www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
163.171.132.220200 OK 19 kB URL User Request GET HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (731), with CRLF line terminators
Hash 1e0b8853a34e7a546849c07fb21f6410
e7c6cfc49f3d4a59ca5e88d40c58aaca4e8de909
9e924aa47d328aad1508ab0c774a2a1c8451a282491a7b71db7f5336b31599e7
Analyzer Verdict Alert openphish Wells Fargo & Company
GET / HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:45 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 18836
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; prefetch-src 'self' *.wellsfargo.com *.wellsfargomedia.com; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://resources.digital-cloud-prem.medallia.com https://www.knotch-cdn.com https://www.units.knotch.it https://*.knotch.it/; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.ads.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://www.linkedin.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://*.mworld.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://www.units.knotch.it; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-7dfe9626-5fdc-4d18-bb5f-c958916f101f' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.ads.linkedin.com https://www.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Language: en-US
X-Akamai-Transformed: 9 18774 0 pmb=mTOE,1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:b5b1981f-f099-47cb-a779-ed5a43a8b7b5; Expires=Mon, 05 Jun 2023 13:09:15 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:0|g:b5b1981f-f099-47cb-a779-ed5a43a8b7b5|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Mon, 05 Jun 2023 13:09:15 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Mon, 05 Jun 2023 13:09:15 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894; Expires=Mon, 05 Jun 2023 13:09:15 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:80; Expires=Mon, 05 Jun 2023 13:09:15 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=1120230605060845108066856; domain=.wellsfargo.com; path=/; expires=2 Jun 2033 13:08:45 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==; path=/; Httponly; Secure
DCID=fbw9mLnwCgbAIxgp2c79CJoK%2fTj0P39mjKH7jsccYA%2f%2frseSCfoAs8fkT7yuu7fH; Domain=www.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:45 GMT;Httponly; Secure
_abck=CA664E7D7A67CE69961DEF9BA8E4F9CF~-1~YAAQjtAXAoER7oqIAQAANpysiwr6m0iQlXjIK1kLDq/L5QYA5BcVUUQkZxnE/gwJjYx3O7YqkgmCCnX9ec6Xuko2r9k6NPxnOBrnxbm/z0s2ftLaleH65w6L5usRZWSCIwElDuhZqPQ6VrBTBJgPihDYPEFKOLcZMnPITSiNLIgYCdkaaxPsa9SsRjegSaLTLH/hvJK641bj/Ip1HezuifxxaNOlGXqF+qBepIPqab4mhoRer1rrALnERK4HolmrZ3C//5LDY9jpVO0cz74rAe7mWByecbAp3yjj8qd1+oUKFtOvakHToh0XxGIqM2HYhA6jg/VJaUaPea1r5lY9zFJUV3m3lz4iRQ/OZynqet8RJXFUmUPQ4dreHBPcZa5M~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Tue, 04 Jun 2024 13:08:45 GMT; Max-Age=31536000; Secure
bm_sz=4C6067C43746960EBBAC82D8E2F3133D~YAAQjtAXAoIR7oqIAQAANpysixTt2H56wpbH/QVCr41FQa8+o6LjCuC+5ET8gLObg4OLe1RjLswRgR3TPyzYTc2S+XmnCXgAPrEWi1uDdRX34meYApJJYU8Vk2u5NZT37lFhLA1QoRhcJ+eGdhg4EQ65mP8uD0BSvVEgLa7RwmAxo3PNiw8UsLDzvyzUv9CYvU2XBZVodlV5nDLvgbdrsUVIdtJ13iFc+j1o8e6fDSr5qqUbV9drl4Gmrh4ZNLq5voX4IvrZhXIn8aQXIuocEBbrZZqlDs9k7g7pKzDCERXoSRvR4Jub~3683382~4276804; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 17:08:44 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde5c_kf173_12351-40789
static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
23.36.79.26200 OK 901 B URL GET HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
IP 23.36.79.26:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (1952), with no line terminators
Hash e7cf4c458b327ab7ed31e0936ccd404f
970bf05073f91ad6b8f21521f7c9886f71f2af1d
52b687a685d2239142be0db5335c5710951ba8c2b39a44431a40f156b4d9312d
GET /assets/js/wfui/appdynamics/appdEUMConfig.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 20 Jan 2022 02:38:25 GMT
Vary: Accept-Encoding
ETag: W/"61e8cb21-7a0"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 901
Date: Mon, 05 Jun 2023 13:08:45 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=GE%2f6gdwrgHdXNMJCxw3eMA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www17.wellsfargomedia.com/assets/images/rwd/choice-privileges-card-79x50.png
104.110.27.78200 OK 1.4 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/choice-privileges-card-79x50.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 723ea3757b670b62e78a271262f7a226
0eaa5d0a1bde4446a39f3d9c60a2719581c38837
ce9903039a68a570fa3787c621e9ea79efd40f4b24afd194c4025d085d48abed
GET /assets/images/rwd/choice-privileges-card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "64396a1c-1f52"
last-modified: Thu, 20 Apr 2023 01:30:29 GMT
server: Akamai Image Manager
content-length: 1441
content-type: image/avif
cache-control: private, no-transform, max-age=908373
expires: Fri, 16 Jun 2023 01:28:18 GMT
date: Mon, 05 Jun 2023 13:08:45 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
104.110.27.78200 OK 1.7 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash c939da49d435a33b6da79639dd7b449e
b5c908f157d240c4b78f1e7a6c0808aa898c9c23
60088561eb43fca42fc2f9c996af43347355642872eabfa97a943d2f28ee474d
GET /assets/images/rwd/wf_logo_220x23.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61bcfcce-10c2"
last-modified: Thu, 20 Apr 2023 01:30:26 GMT
server: Akamai Image Manager
x-serial: 853
x-check-cacheable: YES
content-length: 1712
content-type: image/webp
cache-control: private, no-transform, max-age=908395
expires: Fri, 16 Jun 2023 01:28:40 GMT
date: Mon, 05 Jun 2023 13:08:45 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
104.110.27.78200 OK 26 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 1f8dadb2c78b667abbb3e1869fb823fd
7ac507de2102b9198b6590d339ed4ebbe5a4db27
c19b0b9b383a1efa5a50fe1c6e48fa46e03512e47666e17cfab1c7bb77c182ef
GET /assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "62057fd1-14ef3"
last-modified: Thu, 20 Apr 2023 01:31:58 GMT
server: Akamai Image Manager
x-serial: 1294
x-check-cacheable: YES
content-length: 25648
content-type: image/avif
cache-control: private, no-transform, max-age=908582
expires: Fri, 16 Jun 2023 01:31:47 GMT
date: Mon, 05 Jun 2023 13:08:45 GMT
X-Firefox-Spdy: h2
static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
23.36.79.26200 OK 16 kB URL GET HTTP/1.1 static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
IP 23.36.79.26:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (45298)
Hash 308e427d5e59a148900bf524ecd5829a
73baa209d84f2d15c88606b28280d2121efd878c
c15cbdeb4d6f20c36afa165203fc74d9ee00c6d77954971b0e1ba2e5ec222b07
GET /assets/js/wfui/container/wfui-container-bottom.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 07 Mar 2023 21:05:06 GMT
Vary: Accept-Encoding
ETag: W/"6407a702-b125"
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15731
Date: Mon, 05 Jun 2023 13:08:45 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=QDlOAqgNBLT5BuLsUb6ZgA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
163.171.132.220200 OK 24 kB URL GET HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash faeacce8b6ad342cd86a6a8d5e4b52c7
818f0301128768ed137adc0a80759721b57027c8
befa04abc1ca69b01f6d8b97af7399611e49e69b541bf33554ab37f5b6b776c7
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /ui/css/homepage-ui/ps-homepage.css HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:b5b1981f-f099-47cb-a779-ed5a43a8b7b5|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:80; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:45 GMT
Content-Type: text/css
Content-Length: 23837
Connection: keep-alive
Expires: Mon, 05 Jun 2023 03:05:14 GMT
Last-Modified: Tue, 18 Apr 2023 15:19:30 GMT
ETag: "643eb502-2a973"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Age: 1
X-Via: 1.1 VM-CDG-01hzl162:2 (Cdn Cache Server V2.0), 1.1 kf182:9 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde5d_kf173_12520-21782
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
163.171.132.220200 OK 58 kB URL GET HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65500), with no line terminators
Hash 817137481b98432168705ff99aa7ca57
9049c9adaa1e735f5e8c1b17f72a88f8fad3994c
884b8a0cdadbb630b742a414622856e833532ecf5eb3ba87b6066bceb521f086
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /ui/javascript/homepage-ui/ps-homepage.js HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:b5b1981f-f099-47cb-a779-ed5a43a8b7b5|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:80; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:45 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 58231
Connection: keep-alive
Expires: Mon, 05 Jun 2023 03:05:15 GMT
Last-Modified: Tue, 18 Apr 2023 15:19:30 GMT
ETag: "643eb502-2c686"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Age: 1
X-Via: 1.1 VM-CDG-01cV0174:4 (Cdn Cache Server V2.0), 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde5d_kf173_12394-10988
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
163.171.132.220200 OK 19 kB URL GET HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (33363), with NEL line terminators
Hash 1f9ca16f9fc2bfd6185aa57f8e9e1996
9a32e9cd41b9f7e4ebf0cb2364a333414f1f3e52
f1f5d2d31133a2c5bd964ef6422e45e1d1c5741d98b605d6a2cbf7257092d1ab
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /ui/javascript/homepage-ui/homepage_iaoffer.js HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:b5b1981f-f099-47cb-a779-ed5a43a8b7b5|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:80; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:45 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 19159
Connection: keep-alive
Expires: Mon, 05 Jun 2023 03:05:15 GMT
Last-Modified: Tue, 18 Apr 2023 15:19:30 GMT
ETag: "643eb502-e805"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Age: 1
X-Via: 1.1 VM-CDG-01hzl162:0 (Cdn Cache Server V2.0), 1.1 kf175:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde5d_kf173_12358-33369
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
163.171.132.220200 OK 4.3 kB URL GET HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type ASCII text, with very long lines (9269)
Hash 0491d70bc8b2fd12a67528c268b02170
