path=/; Expires=Fri, 02-Jun-2023 00:26:05 GMT; Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0&_cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c&pid=25908bd4-e761-47a4-858b-11b10e4bd254&sn=3&cfg=32a3f9ce&pv=2&aid=
23.36.79.33 165 B URL POST rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0&_cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c&pid=25908bd4-e761-47a4-858b-11b10e4bd254&sn=3&cfg=32a3f9ce&pv=2&aid=
IP 23.36.79.33:0
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT
File type JSON data\012- troff or preprocessor input, ASCII text, with no line terminators, ASCII text, with no line terminators
Hash 5dbeb1bd64530326d45ee1e81b5efcc9
3b8b9ee78d087fe9deb7456c6f8f956feabbe7a5
0548c5c3327ea688fd11726ac202367c317ca120e43f248ab69314fd08a13867
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0&_cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c&pid=25908bd4-e761-47a4-858b-11b10e4bd254&sn=3&cfg=32a3f9ce&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 50643
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=32a3f9ce; _cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0; _cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 165
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Fri, 02 Jun 2023 00:25:39 GMT
Connection: keep-alive
Set-Cookie: ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!P+7kCWuFmcoRQWjpnNE5eVRfS7HzY2un2sGgZwIPfqZriX+jzoMMuRXLqcQnRUwsDTB0cTwfeBZqaw==; path=/; Httponly; Secure
DCID=d37g4j1dXCjah7XRfp6jLLuD6bHutp7zIx6GpKob36Jev4Hj7QvpPr0ZElzq5ubW; Domain=rubicon.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:39 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
aus5.mozilla.org/update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-72-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml
35.244.181.201 445 B URL aus5.mozilla.org/update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-72-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml
IP 35.244.181.201:0
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (332)
Hash d39546249a86d29697ea6b389afd84f2
244ce5f2d9a3e80da843e527f35cae0b9d9e20be
ba339c9812783530a739e05b9bc0ec254d9c22eb13779e8e5be5860a192f8c80
GET /update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-72-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
rule-id: 17805
rule-data-version: 1
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2023-07-20-17-01-41.chain; p384ecdsa=1CJLbwbK3omzhlUoMPtLimx21pIouyEezPt4G-mTYtsNUg07Gs6UW05ZzZzqDyKl0BMrVux4-zzS1_kXNGoyfNj5qRwPHVidEFwF3QTgSarmxjGNNJv3IAWVPna_NgyB
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: MISS
content-encoding: gzip
via: 1.1 google
date: Fri, 02 Jun 2023 00:20:43 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 445
age: 300
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
23.36.79.32200 OK 117 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65507), with CRLF line terminators
Size 117 kB (117306 bytes)
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?t=AW-984436569 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 02 Jun 2023 00:25:29 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=W1uhYVzFCQrXqhxPszmJ2Q%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.e50d6f2958b549874d2c.chunk.js
23.36.79.24200 OK 522 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.e50d6f2958b549874d2c.chunk.js
IP 23.36.79.24:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
Size 522 kB (522325 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /accounts/static/7M/accounts/public/js/vendor.e50d6f2958b549874d2c.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 366646
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-59836"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Fri, 02 Jun 2023 00:25:28 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=gF+6xMXMTpzO33TNbbxmmFZd%2fVRQKbfcGzK1bcBPwdNQLg%2fQMZpOR1zN9Dbht1Rt; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:28 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
44.239.233.219200 OK 26 B URL GET HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
IP 44.239.233.219:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.eum-appdynamics.com
FingerprintFC:48:9F:81:33:3D:2B:6F:D9:CA:C8:3B:5F:11:C2:DC:DE:71:48:F5
ValidityTue, 14 Jun 2022 00:00:00 GMT - Sat, 15 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6a43099d5c8fe991a7aa7ebaca53069d
5bce2f0d57305c58c7b05bfce29ebb39a18f5570
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 02 Jun 2023 00:25:29 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0&_cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c&pid=25908bd4-e761-47a4-858b-11b10e4bd254&sn=2&cfg=32a3f9ce&pv=2&aid=
23.36.79.33200 OK 191 B URL POST HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0&_cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c&pid=25908bd4-e761-47a4-858b-11b10e4bd254&sn=2&cfg=32a3f9ce&pv=2&aid=
IP 23.36.79.33:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash f7e7dd1bc2f7e9e394a5a05e4a828c8b
84ecc1c971e09830f5d7796425ad8e0bf6b86699
f7123974409f4d7fcc55e65f474ad761255e7178dd4ebb0da38d6cf6957da655
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0&_cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c&pid=25908bd4-e761-47a4-858b-11b10e4bd254&sn=2&cfg=32a3f9ce&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 34131
Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=32a3f9ce; _cls_s=dcdee904-70e0-4031-90e1-9de90ba78cd3:0; _cls_v=821f0409-01e9-4679-b7fd-e4b1487fad0c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 165
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Fri, 02 Jun 2023 00:25:39 GMT
Connection: keep-alive
Set-Cookie: ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!CvTdQJT93ed/gIPpnNE5eVRfS7HzYys572UPru/mbrv0QCIAJ7GloKJNveOG/H+MFN5ERZ9IxjV/ig==; path=/; Httponly; Secure
DCID=Mp%2f6VzcnYwToPkuNpZRjW4ynrM0ELAQrABAU9lwy99OdAOF7JSrYMO42frTPMEYu; Domain=rubicon.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 00:40:39 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
44.239.233.219200 OK 26 B URL GET HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
IP 44.239.233.219:443
Requested by https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.eum-appdynamics.com
FingerprintFC:48:9F:81:33:3D:2B:6F:D9:CA:C8:3B:5F:11:C2:DC:DE:71:48:F5
ValidityTue, 14 Jun 2022 00:00:00 GMT - Sat, 15 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6a43099d5c8fe991a7aa7ebaca53069d
5bce2f0d57305c58c7b05bfce29ebb39a18f5570
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--w549329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 02 Jun 2023 00:25:29 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2