3e5192203331adddaf4956f6efc0940ee42ee217
ecef2b25012d29f39a46215106dafd6ea22c27c51d0616ddca5b88881f673bc8
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /auth/login/static/js/general_alt.js?single HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:b5b1981f-f099-47cb-a779-ed5a43a8b7b5|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:80; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:45 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 4280
Connection: keep-alive
Content-Encoding: gzip
Expires: Mon, 05 Jun 2023 13:08:45 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A7ydrIuIAQAANkxwSfNzwiyy5CPZQ4hZBk6xjehIHJzAM99jQ63HIJxNksF-AaOrhK-cuNk0wH8AADQwAAAAAA|1|0|a449b864e25ddfff911e9a7cbea17b657d571eff; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=its0Gz2UcsPqHUpGOvnbNAkxivaaW6d3xSt0qOi7iEneyIJl1+Xc8z7dHGPWVK+D; Domain=www.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:45 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde5d_kf173_12351-40808
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/hBcX/XEc6/5eP/4_6/Es2Q/ukm5Jpm2XbEu/SwNsVyoB/VRZLB/GYzRXE
163.171.132.220201 Created 76 kB URL POST HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/hBcX/XEc6/5eP/4_6/Es2Q/ukm5Jpm2XbEu/SwNsVyoB/VRZLB/GYzRXE
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
Hash 0d61b4e4742d5251c44efcd5d8166a2c
04189d5a539c1cc84fee87994097919000f3434b
c394010c09ddb06f644c54c2cc3d1c8003f44f5668b7eb1e39f38e051ab7a5c6
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /hBcX/XEc6/5eP/4_6/Es2Q/ukm5Jpm2XbEu/SwNsVyoB/VRZLB/GYzRXE HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:b5b1981f-f099-47cb-a779-ed5a43a8b7b5|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:80; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:45 GMT
Content-Type: application/javascript
Content-Length: 76203
Connection: keep-alive
Stored-Attribute-Sha-Checksum: c394010c09ddb06f644c54c2cc3d1c8003f44f5668b7eb1e39f38e051ab7a5c6
Last-Modified: Wed, 26 Apr 2023 15:12:26 GMT
ETag: "5b60948dc39561fee36fa77d7eef5047a16cbdb8b05e43f4f2fbc918f19cea08"
Content-Encoding: gzip
Cache-Control: max-age=21600
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=kpP9R1HSFUCzrvmgWxtJHA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=70563C1AE098E6C709246946AA34EB0B~-1~YAAQjtAXAqUR7oqIAQAA652siwrk1dAJ+Y+Z9SsIL1rX5p0/jXK19e7fciyNraYBw1jd0DkIkS3q2sxhf7aY0KNE0p3TSUvgCrxnHZdoii5e7HqW5lwOhDbe7Xcaen284Vi2rqN+kPottJL1pSypoCPI83RAeBaMWgJU95Ab8iYo3AhjHyGSzxmzWYqHecmImDBPre2Q0y2s+1Ej++QRUU21C3BW3TRvEzUYiK1USFXdaRrfjggumAyECmnY3pWIpO2gw28SwA5AXsUu2o5wQ9cE6BjxD9nsFlli+Rrula3fTvRQl/V6bPP7YMpKac9SJTqMXCXWZQHGE8d8fSFaD+l0ffJ+parVV99z/LQHF1r9pi/fLihgevA0nmzHYIzl~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Tue, 04 Jun 2024 13:08:45 GMT; Max-Age=31536000; Secure
bm_sz=79AD40C559F430B03BB0F07369F6662C~YAAQjtAXAqYR7oqIAQAA652sixQfTeFwsHWlb0lIipOad3JRie/F6QMI8FWbVNVwr2TguXAbmv32ifo7aZZl8FOJzoRcx9dAc/bP2W4SwyxblnD9VRBHUe+qOn9CdBPHxex0Awo+aMcApePvy52O8KBKmMQHDx32889U2BYfdwWY5WXvUdlJNd/xXUjCY/F2v10roVyhCSgKktgWFM7I+9nxQuQCMckjnZqd6YRikucoKtlAy7uFxv9+HZIF4B/TapTuk9e2Ki8chuvlnc3vTApmoZQ5bO9A9LNyynY7R01ZViVQEW3w~3490625~4404024; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 17:08:45 GMT; Max-Age=14400
X-Via: 1.1 kf175:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde5d_kf173_12381-15760
www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
104.110.27.78200 OK 49 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type PNG image data, 1187 x 406, 8-bit colormap, non-interlaced\012- data
Hash 4576998e5446061faba47c4c609823e0
3beff60a8beab6ef65403e7bc02f996509c737a2
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39
GET /assets/images/sprite/responsive-sprite-v7.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 48569
last-modified: Thu, 21 Jul 2022 20:05:23 GMT
etag: "62d9b183-bdb9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=15517002
expires: Sat, 02 Dec 2023 03:25:27 GMT
date: Mon, 05 Jun 2023 13:08:45 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
104.110.27.78200 OK 22 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Hash 0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=15520884
expires: Sat, 02 Dec 2023 04:30:09 GMT
date: Mon, 05 Jun 2023 13:08:45 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
104.110.27.78200 OK 23 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Hash 83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
GET /assets/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5848"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=15413172
expires: Thu, 30 Nov 2023 22:34:57 GMT
date: Mon, 05 Jun 2023 13:08:45 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
104.110.27.78200 OK 22 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Hash f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704
GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=15521766
expires: Sat, 02 Dec 2023 04:44:51 GMT
date: Mon, 05 Jun 2023 13:08:45 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
104.110.27.78200 OK 22 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107\012- data
Hash 1a2740c8df445989e4ee5f5396b6474c
a3f8545619fdd5b2a481952cd9e2c7b169bb43a6
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc
GET /assets/fonts/wellsfargosans-lt.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 21636
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5484"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=15413176
expires: Thu, 30 Nov 2023 22:35:01 GMT
date: Mon, 05 Jun 2023 13:08:45 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/hBcX/XEc6/5eP/4_6/Es2Q/ukm5Jpm2XbEu/SwNsVyoB/VRZLB/GYzRXE
163.171.132.220201 Created 18 B URL POST HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/hBcX/XEc6/5eP/4_6/Es2Q/ukm5Jpm2XbEu/SwNsVyoB/VRZLB/GYzRXE
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
POST /hBcX/XEc6/5eP/4_6/Es2Q/ukm5Jpm2XbEu/SwNsVyoB/VRZLB/GYzRXE HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2873
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:b5b1981f-f099-47cb-a779-ed5a43a8b7b5|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:80; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 201 Created
Date: Mon, 05 Jun 2023 13:08:46 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=krMFMYnRCDV0vIDu9%2fbknQ%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=krMFMYnRCDV0vIDu9%2fbknQ%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=9BDB686D4EF35186CE2C9065973EB1E5~-1~YAAQjtAXAr8R7oqIAQAAbZ+siwrxsKv22jaGfJFgSlg1+lnqwYwziT/KyScjTgO1JeF6n3ilP3dtXOLaTnOIzlhvONgXcs2d4MTVneAVNwbb+pMN97aowLReen8ZdSy1cR0IPkkroHWvLea+tp3ERzLTYErMMS9vXo/9Z10M5LojC6OvYjPrGLUzzpCT00Coot38IW6WthobgFDUSBVHk5pCo6xobdOhMmwazcU9BomsDDKnZO5XLIQrs98arPdQbQZDD0q8hRUzsMAZQiuxxW5DQfJfiNVD2DSttVLbrC6OOB8qFwIwzFtKYJxH0uNgnJkJX2PCL3iiG+vhV4FyYNefSU3AY9/HhBUdYh8hUOIelJOkl1VUI8LkVJsm1EDm~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Tue, 04 Jun 2024 13:08:46 GMT; Max-Age=31536000; Secure
bm_sz=D7541492E830B2ADE483B7F0F3CA9721~YAAQjtAXAsAR7oqIAQAAbZ+sixSrTgz9aQ7mI96kA0hHY2Kv1mL7cWXrQUwcyjoRbawTZ8vJQpsvjFyFzKZ7XJVvscF7oLdAMoHllLyMr+mEo4c/QvbYqS6TaLyOGRjF4tQUXvHxliEDDe+EXhkrq0OU/SA7pL/IvWSTgsE+qgjLi/ToJ1YzopOcJTknv7obVZn5nEhrEs3MXCRPQHrk43Ets5qz5ZLCfUrJBVKRTzcXScHQ8MfHWv2IHmAR2hGUkVKjW2tW3D7Ghdv+sKAkRydc8aHyqgnIN7Z6prxnxAAES2tgVN8t~3622450~4337734; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 17:08:46 GMT; Max-Age=14400
X-Via: 1.1 kf175:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde5e_kf173_12358-33378
c1.wfinterface.com/tracking/hp/utag.js
23.36.79.32200 OK 55 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/hp/utag.js
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (14989)
Hash 9c21270445d8d24ac6f6cd64ba2d2b87
9b6efc3ccfdefe0993369d64c73d1adb15420700
d0a902bf3de91f273513b56ce62fff64de0a89e4c8e05446546c99ab4a1910b9
GET /tracking/hp/utag.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 28 Mar 2023 20:08:18 GMT
Vary: Accept-Encoding
ETag: W/"64234932-31f01"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 54703
Date: Mon, 05 Jun 2023 13:08:46 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=ZsCmDmXMShjSnKo5KLqqbw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AICYpIuIAQAAKKMVEvsn_feek2e2phGry2-Fqmt8nMBO6Rs2QNR1U74ATZUE&X-G2Q3kxs3--z=q
163.171.132.220200 OK 149 kB URL GET HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AICYpIuIAQAAKKMVEvsn_feek2e2phGry2-Fqmt8nMBO6Rs2QNR1U74ATZUE&X-G2Q3kxs3--z=q
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 149 kB (148912 bytes)
Hash 99fad96d610eeb5bba891a0afe1c2edb
bcf0be40d356a6268d9eed2a4d2858fb2944ca64
6477a154b9ed6ee7155747b2fe1139f347071150f3364353dcbdcb05d9a3bbe0
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /auth/login/static/js/general_alt.js?async&seed=AICYpIuIAQAAKKMVEvsn_feek2e2phGry2-Fqmt8nMBO6Rs2QNR1U74ATZUE&X-G2Q3kxs3--z=q HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:b5b1981f-f099-47cb-a779-ed5a43a8b7b5|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:80; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:46 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Mon, 05 Jun 2023 13:08:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A_GerIuIAQAAjhs-xG2aXVsAehFYp2crEGK-_HObsKBokGcRDBGnBG88IePAAaOrhK-cuNk0wH8AADQwAAAAAA|1|0|82653d0a1987b09c34bc8f81b3182de68ceff3a0; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=XuMUyo+aN2+NyQ2Tq7hkQABXB5rYk%2fnNp5o%2fiiZK4rPgOpR8pjPVGwzHsnvIPq32; Domain=www.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:45 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde5d_kf173_12381-15766
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
163.171.132.220200 OK 313 kB URL GET HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type ASCII text, with very long lines (65357)
Size 313 kB (313270 bytes)
Hash 86b0428bd52fbfeaf6fc736f21b79f1e
357a952f524df35ccf680ecc30ed8764444266bb
fe4623c9de643567800b8518f0a5163d4d6d634f87d93ab792b221834592d5ab
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /auth/login/static/js/general_alt.js?1js HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:b5b1981f-f099-47cb-a779-ed5a43a8b7b5|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:80; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:46 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Mon, 05 Jun 2023 13:08:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: DCID=huIelYvxrZ049Se22k2KehEkpXmy9WEl%2f6zuVI8Oymr4UNX2Cm70bT%2fGM04sByNZ; Domain=www.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:45 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde5d_kf173_12394-10992
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/target/offers/conversations
163.171.132.220200 OK 2.0 kB URL POST HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/target/offers/conversations
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (10550), with no line terminators
Hash c7df430e1119ec939c38db826442ac97
954826602bd697d7b8b3dbf2825adc9f4e73b774
efc88a7ddc9af69aea0bfef3170950f79a9de6d9c76733ef1ab26beafd8f73ef
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /target/offers/conversations HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 105
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:b5b1981f-f099-47cb-a779-ed5a43a8b7b5|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:80; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:46 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 2014
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; prefetch-src 'self' *.wellsfargo.com *.wellsfargomedia.com; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://resources.digital-cloud-prem.medallia.com https://www.knotch-cdn.com https://www.units.knotch.it https://*.knotch.it/; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.ads.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://www.linkedin.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://*.mworld.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://www.units.knotch.it; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-11ecb5f4-444f-44db-ae8c-33d333ab8d09' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.ads.linkedin.com https://www.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:b5b1981f-f099-47cb-a779-ed5a43a8b7b5|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:80; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:74162273-9a13-4636-9c11-031f813a34a0; Expires=Mon, 05 Jun 2023 13:09:16 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:74162273-9a13-4636-9c11-031f813a34a0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Mon, 05 Jun 2023 13:09:16 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Mon, 05 Jun 2023 13:09:16 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893; Expires=Mon, 05 Jun 2023 13:09:16 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:183; Expires=Mon, 05 Jun 2023 13:09:16 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=11202306050608461875654903; domain=.wellsfargo.com; path=/; expires=2 Jun 2033 13:08:46 GMT; secure=true; SameSite=Lax; HttpOnly
wcmcookiehp=0A1BDA4ABD69F2093E6FB5ED9160C8F3; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
DCID=FsflVagRbPSs3vHS1wUcQUoJgRs5Vzlck9mtaKeDHf6R6jEtsFpKk1PQOELqvrE7; Domain=www.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:45 GMT;Httponly; Secure
_abck=51FA8B1385A20AFFB4B312EF799AC97D~-1~YAAQlNAXAsyeNXeIAQAAl6Csiwr/zLR0KXQSITM9EIzayF+uVSkJhb6lwexsn2jHsArs1FBksPl5NwIU3tLqSd4dgpBYGJ+qbuSOv2UAWsLK6EFk/vaDNSdobeGuv9FXl7A67ysnXP7uNnP/yJ1Gi+wFHqv5COQP0LFDwFmRQ1pPw0Aun1FBVbEHCebbhKSOV+ZhZvVvzynXG2ZbwfCI6cyBmdJpu1G9lDMwrEZ+GqNwYwnLPKpp6Acfoh39m7Eb4J00bv14HfVXSi8Q59FNFNYJ7vo75Xih4X9MregO3vRwvhliAaASjDEG/PRu9GWOEAk2i4jzOLS+nuZx4Ux9HfJsEGAeoM4G15j8brH2I1v7PLv7LMAngkEwnqzjLUEH~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Tue, 04 Jun 2024 13:08:46 GMT; Max-Age=31536000; Secure
bm_sz=E5B9FFC1FC5D9E5418C69F784BFAAA8C~YAAQlNAXAs2eNXeIAQAAl6CsixQj12eIJ5hevdvcCpdhYe7YZDvpAz38/9xBdf2rM3IOz85/5uA1G8sDmEeZunMKPatOioZV9VKP/y+5MLuCccw3OUc5Au2+snSbP0np0hCS2PbQSzVZ3eYQ9LpkHpYVM7j97i8GVCByX0DnVdjr6kAaJRTO/XW2nvHAnRQaTM6RrzH1jJaI9J8frMZcgD5ItZHSeRIxHDQCy3WhosA1YiEebaXNDGPqx3tD03JqTmT1B9GJpDXOUzQwRCoTxE3TEjmuTH1LePbNwx0F+B/wgRw2wfU9~3490625~4404024; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 17:08:45 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf173:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde5d_kf173_12520-21785
www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
104.110.27.78200 OK 9.2 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash cd112f1acb59ef6e59e09c0effd8ce2a
bc104cd92adc32a8f695300d2b0cc69c2776f6af
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c
GET /assets/images/icons/ico/favicon.ico HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/x-icon
content-length: 9198
last-modified: Fri, 17 Dec 2021 21:10:38 GMT
etag: "61bcfcce-23ee"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=54408
expires: Tue, 06 Jun 2023 04:15:34 GMT
date: Mon, 05 Jun 2023 13:08:46 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
104.110.27.78200 OK 964 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 7f9f34586bf809f8eb21ceb6b46045d7
90691768aff809a00ce2b33df7e37e34dcdbcbe0
dca86ff9007564cbcb0515ec84dfc727fd8648005a8f12eb0bf5a3278431d6e0
GET /assets/images/icons/icon-hires_192x192.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6116f9a6-dcf"
last-modified: Thu, 20 Apr 2023 01:32:50 GMT
server: Akamai Image Manager
content-length: 964
content-type: image/avif
cache-control: private, no-transform, max-age=908568
expires: Fri, 16 Jun 2023 01:31:34 GMT
date: Mon, 05 Jun 2023 13:08:46 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_o_enjoy300_1700x700.jpg
104.110.27.78200 OK 1.6 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_o_enjoy300_1700x700.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash f4ea54d2de3587734104a7fe6ac34593
abb69048123b667ad90dcba04da4f08a4a4aeeb7
e802f40411f32bc8331100de87c647c70071bbd2e29a44befcd52e48c6020205
GET /assets/images/contextual/responsive/hpprimary/wfi_ph_o_enjoy300_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63f63d12-aabe"
last-modified: Thu, 20 Apr 2023 01:43:32 GMT
server: Akamai Image Manager
content-length: 1646
content-type: image/avif
cache-control: private, no-transform, max-age=909369
expires: Fri, 16 Jun 2023 01:44:55 GMT
date: Mon, 05 Jun 2023 13:08:46 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg
104.110.27.78200 OK 25 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash bf978a151ba3f10a7412e8cd5fbdb863
2af8e9c16c4f1e96ba1e86beee63521c802c2cce
ac555d446e447b4c8cf2bf2dd377d53c3b21faf83da3259dc8839c782eba1d9e
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6350580a-d82f"
last-modified: Thu, 20 Apr 2023 01:30:23 GMT
server: Akamai Image Manager
x-serial: 1019
x-check-cacheable: YES
content-length: 24880
content-type: image/avif
cache-control: private, no-transform, max-age=755935
expires: Wed, 14 Jun 2023 07:07:41 GMT
date: Mon, 05 Jun 2023 13:08:46 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_135975483_616x353.jpg
104.110.27.78200 OK 39 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_135975483_616x353.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 5d115cb30ce945de0d431748aa0b6073
e1af15a87872a93c56598fe21c82c252a7c82345
8f0441ba6cd327f630ce1653262816ae3fb9abf2db73b70c50be3e66c51dfd8f
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_135975483_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63505859-e2ce"
last-modified: Thu, 20 Apr 2023 01:30:34 GMT
server: Akamai Image Manager
content-length: 39415
content-type: image/avif
cache-control: private, no-transform, max-age=908517
expires: Fri, 16 Jun 2023 01:30:43 GMT
date: Mon, 05 Jun 2023 13:08:46 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_piggy-bank_color-gradient_64x64.png
104.110.27.78200 OK 1.4 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_piggy-bank_color-gradient_64x64.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 965f76605b195f4ccfe05353f99ec406
7cc5b65bebc32a1835e778bf984d202fe472bd30
7bb20bbccd8f33fc25b907e8fcbefb0d73b1a9ae7076f8e688fc633f09690de6
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_piggy-bank_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "64501bd4-10f8"
last-modified: Tue, 16 May 2023 13:54:43 GMT
server: Akamai Image Manager
content-length: 1420
content-type: image/avif
cache-control: private, no-transform, max-age=866856
expires: Thu, 15 Jun 2023 13:56:22 GMT
date: Mon, 05 Jun 2023 13:08:46 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_557715963_616x353.jpg
104.110.27.78200 OK 16 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_557715963_616x353.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 093dc61fd7b0036526bf39ae69597887
a27c677f83b0554434422c99b5519ace95ddb23a
f5a1bee943c64e915cc0223d3cc7e402b70794950377eb8ef040c835fad7e156
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_557715963_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63cb7c4a-ce5a"
last-modified: Thu, 20 Apr 2023 01:31:11 GMT
server: Akamai Image Manager
content-length: 15941
content-type: image/avif
cache-control: private, no-transform, max-age=908408
expires: Fri, 16 Jun 2023 01:28:54 GMT
date: Mon, 05 Jun 2023 13:08:46 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
104.110.27.78200 OK 1.1 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 89a0759ff4f79071f11a1f90bffd9337
2d734cb1eda293788a673c1fae36b2c1d7e92bae
2223c16db671322ea90112c50128563ee80413e33769d718bd92b99da094712c
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "633eedd3-e69"
last-modified: Thu, 20 Apr 2023 01:30:30 GMT
server: Akamai Image Manager
content-length: 1131
content-type: image/avif
cache-control: private, no-transform, max-age=908441
expires: Fri, 16 Jun 2023 01:29:27 GMT
date: Mon, 05 Jun 2023 13:08:46 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
104.110.27.78200 OK 562 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2bcde1c3190b4af34b91259d18dcc641
3e6b6735a8876b4a326648142fab032a8bc57999
de658330c0f53de61d10240f572508c31ee9db580f34b856430724f2e499104c
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63cb7c4d-769"
last-modified: Thu, 20 Apr 2023 01:30:29 GMT
server: Akamai Image Manager
content-length: 562
content-type: image/webp
cache-control: private, no-transform, max-age=908465
expires: Fri, 16 Jun 2023 01:29:51 GMT
date: Mon, 05 Jun 2023 13:08:46 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_hplp_savings_1600x700.jpg
104.110.27.78200 OK 2.0 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_hplp_savings_1600x700.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 54e10b9c13d7d34c19657767d4bab80c
e34a8ab8569f015fcc331eb9eea548cffb7466fd
3059d71b7591fed5674007cbfe04627a88397d42cc58f9a107becb0c269d825b
GET /assets/images/contextual/responsive/lpromo/wfi_ph_hplp_savings_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6453c985-8adb"
last-modified: Wed, 17 May 2023 14:04:04 GMT
server: Akamai Image Manager
content-length: 1950
content-type: image/avif
cache-control: private, no-transform, max-age=953920
expires: Fri, 16 Jun 2023 14:07:26 GMT
date: Mon, 05 Jun 2023 13:08:46 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
104.110.27.78200 OK 463 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 4ba6a57b8c9f52ede1b958bd4b63700b
22a693eb43a2a76ab994782bc50cc262f986a240
c13a85df86fed8e3d77b952a59a1736743127f1422873b47b4d0a59092c62de2
GET /assets/images/homepage/position-1-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-9f2c"
last-modified: Thu, 20 Apr 2023 01:30:38 GMT
server: Akamai Image Manager
content-length: 463
content-type: image/avif
cache-control: private, no-transform, max-age=908519
expires: Fri, 16 Jun 2023 01:30:46 GMT
date: Mon, 05 Jun 2023 13:08:47 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
104.110.27.78200 OK 831 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 026f5e731899c436dbbec268e870905a
160ed7b7fe9a30e81aae6f1136db6ce939113a7e
2a242450947c5c9d9496cd2d4acb67d50b269f5ce36070c3b98c4f88db3307db
GET /assets/images/homepage/position-2-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-cf3e"
last-modified: Thu, 20 Apr 2023 01:33:02 GMT
server: Akamai Image Manager
x-serial: 1447
x-check-cacheable: YES
content-length: 831
content-type: image/avif
cache-control: private, no-transform, max-age=908707
expires: Fri, 16 Jun 2023 01:33:54 GMT
date: Mon, 05 Jun 2023 13:08:47 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
104.110.27.78200 OK 405 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 08e3eec615bb3f7d07a95e1e79f96189
c05ef7184eedcb31aee442ad8c474ff306b1d473
89026cd6ac7b7314c1a5b075471d09a9b672ac011254541c9d2b521b90c6cb3e
GET /assets/images/homepage/position-3-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-7b35"
last-modified: Thu, 20 Apr 2023 01:33:39 GMT
server: Akamai Image Manager
content-length: 405
content-type: image/avif
cache-control: private, no-transform, max-age=908822
expires: Fri, 16 Jun 2023 01:35:49 GMT
date: Mon, 05 Jun 2023 13:08:47 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
104.110.27.78200 OK 840 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 6ec98f68003e2c6714282b232614e8d1
2e159a3a6e6796d1cc201770ac015f96f905ef56
f9c237c7739705ea404e9682f13e557a1d984f2493f6f619bdfce44c9a71445d
GET /assets/images/rwd/Active-Cash-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-1d25"
last-modified: Thu, 20 Apr 2023 01:31:18 GMT
server: Akamai Image Manager
x-serial: 1153
x-check-cacheable: YES
content-length: 840
content-type: image/webp
cache-control: private, no-transform, max-age=908535
expires: Fri, 16 Jun 2023 01:31:02 GMT
date: Mon, 05 Jun 2023 13:08:47 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
104.110.27.78200 OK 962 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 699a91c4d536a60f1a4bd48622194f70
91b303fbf65778043ddd2fe6f39f4798f207f320
8c456a47b3f97fa54853761f544146ab5b5277a11603a18f080947d76e31d54a
GET /assets/images/rwd/wf_autograph_card_79x50.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-81c"
last-modified: Thu, 20 Apr 2023 01:32:43 GMT
server: Akamai Image Manager
content-length: 962
content-type: image/avif
cache-control: private, no-transform, max-age=803312
expires: Wed, 14 Jun 2023 20:17:19 GMT
date: Mon, 05 Jun 2023 13:08:47 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
104.110.27.78200 OK 712 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 89489c444f1ee92b133eb97304e31020
62ea0737595301aabcda8a6dbe95184ba9a75558
e06b14ec84ac8651fc009b444e0560a78c1919f45df8106a9c14cd708d5b804e
GET /assets/images/rwd/Reflect-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-1c20"
last-modified: Thu, 20 Apr 2023 01:30:55 GMT
server: Akamai Image Manager
x-serial: 1166
x-check-cacheable: YES
content-length: 712
content-type: image/webp
cache-control: private, no-transform, max-age=908397
expires: Fri, 16 Jun 2023 01:28:44 GMT
date: Mon, 05 Jun 2023 13:08:47 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
104.110.27.78200 OK 1.1 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 21385ee55bb1e5a680bb48257446fb86
9639eb9d1c5805fa350013eaa2f11c08835459e0
cfcc50571ad947e067c5a0853534d3016eaaef2fd98ffdb9b0d4d3c1bdda0273
GET /assets/images/rwd/bilt_card_79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fc445-1be6"
last-modified: Thu, 20 Apr 2023 01:31:08 GMT
server: Akamai Image Manager
content-length: 1083
content-type: image/avif
cache-control: private, no-transform, max-age=908523
expires: Fri, 16 Jun 2023 01:30:50 GMT
date: Mon, 05 Jun 2023 13:08:47 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
104.110.27.78200 OK 7.4 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash c885a0955f4f35b25bceca71830f266d
4bbdc15de0149dee5e6feae4fb32a520a983a1ca
5c18c7230c1e013e39d16af91a84fdedd4a6cb5874e26729f0883978c4ba229e
GET /assets/images/rwd/Native_App_Phone_Personal_v8.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6328cc17-9829"
last-modified: Thu, 20 Apr 2023 01:39:11 GMT
server: Akamai Image Manager
x-serial: 7
x-check-cacheable: YES
content-length: 7363
content-type: image/avif
cache-control: private, no-transform, max-age=908680
expires: Fri, 16 Jun 2023 01:33:27 GMT
date: Mon, 05 Jun 2023 13:08:47 GMT
X-Firefox-Spdy: h2
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/hBcX/XEc6/5eP/4_6/Es2Q/ukm5Jpm2XbEu/SwNsVyoB/VRZLB/GYzRXE
163.171.132.220201 Created 18 B URL POST HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/hBcX/XEc6/5eP/4_6/Es2Q/ukm5Jpm2XbEu/SwNsVyoB/VRZLB/GYzRXE
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
POST /hBcX/XEc6/5eP/4_6/Es2Q/ukm5Jpm2XbEu/SwNsVyoB/VRZLB/GYzRXE HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2591
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==; utag_main=v_id:01888bac9e2000b1282115f7241805046003700900918$_sn:1$_se:1$_ss:1$_st:1685972325729$ses_id:1685970525729%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:74162273-9a13-4636-9c11-031f813a34a0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:183
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 201 Created
Date: Mon, 05 Jun 2023 13:08:47 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=DfhraCMH8cXrEJz9buVsqQ%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=DfhraCMH8cXrEJz9buVsqQ%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=06668C8D5536F60806A62E9DA2A63BFE~-1~YAAQjtAXAuwR7oqIAQAAp6OsiwqxpK0WS0mW6DHVUNucC9n86T+RTpRIAwve5Q4j7BPGxw8On7kgr+4f6LnO8tKSQzSfTPMmsVIHZbgSsSQ3bXlMXkUIG8A9wqpUA/w2MlwW+ESmI/a1Ijr2L2gGUCi/Pwc6nnQULQLTEw3wYxZcl20ltbPuQpueXHhi1jAQIxlcIG8ulE+KYZMLH5QiiJiV69+n9i91aAcMKe9x1px/w0u+5JBW9+XzTjpgQ+Gsi4SwSP5Mv3Cyydll4WejZ3FbstNXKZ8nkyVkIVndNRkEbKGMWTuIzI2qqSOiiE2ccrQlkr90Gz7pikFkgs9buXUkls0T0SjMrr7E4h/OLzRC9DJ6C+RDbp1UwJRXyU3K~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Tue, 04 Jun 2024 13:08:47 GMT; Max-Age=31536000; Secure
bm_sz=7B1BF1DB9DC6F44BDB1AA7BDE20CDADC~YAAQjtAXAu0R7oqIAQAAp6OsixSYa8Gn3+BtE6VZmRQ2SPnc6mubgq2TQCg7iWyxjI7ld3tsORHMg2BmtO9KzbT4tx4bVVOqO5KHyD/egpN1EuUN3HYZjTm4KXCs2ah3Hc5BOk0bmfVNDkG4Ix+9eNNQRcu8oJmns81hOTYlUtcG+s+SjCTOalR2rW9J62yW+f00iSLiIvtllPa5mdCH1aOKeS3GgGszDK4iD7T+l/UUJMjtBTYo627ySHA1o3Lrs5+FFOb5d1AmZcE4L+jdTJF958ZKpBueplnAZTgJdQvqYlozAqe+~4535366~3556916; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 17:08:47 GMT; Max-Age=14400
X-Via: 1.1 kf175:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde5f_kf173_12394-11006
www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
104.110.27.78200 OK 1.7 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash e218a28576f6620622d48155284b5551
d189e371b0ce3dac93f0b9e660c426d932da9274
f990b81e77666bac79e3f1f9399b7763ca7eb64b1d70acea21cbe954413cc0c3
GET /assets/images/rwd/first_time_experience-account_summary.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "618287e9-14da"
last-modified: Thu, 20 Apr 2023 01:30:31 GMT
server: Akamai Image Manager
content-length: 1662
content-type: image/avif
cache-control: private, no-transform, max-age=908399
expires: Fri, 16 Jun 2023 01:28:46 GMT
date: Mon, 05 Jun 2023 13:08:47 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
104.110.27.78200 OK 20 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 87490ccdfd428eee95e906fbce88432a
e1c384061e5aaf77bcf202341510db8cdc2ae350
936c825f599809216670e9444d31e555e587b6f9943a89681cfef3621c5b0843
GET /assets/images/rwd/volunteers_cars_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "618017dd-cd21"
last-modified: Thu, 20 Apr 2023 01:30:41 GMT
server: Akamai Image Manager
content-length: 19628
content-type: image/avif
cache-control: private, no-transform, max-age=908417
expires: Fri, 16 Jun 2023 01:29:04 GMT
date: Mon, 05 Jun 2023 13:08:47 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/women-in-greenhouse_616x353.png
104.110.27.78200 OK 31 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/women-in-greenhouse_616x353.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 6e75964fb01ae452f65c9fa41cd3326e
1a0909cc3f5290bb291f4d35abdc4df63767ef9e
417df9b440b214aa81b429a205291afb424c1ae8a3c9143dd22e17befaada5e2
GET /assets/images/rwd/women-in-greenhouse_616x353.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6410d4f7-b51b"
last-modified: Thu, 20 Apr 2023 01:30:32 GMT
server: Akamai Image Manager
x-serial: 1698
x-check-cacheable: YES
content-length: 30860
content-type: image/avif
cache-control: private, no-transform, max-age=908365
expires: Fri, 16 Jun 2023 01:28:12 GMT
date: Mon, 05 Jun 2023 13:08:47 GMT
X-Firefox-Spdy: h2
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
23.36.79.26200 OK 14 kB URL GET HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP 23.36.79.26:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (32088), with CRLF line terminators
Hash 5f310e2e2a558d76b916e137aee73462
c7ff0190c9c2c414321211f3863e9e27f32b713e
385196f0fce7cea80c2c99d971780ecb73df9dea6e5b2d95d19df3aa849c7b1f
GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 14304
Date: Mon, 05 Jun 2023 13:08:47 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=4DNrycmSfmd39tOJOpbOLw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
23.36.79.9200 OK 45 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
IP 23.36.79.9:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Mon, 05 Jun 2023 13:08:47 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=yrTWkqz%2fsVWEoT0SLmXIGg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/hBcX/XEc6/5eP/4_6/Es2Q/ukm5Jpm2XbEu/SwNsVyoB/VRZLB/GYzRXE
163.171.132.220201 Created 18 B URL POST HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/hBcX/XEc6/5eP/4_6/Es2Q/ukm5Jpm2XbEu/SwNsVyoB/VRZLB/GYzRXE
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
POST /hBcX/XEc6/5eP/4_6/Es2Q/ukm5Jpm2XbEu/SwNsVyoB/VRZLB/GYzRXE HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2559
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==; utag_main=v_id:01888bac9e2000b1282115f7241805046003700900918$_sn:1$_se:1$_ss:1$_st:1685972325729$ses_id:1685970525729%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:74162273-9a13-4636-9c11-031f813a34a0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:183; dti_apg=%7B%22_rt%22%3A%22DQYpVLR%2BiA7F8CmqlxTN%2BoFTZMyC5QiFxXtkuyjltPU%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 201 Created
Date: Mon, 05 Jun 2023 13:08:47 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=RUr2X+fjL+wa2UEdnWtTpA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=RUr2X+fjL+wa2UEdnWtTpA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=2F39BF8EC1ECD58C690D8C81523CA353~-1~YAAQjtAXAv8R7oqIAQAAZ6Ssiwq3Qq0W5MWBovvYxoKH6Wg/bpKVM75QYkIDjTDAUMLFEGnGagMDxEARwdmz3OaYwUWCyfRwjZTUl8yLho8d+4DUAXxEGfC+M4lDENYneXEn5SAJPe6sT3bKy/PTUV6FkaTTssGsuZFedo952RjTsSix/YaL0lwlf360b6Zla+tHxGmqN2sA7nScPl7A4kocC2B45AqYyD70dCmQRZLzENV/jbIQ7gNsaoUfJMFvByyhQ6W28KqT3ZiAG2sp97SsQvjf37blah77DGDuAyxuiqjPrwL7mCtwpmRJho4+OboVigamUq3wsRfdsQ2/jt13SMHzGQ8PmLTL14zGBKKebIMrfwwEEJiKvJYFBoB+~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Tue, 04 Jun 2024 13:08:47 GMT; Max-Age=31536000; Secure
bm_sz=6254E25A5A03A38E6D3906D1A6370128~YAAQjtAXAgAS7oqIAQAAZ6SsixTM9RPD2ZvMgsa1G2HpKEkuXlUDaYMP0BKDJHwln/Q0FpuuN0HE3Jk2g2xGCf2RqABAgZBAxmylYiRMNgUjKuV4wTYqMmmRqmO1RH4EYfZJncyXPs/mWzkxQ1HRT4sTP2o3zhdoYK5vnUqI39zB2RteQ7m0ZGsJyLqtge7EthQ+PgwHlZYiy0/41pwq5XAQ6Ki3jQwk7CJPQ9KuhR8/gUCXVsvstbJD3ylsHeDE+fVF7xePonf/pMEj0AUFTG2n/C+hHyMAMjo7PF3tbu/+L53xZxnr~4535366~3556916; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 17:08:47 GMT; Max-Age=14400
X-Via: 1.1 kf175:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde5f_kf173_12394-11008
c1.wfinterface.com/tracking/gb/detector-dom.min.js
23.36.79.32200 OK 138 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/gb/detector-dom.min.js
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65434)
Size 138 kB (138549 bytes)
Hash c71e354b6a3fbb7e60e42b5cd392761e
b0abcc1cda4144fb29550225f7c3dd0342d11fbf
c5efd80b0945674f1ffbb895395fb45f44b6030a3d2c6380b03202e667c51923
GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 28 Mar 2023 20:08:12 GMT
Vary: Accept-Encoding
ETag: W/"6423492c-7049c"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 138549
Date: Mon, 05 Jun 2023 13:08:47 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=TtH8Ckkpr1WqmvlVqbNtaw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
23.36.79.34200 OK 571 B URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
Hash 6497c4493a39dde646c25ba77769bdff
a274bf8eeb1162704dffb48a94fa7984257d5bb0
87539e9903c436b134e3eedeb2fba22286fbca83cfd766afd62e6de9d10167aa
GET /accounts/static/7M/accounts/short/accounts-cache.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: W/"645c0402-497"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 571
Date: Mon, 05 Jun 2023 13:08:47 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=NbvBZajsS76KrAz9l3DeReOuu27sgRe9GCY%2ffIq890sozh3+WhQjqbD4rWQZoG93; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:47 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
163.171.132.220200 OK 175 B URL POST HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash eee3f19dfa88dd7ccf529b780b387168
91aaa83c60844c7c8add09e3a4d2d6df103d1b37
214aba18280a44af3ca4b8662d74919c893ef5b096369659f075e7ed0c7b2116
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Content-Type: multipart/form-data; boundary=---------------------------292000591931377131321328034414
Content-Length: 171
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==; utag_main=v_id:01888bac9e2000b1282115f7241805046003700900918$_sn:1$_se:1$_ss:1$_st:1685972325729$ses_id:1685970525729%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:74162273-9a13-4636-9c11-031f813a34a0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:183; dti_apg=%7B%22_rt%22%3A%22DQYpVLR%2BiA7F8CmqlxTN%2BoFTZMyC5QiFxXtkuyjltPU%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:47 GMT
Content-Type: application/json
Content-Length: 175
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
x-envoy-decorator-operation: ingress DeviceCategoryPost4
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=1yKT+1+5xSdXyyEtrqiHuCfel30FKri%2f7ie6O6IcOQU%3d; Domain=www.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:47 GMT;Httponly; Secure
_abck=D694D52C625BF139949EFEC03CCEF9F7~-1~YAAQjtAXAg8S7oqIAQAAnaWsiwoJaNaVQHEikqPmffP2uwdK/nh4+D4c1Dg9qabPTNYBnVbcGjvBdAbHlvhf6rrnpQY6VZ+dfLtxweHH8hBI1ahdWA+iQxpUAvaTyAHCfhKOnntIdjdNDKUfvtIuv+BaSA+218sw87ivNgqRpyyVc9GZUEQVCIb0tVIQSKgYjWPlur9EjKKMUyyK8/4J7t9CFCWBtSzVaiaZeWof8ip2So/Wk/0/a4iiA9gCzzeHLHfrb5C18y3cnqlgmKdZRj6WZQjUOj5MpLAMg/Vr0MS2jkB9vuXzYfO3XUbvssPRLrSbNQiAeoEsdz5Qcd7Ez7CvVNszkxgEiHacxwK9edAg7W1LRqGiJSNJQNymWvK3~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Tue, 04 Jun 2024 13:08:47 GMT; Max-Age=31536000; Secure
bm_sz=DFAF1056F32A0BC5DEA7270EDBAA72C4~YAAQjtAXAhAS7oqIAQAAnaWsixRjYHZwtJIVVd2AODa3K06IECGLZaDHdeESsTyvladSWKXusIhfjUk4M5DWgUyJUmEP/TqpXN50nDkhDAGUzBBMXfGVhGLvOPD6wQIk6vdc/TdFPtL6/NWtGXO515l9FmS9b0Wu6F/x7uYpEzYXRlcvighEPN0Vxq2sytLxjDUD4o4KIV1L27IDWWHKA3fjGWBB6VsI/TA8vVJwoHxYR7A4K8nOu/QujW5rEJe3aSySnggLaw4WnvKovq2Pr+RmJzfp/JgvGynTpP5nSC2VXOYqAkeF~4535366~3556916; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 17:08:47 GMT; Max-Age=14400
X-Via: 1.1 kf175:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde5f_kf173_12394-11013
c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
23.36.79.32200 OK 45 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?t=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Mon, 05 Jun 2023 13:08:47 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=u1xDzsxmouD6RdGP83qD1A%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
23.36.79.9200 OK 45 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
IP 23.36.79.9:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?t=AW-984436569 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Mon, 05 Jun 2023 13:08:47 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Almt+N6jTl69XozhzBw9eg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.6f78b5133f378c92c1b9.chunk.css
23.36.79.34200 OK 24 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.6f78b5133f378c92c1b9.chunk.css
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 7761c210936c5ffbc16bf3a859c5c649
30b0294e872a612bbb44fef185397b20839a6a7f
5b306356aae0365e64f0f2aeb36e88aaebcfad3cede0791f87a2cd3d8fbbe9af
GET /accounts/static/7M/accounts/public/stylesheets/main.6f78b5133f378c92c1b9.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 23979
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-5dab"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Mon, 05 Jun 2023 13:08:47 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=NFu4cppV6RMzE0qfpQ0fAQ%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.df910294345cedd2922e.chunk.css
23.36.79.34200 OK 39 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.df910294345cedd2922e.chunk.css
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 1415f9572acbb3f9c9b735caa721379c
b028e1c6270ffbbeaaad4df08669a519dabef72c
38526f61faf9a7f3f0612e909fb6f786a7ffba9b899c4d37ee66a7f08dd8f69d
GET /accounts/static/7M/accounts/public/stylesheets/wfui.df910294345cedd2922e.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 39080
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-98a8"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Mon, 05 Jun 2023 13:08:47 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=XECBvHauDjcjqVrI+FZCrw%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
23.36.79.9200 OK 45 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
IP 23.36.79.9:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Mon, 05 Jun 2023 13:08:47 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=38Yw6g2fyceE0gEpFHndcQ%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc%3A0&_cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc&pv=2&f_cls_s=true
23.36.79.9200 OK 1.1 kB URL GET HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc%3A0&_cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc&pv=2&f_cls_s=true
IP 23.36.79.9:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (4589), with no line terminators
Hash 144cd99d018a1b33b6f152ab353f72d8
05b6730ea620583b5a8cfa43c6fbd2daacbad022
e1d62f8c339f20a2a63df351c0992e55a9e0e353c38feed2328f39f5c9bbcde7
GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc%3A0&_cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1140
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Mon, 05 Jun 2023 13:08:47 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=32a3f9ce; Secure; SameSite=None;HttpOnly;Secure
_cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0; Secure; SameSite=None;HttpOnly;Secure
_cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!M08dbjvuue8U2kHpnNE5eVRfS7HzYwgV4fBRF2b3j1a3O0dTNSZ+Aswykhv5mZFU8jINVlsw62i3XA==; path=/; Httponly; Secure
DCID=RpkRVjxSwRIGAiC309UstrJOkoX1ZOuJDz83syEzZDjK92vM3n1qJrURDY3zWAZj; Domain=rubicon.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:47 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
23.36.79.26200 OK 16 kB URL GET HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
IP 23.36.79.26:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (599)
Hash aeccb854b0a76aa9f478e466c8011b29
625d31cbeb8978cf2419f58d14bba92a42dbb45c
7f0d10bc282c3d7b0eb4d7527303490f8d3b86a1c65e293c2d9f0793006441e6
GET /assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 Mar 2021 23:46:24 GMT
Vary: Accept-Encoding
ETag: W/"60401fd0-bbed"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15970
Date: Mon, 05 Jun 2023 13:08:48 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=RojN71fjp+uBhfH5BNs9cA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.0b407b6e491f76ce3813.js
23.36.79.34200 OK 3.8 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.0b407b6e491f76ce3813.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (7626), with no line terminators
Hash 376eecf5abc22210cbcec8dc18f21cf6
be2406fc2ef24c86c85eb04a9c36559ef1fa3d7b
a56f4f80c32f2fd3a8d47679dfd0456765d23a853a0f12c5bdf7e8bae4c65a20
GET /accounts/static/7M/accounts/public/js/runtime.0b407b6e491f76ce3813.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: W/"645c0402-1dca"
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Content-Encoding: gzip
Content-Length: 3788
Date: Mon, 05 Jun 2023 13:08:48 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=4Mhdh0s+dPkpj+QA8xkLMWn2BZbrpZoc0kt+LtTl524gS8vdTzrKhfPnRa94SdLH; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:47 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
c1.wfinterface.com/tracking/ga/ga.js
23.36.79.32200 OK 20 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/ga.js
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (49163)
Hash 8402e9ebdf9290c018b0617018227681
2d840fcd6c3008d9aca747ba0ce056b496db8e1b
0b2af045acafbdf14516bf55f310568036ace959946d16edb1acebcd58029d22
GET /tracking/ga/ga.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-c025"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 19477
Date: Mon, 05 Jun 2023 13:08:48 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=em056BFLKVlReexS9mAdYg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/ga_conversion_async.js
23.36.79.32200 OK 14 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/ga_conversion_async.js
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (35846)
Hash 0a40602db7616a31c9da4548ee920190
878e01cb0c90cb247aabc137327655a6fcffcbd5
6c771bd1c269646a76015f2f6410a40c031e5adea88f665bfe9ae15a972ab6ab
GET /tracking/ga/ga_conversion_async.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-8c31"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 13593
Date: Mon, 05 Jun 2023 13:08:48 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=%2fBVPmbPcQOpWGuBYqbq+EA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527460&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527460&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527460&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8 HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==; utag_main=v_id:01888bac9e2000b1282115f7241805046003700900918$_sn:1$_se:2$_ss:0$_st:1685972327186$ses_id:1685970525729%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:74162273-9a13-4636-9c11-031f813a34a0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:183; dti_apg=%7B%22_rt%22%3A%22DQYpVLR%2BiA7F8CmqlxTN%2BoFTZMyC5QiFxXtkuyjltPU%3D%22%2C%22_s%22%3A%22RhtTe79N%22%2C%22c%22%3A%22TGpuVkNNSDNodjRvSTd0Qg%3D%3Dj0yJxV0xHoKWOAjBmsstLI_wI6S2eBsSImoHTe7Ji7Ilrv17K5JhguaJjKVeCPugaiIvJB4hZXzZv0Pr1ulBFwwrUXMm33QJIZc%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C09736444815161764679134850405317704544%7CMCOPTOUT-1685977727s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc; _cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:48 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sun, 04 Jun 2023 13:08:48 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=qRBO9fJfugGUYWc4TMVfxvX+egq8M6asU5RTxv0g3n9RHvJv+kFRJQQ%2fJGlS18jP; Domain=www.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:48 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde5f_kf173_12358-33406
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527456&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527456&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527456&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32 HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==; utag_main=v_id:01888bac9e2000b1282115f7241805046003700900918$_sn:1$_se:2$_ss:0$_st:1685972327186$ses_id:1685970525729%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:74162273-9a13-4636-9c11-031f813a34a0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:183; dti_apg=%7B%22_rt%22%3A%22DQYpVLR%2BiA7F8CmqlxTN%2BoFTZMyC5QiFxXtkuyjltPU%3D%22%2C%22_s%22%3A%22RhtTe79N%22%2C%22c%22%3A%22TGpuVkNNSDNodjRvSTd0Qg%3D%3Dj0yJxV0xHoKWOAjBmsstLI_wI6S2eBsSImoHTe7Ji7Ilrv17K5JhguaJjKVeCPugaiIvJB4hZXzZv0Pr1ulBFwwrUXMm33QJIZc%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C09736444815161764679134850405317704544%7CMCOPTOUT-1685977727s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc; _cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:48 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sun, 04 Jun 2023 13:08:48 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=ZBFXvgmhJh5hz59lY6o62FBrt1npzn04aySTXF7drfYcAXjY+WnUL5dvePUO22Zl; Domain=www.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:48 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde5f_kf173_12520-21816
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527448&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527448&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527448&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32 HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==; utag_main=v_id:01888bac9e2000b1282115f7241805046003700900918$_sn:1$_se:2$_ss:0$_st:1685972327186$ses_id:1685970525729%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:74162273-9a13-4636-9c11-031f813a34a0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:183; dti_apg=%7B%22_rt%22%3A%22DQYpVLR%2BiA7F8CmqlxTN%2BoFTZMyC5QiFxXtkuyjltPU%3D%22%2C%22_s%22%3A%22RhtTe79N%22%2C%22c%22%3A%22TGpuVkNNSDNodjRvSTd0Qg%3D%3Dj0yJxV0xHoKWOAjBmsstLI_wI6S2eBsSImoHTe7Ji7Ilrv17K5JhguaJjKVeCPugaiIvJB4hZXzZv0Pr1ulBFwwrUXMm33QJIZc%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C09736444815161764679134850405317704544%7CMCOPTOUT-1685977727s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc; _cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:48 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sun, 04 Jun 2023 13:08:48 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=bMThryr0Mgg+EndPTg0t96YDv4Z3kbmm3TkQzSY8aLH6AL%2fNdFJd7D%2fVUdvfaDFy; Domain=www.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:48 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde5f_kf173_12381-15806
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527463&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527463&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527463&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==; utag_main=v_id:01888bac9e2000b1282115f7241805046003700900918$_sn:1$_se:2$_ss:0$_st:1685972327186$ses_id:1685970525729%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:74162273-9a13-4636-9c11-031f813a34a0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:183; dti_apg=%7B%22_rt%22%3A%22DQYpVLR%2BiA7F8CmqlxTN%2BoFTZMyC5QiFxXtkuyjltPU%3D%22%2C%22_s%22%3A%22RhtTe79N%22%2C%22c%22%3A%22TGpuVkNNSDNodjRvSTd0Qg%3D%3Dj0yJxV0xHoKWOAjBmsstLI_wI6S2eBsSImoHTe7Ji7Ilrv17K5JhguaJjKVeCPugaiIvJB4hZXzZv0Pr1ulBFwwrUXMm33QJIZc%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C09736444815161764679134850405317704544%7CMCOPTOUT-1685977727s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc; _cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:48 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sun, 04 Jun 2023 13:08:48 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=On003eQ20HWps994UsCQqyXy09o+A%2frmeJx5+ZgkgSb3a51jtZNy%2fg3%2faEPqOGWk; Domain=www.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:48 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde5f_kf173_12351-40840
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527467&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_chk_digitalcashbonusrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527467&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_chk_digitalcashbonusrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527467&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_chk_digitalcashbonusrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==; utag_main=v_id:01888bac9e2000b1282115f7241805046003700900918$_sn:1$_se:2$_ss:0$_st:1685972327186$ses_id:1685970525729%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:74162273-9a13-4636-9c11-031f813a34a0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:183; dti_apg=%7B%22_rt%22%3A%22DQYpVLR%2BiA7F8CmqlxTN%2BoFTZMyC5QiFxXtkuyjltPU%3D%22%2C%22_s%22%3A%22RhtTe79N%22%2C%22c%22%3A%22TGpuVkNNSDNodjRvSTd0Qg%3D%3Dj0yJxV0xHoKWOAjBmsstLI_wI6S2eBsSImoHTe7Ji7Ilrv17K5JhguaJjKVeCPugaiIvJB4hZXzZv0Pr1ulBFwwrUXMm33QJIZc%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C09736444815161764679134850405317704544%7CMCOPTOUT-1685977727s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc; _cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:48 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sun, 04 Jun 2023 13:08:48 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=WyTnkW0JurI2gvz0bViYiE2tHBJGsDD+jUF97rjt4fnZPu+0pNGp064bcADPC0Om; Domain=www.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:48 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde60_kf173_12381-15809
c1.wfinterface.com/tracking/ga/ec.js
23.36.79.32200 OK 1.3 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/ec.js
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (2771)
Hash 0ae62a83927125e9b9dfa97f89af9d3f
efb68f49f2b9b6b5567bf26a17015ede289e429d
618688d9849fef712931832c71e01be145d1791d6da917a702ab86a74ce66089
GET /tracking/ga/ec.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-aed"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1313
Date: Mon, 05 Jun 2023 13:08:48 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=1lENveLHu6IjH2wlvQYlng%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
23.36.79.34200 OK 151 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 151 kB (151029 bytes)
Hash 7a4ce899dfe230dee0954ac92a9c03e9
164e1b484ca10c978c5deb1a0e8fcd72bfb95d7d
e636c8fdd112b13e0e44165a4850a057c593d3a4b9b647df71ea661b9115f935
GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Allow: GET, POST, OPTIONS
Access-Control-Allow-Methods: POST
X-Frame-Options: SAMEORIGIN
ETag: W/"645d3f60-1854"
Last-Modified: Thu, 11 May 2023 19:17:52 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 05 Jun 2023 13:08:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
WesdAksn=AwalrIuIAQAALOWy_tVZte_L4J3819zvEjmr2IEsJsgdZ2VkImYowZZzO7BtAVtaKpqcuNk0wH8AADQwAAAAAA|1|0|b62d25cff5ec95dc6458dbd9b604edc4ab7b2cd8; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=YI7RoaV5Jw3ejXhm8AABUXrtWSd5bS330QGUXBk3EJHEGWtYmXXvgHe8w13Oo784; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:47 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527470&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527470&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527470&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==; utag_main=v_id:01888bac9e2000b1282115f7241805046003700900918$_sn:1$_se:2$_ss:0$_st:1685972327186$ses_id:1685970525729%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:74162273-9a13-4636-9c11-031f813a34a0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:183; dti_apg=%7B%22_rt%22%3A%22DQYpVLR%2BiA7F8CmqlxTN%2BoFTZMyC5QiFxXtkuyjltPU%3D%22%2C%22_s%22%3A%22RhtTe79N%22%2C%22c%22%3A%22TGpuVkNNSDNodjRvSTd0Qg%3D%3Dj0yJxV0xHoKWOAjBmsstLI_wI6S2eBsSImoHTe7Ji7Ilrv17K5JhguaJjKVeCPugaiIvJB4hZXzZv0Pr1ulBFwwrUXMm33QJIZc%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C09736444815161764679134850405317704544%7CMCOPTOUT-1685977727s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc; _cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:48 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sun, 04 Jun 2023 13:08:48 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=83AD7CL2RlnUKnSdd9n87tq3PGZ8IcJLpjlmmK1crlR9I8ICxkFUq2844M0F6mkm; Domain=www.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:48 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde60_kf173_12358-33410
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0&_cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc&pid=37f79e20-1427-44e5-8704-18b8ade05c7c&sn=1&cfg&pv=2&aid=
23.36.79.9200 OK 1.1 kB URL POST HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0&_cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc&pid=37f79e20-1427-44e5-8704-18b8ade05c7c&sn=1&cfg&pv=2&aid=
IP 23.36.79.9:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (4589), with no line terminators
Hash 144cd99d018a1b33b6f152ab353f72d8
05b6730ea620583b5a8cfa43c6fbd2daacbad022
e1d62f8c339f20a2a63df351c0992e55a9e0e353c38feed2328f39f5c9bbcde7
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0&_cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc&pid=37f79e20-1427-44e5-8704-18b8ade05c7c&sn=1&cfg&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 2802
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=32a3f9ce; _cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0; _cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1140
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Mon, 05 Jun 2023 13:08:48 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=32a3f9ce; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!ZIwvMH195dGMklbpnNE5eVRfS7HzY+dRTwRzNBDuQj2YeKmSbdlVJg3H2Ct/59FShE2RirTZzhXMDw==; path=/; Httponly; Secure
DCID=9you%2f1cgDrezoHH4jCbXa251y%2fuGhZqg+5Z3JcbFTAyDpxFHFBNXLgzd3+3%2fzED6; Domain=rubicon.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:48 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527480&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=2
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527480&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=2
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527480&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=2 HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==; utag_main=v_id:01888bac9e2000b1282115f7241805046003700900918$_sn:1$_se:2$_ss:0$_st:1685972327186$ses_id:1685970525729%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:74162273-9a13-4636-9c11-031f813a34a0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:183; dti_apg=%7B%22_rt%22%3A%22DQYpVLR%2BiA7F8CmqlxTN%2BoFTZMyC5QiFxXtkuyjltPU%3D%22%2C%22_s%22%3A%22RhtTe79N%22%2C%22c%22%3A%22TGpuVkNNSDNodjRvSTd0Qg%3D%3Dj0yJxV0xHoKWOAjBmsstLI_wI6S2eBsSImoHTe7Ji7Ilrv17K5JhguaJjKVeCPugaiIvJB4hZXzZv0Pr1ulBFwwrUXMm33QJIZc%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C09736444815161764679134850405317704544%7CMCOPTOUT-1685977727s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc; _cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:48 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sun, 04 Jun 2023 13:08:48 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=FX8ur47Hf3w5jusF7080MF+J5k4f9fccjWwML70fYkLP3byKeU2LgQLPVRm742lG; Domain=www.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:48 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde60_kf173_12351-40842
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527477&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527477&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527477&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==; utag_main=v_id:01888bac9e2000b1282115f7241805046003700900918$_sn:1$_se:2$_ss:0$_st:1685972327186$ses_id:1685970525729%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:74162273-9a13-4636-9c11-031f813a34a0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:183; dti_apg=%7B%22_rt%22%3A%22DQYpVLR%2BiA7F8CmqlxTN%2BoFTZMyC5QiFxXtkuyjltPU%3D%22%2C%22_s%22%3A%22RhtTe79N%22%2C%22c%22%3A%22TGpuVkNNSDNodjRvSTd0Qg%3D%3Dj0yJxV0xHoKWOAjBmsstLI_wI6S2eBsSImoHTe7Ji7Ilrv17K5JhguaJjKVeCPugaiIvJB4hZXzZv0Pr1ulBFwwrUXMm33QJIZc%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C09736444815161764679134850405317704544%7CMCOPTOUT-1685977727s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc; _cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:48 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sun, 04 Jun 2023 13:08:48 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=OTj3COJnnXD2rF3DK+05sRt5B1dd0Fl7lnGun5BSpacevQjjgygP7rZaHWL1911u; Domain=www.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:48 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde60_kf173_12381-15813
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527474&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_sav_savingsprospectrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32&promoSlot=1
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527474&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_sav_savingsprospectrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32&promoSlot=1
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527474&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_sav_savingsprospectrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32&promoSlot=1 HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==; utag_main=v_id:01888bac9e2000b1282115f7241805046003700900918$_sn:1$_se:2$_ss:0$_st:1685972327186$ses_id:1685970525729%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:74162273-9a13-4636-9c11-031f813a34a0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:183; dti_apg=%7B%22_rt%22%3A%22DQYpVLR%2BiA7F8CmqlxTN%2BoFTZMyC5QiFxXtkuyjltPU%3D%22%2C%22_s%22%3A%22RhtTe79N%22%2C%22c%22%3A%22TGpuVkNNSDNodjRvSTd0Qg%3D%3Dj0yJxV0xHoKWOAjBmsstLI_wI6S2eBsSImoHTe7Ji7Ilrv17K5JhguaJjKVeCPugaiIvJB4hZXzZv0Pr1ulBFwwrUXMm33QJIZc%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C09736444815161764679134850405317704544%7CMCOPTOUT-1685977727s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc; _cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:48 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sun, 04 Jun 2023 13:08:48 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=RnTg3dZB3Xfala5e8NaluE3lBoJlGQzfg0hZqbx8ItSC%2ft+isVwVWibkw9DMKdMA; Domain=www.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:48 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde60_kf173_12520-21821
ort.wellsfargo.com/securereporting/reporting/v1/csp
95.101.10.211 0 B URL ort.wellsfargo.com/securereporting/reporting/v1/csp
IP 95.101.10.211:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /securereporting/reporting/v1/csp HTTP/1.1
Host: ort.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 3398
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Length: 0
X-Vcap-Request-Id: ff952bc8-ba91-4046-6f78-e79f4a2260dd
X-Xss-Protection: 1; mode=block
Date: Mon, 05 Jun 2023 13:08:48 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:0|g:7a2a7542-d26f-4393-b8cd-0f5498569d6e; Max-Age=30; Expires=Mon, 05 Jun 2023 13:09:18 GMT; Path=/; Secure
ADRUM_BTa=R:0|g:7a2a7542-d26f-4393-b8cd-0f5498569d6e|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Max-Age=30; Expires=Mon, 05 Jun 2023 13:09:18 GMT; Path=/; Secure
SameSite=None; Max-Age=30; Expires=Mon, 05 Jun 2023 13:09:18 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766; Max-Age=30; Expires=Mon, 05 Jun 2023 13:09:18 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:2; Max-Age=30; Expires=Mon, 05 Jun 2023 13:09:18 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:2|d:2; Max-Age=30; Expires=Mon, 05 Jun 2023 13:09:18 GMT; Path=/; Secure
DCID=i1Oje2Ggs15d+H2NPioglUavIW6wUlSADi78xoOKWrE8mhJwcl5PQWod5buExO6M; Domain=ort.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:48 GMT;Httponly; Secure
_abck=EF2A8F788D7658C481B6506C59341AB8~-1~YAAQzwplX7opyGyIAQAA6qisiwqYOlcimVRW2Pmv/96bjTCo/gwT7R0SEz/+KrzTpvwvSIboRvFDVBnoGCX5iJrjvduShdEhEJhjfD+WbTaaZe2WYqezZNBLUJdw0ngq/AFFQyh5naKmADGS2NBword19prdbWPBAJaTkCrXTjX3l+Uk5bkrOu/MsIXWdzI5D7hkOH+n9rjtZRqXml1Mk69+kd1YTxnJu0nW7+Qb1PmVxvieswF5e7xyACSt7x86cXUMn2eAkqUswZSE5Certh8bSgVygFMvwpfB5rJ32oSbtHyq4UU7D508fyoWO/r0cy1AoJcO7can2NwQe4SSMUVXaP1ZVWCaH8BKMMG9PisQg7UT/sDwPd7EVM0U0ICU~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Tue, 04 Jun 2024 13:08:48 GMT; Max-Age=31536000; Secure
bm_sz=ACBDF3CAF60D4C8A608AB07323C556DE~YAAQzwplX7spyGyIAQAA6qisixQO3iFVlpxuCc61qwFzoJ8pS7XcSTRuAes4IAmIyEyPj88gwtyD5xBMF2nP/MOpEfYp3mvBxWRlYCHwWEkq9O8ojidEaV7fEDqGdJV0/SDioqMQkYm+mG++nyusXR88YxebDwLC5oug6FnIPWoHGuHQ+1jDUxL09mccYu6t9VrZP5YBGgtR9nifjVKMQhn2X9jkgG3p7VuKglwTpKu56cn2xtI8p3SrD6YDeVyfGxaUPQc/CX2xRZf9qeW8V57wdYyONFwLz1GPlr7QQ/l07lu53tkV~4404802~4539960; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 17:08:48 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527485&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527485&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527485&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==; utag_main=v_id:01888bac9e2000b1282115f7241805046003700900918$_sn:1$_se:2$_ss:0$_st:1685972327186$ses_id:1685970525729%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:74162273-9a13-4636-9c11-031f813a34a0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:183; dti_apg=%7B%22_rt%22%3A%22DQYpVLR%2BiA7F8CmqlxTN%2BoFTZMyC5QiFxXtkuyjltPU%3D%22%2C%22_s%22%3A%22RhtTe79N%22%2C%22c%22%3A%22TGpuVkNNSDNodjRvSTd0Qg%3D%3Dj0yJxV0xHoKWOAjBmsstLI_wI6S2eBsSImoHTe7Ji7Ilrv17K5JhguaJjKVeCPugaiIvJB4hZXzZv0Pr1ulBFwwrUXMm33QJIZc%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C09736444815161764679134850405317704544%7CMCOPTOUT-1685977727s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc; _cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:48 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sun, 04 Jun 2023 13:08:48 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=6Sf9PlTvfSp+H22fruHSJEwUWGRDM4SuGL+tr8NpFswl7rbzAt%2f%2f2zVx%2f%2fOYUa9X; Domain=www.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:48 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde60_kf173_12381-15816
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527364&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527364&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527364&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==; utag_main=v_id:01888bac9e2000b1282115f7241805046003700900918$_sn:1$_se:2$_ss:0$_st:1685972327186$ses_id:1685970525729%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:74162273-9a13-4636-9c11-031f813a34a0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:183; dti_apg=%7B%22_rt%22%3A%22DQYpVLR%2BiA7F8CmqlxTN%2BoFTZMyC5QiFxXtkuyjltPU%3D%22%2C%22_s%22%3A%22RhtTe79N%22%2C%22c%22%3A%22TGpuVkNNSDNodjRvSTd0Qg%3D%3Dj0yJxV0xHoKWOAjBmsstLI_wI6S2eBsSImoHTe7Ji7Ilrv17K5JhguaJjKVeCPugaiIvJB4hZXzZv0Pr1ulBFwwrUXMm33QJIZc%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C09736444815161764679134850405317704544%7CMCOPTOUT-1685977727s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc; _cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:48 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sun, 04 Jun 2023 13:08:48 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=p%2fnpPJHany1VGlghEJkQ5FsN+%2fAwwtH34RhFJHC+04U%3d; Domain=www.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:48 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde5f_kf173_12394-11020
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527491&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527491&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527491&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32 HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==; utag_main=v_id:01888bac9e2000b1282115f7241805046003700900918$_sn:1$_se:2$_ss:0$_st:1685972327186$ses_id:1685970525729%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:74162273-9a13-4636-9c11-031f813a34a0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:183; dti_apg=%7B%22_rt%22%3A%22DQYpVLR%2BiA7F8CmqlxTN%2BoFTZMyC5QiFxXtkuyjltPU%3D%22%2C%22_s%22%3A%22RhtTe79N%22%2C%22c%22%3A%22TGpuVkNNSDNodjRvSTd0Qg%3D%3Dj0yJxV0xHoKWOAjBmsstLI_wI6S2eBsSImoHTe7Ji7Ilrv17K5JhguaJjKVeCPugaiIvJB4hZXzZv0Pr1ulBFwwrUXMm33QJIZc%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C09736444815161764679134850405317704544%7CMCOPTOUT-1685977727s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc; _cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:48 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sun, 04 Jun 2023 13:08:48 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=280dE5zeDroSTzAtbd7IYSSLfBNotXRzb+Zidmhbe5xP%2fMb6fRSYBX6g7uyGxYh+; Domain=www.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:48 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde60_kf173_12351-40848
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527488&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527488&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F&cb=1685970527488&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3 HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==; utag_main=v_id:01888bac9e2000b1282115f7241805046003700900918$_sn:1$_se:2$_ss:0$_st:1685972327186$ses_id:1685970525729%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:74162273-9a13-4636-9c11-031f813a34a0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:183; dti_apg=%7B%22_rt%22%3A%22DQYpVLR%2BiA7F8CmqlxTN%2BoFTZMyC5QiFxXtkuyjltPU%3D%22%2C%22_s%22%3A%22RhtTe79N%22%2C%22c%22%3A%22TGpuVkNNSDNodjRvSTd0Qg%3D%3Dj0yJxV0xHoKWOAjBmsstLI_wI6S2eBsSImoHTe7Ji7Ilrv17K5JhguaJjKVeCPugaiIvJB4hZXzZv0Pr1ulBFwwrUXMm33QJIZc%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C09736444815161764679134850405317704544%7CMCOPTOUT-1685977727s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc; _cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:48 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
X-Cnection: close
ETag: "519fc8a6-2b"
Expires: Sun, 04 Jun 2023 13:08:48 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=kkbNuI8F75YRSPsm7rQUUh8x9L8hC8zYHUC19gSucTxyEzyZUiZ1YKOMq+kliqcm; Domain=www.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:48 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde60_kf173_12358-33413
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.132.220200 OK 971 B URL POST HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2436), with no line terminators
Hash 64bb06a242f50c5100b14342079dccbc
356620be764e0ef401a7ca41d39a1ecf72d092cb
147980db46a51b15957f51c0c108e615e5072507fc52599a7251432694abcf14
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 265
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==; utag_main=v_id:01888bac9e2000b1282115f7241805046003700900918$_sn:1$_se:2$_ss:0$_st:1685972327186$ses_id:1685970525729%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:74162273-9a13-4636-9c11-031f813a34a0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:183; dti_apg=%7B%22_rt%22%3A%22DQYpVLR%2BiA7F8CmqlxTN%2BoFTZMyC5QiFxXtkuyjltPU%3D%22%2C%22_s%22%3A%22RhtTe79N%22%2C%22c%22%3A%22TGpuVkNNSDNodjRvSTd0Qg%3D%3Dj0yJxV0xHoKWOAjBmsstLI_wI6S2eBsSImoHTe7Ji7Ilrv17K5JhguaJjKVeCPugaiIvJB4hZXzZv0Pr1ulBFwwrUXMm33QJIZc%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C09736444815161764679134850405317704544%7CMCOPTOUT-1685977727s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc; _cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:48 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 971
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-e0b785c9-8549-4608-a359-82fbbc24dd53' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:74162273-9a13-4636-9c11-031f813a34a0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:183; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:54f0a399-03b8-414d-849d-1406d9b965bf; Expires=Mon, 05 Jun 2023 13:09:18 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:54f0a399-03b8-414d-849d-1406d9b965bf|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Mon, 05 Jun 2023 13:09:18 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Mon, 05 Jun 2023 13:09:18 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Mon, 05 Jun 2023 13:09:18 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:65; Expires=Mon, 05 Jun 2023 13:09:18 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=599BE99A7800A1BEE8620AE6D1F5ABFD; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Tue, 04 Jun 2024 13:08:48 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=112023060506084899933214; domain=.wellsfargo.com; path=/; expires=2 Jun 2033 13:08:48 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!1294HGZ8IqdLqDUMntjHYqEj2JIOPJ3AWQGzwAzwEdnrr3W7N915+83TwGu+ANyXaBGGowJ3cc5IryU=; path=/; Httponly; Secure
DCID=Ie9uAMhB2FYlJUfyJoFP8ldxQJlxss7QcaL4g92tcMgpbdztb6eoB8J2qTgHC0+e; Domain=www.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:48 GMT;Httponly; Secure
_abck=D67FDB7991A1A6D5ACCBC036E716BDE3~-1~YAAQjtAXAjYS7oqIAQAAtamsiwrO5L18RZYj9zg3XNwZznw6r+n359IqMaF3DYSdQ6o6LwZqJ9hfGVZ3mExqR0i0RybM7OMnfnAGce6Ob6ehebPlqdA5T9mrX9xAiBSCBMkJeIxmpuUz/M/O+KarGlAmcjxqPeubZBr2rAr+2MSHW9ZK2UF6XytwhY7SIW+x892G+vCFV77tW5kvLODHBDCz8aD0/wicqWFJ3tvHwqMI/pPkQfR4hD+PvlZqBxC6qif6OeFpt9HI9zb9Kwd0Ek7tTohIQqgK7GrmmLo+m47nxV3UFSqvk96eJjfhEuoSeSMeAWOIziCk8jsChF5lljGWxMNNoPRKYRVKxhmzYrnx4YNgV1sCv7rIESd8/mMA~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Tue, 04 Jun 2024 13:08:48 GMT; Max-Age=31536000; Secure
bm_sz=F4773D7DA082E7A5915E1C2BD4CA9975~YAAQjtAXAjcS7oqIAQAAtamsixSnRXSLGjvPZ89Cwel0gqHH7PqUFv5tXEsgpIQKR5e9gKKw0A90KRzLrhECssTcoWyEDU9N6DY4ooGH4LvzC/k6Q6nw7zNLNrnZYuD8oNdgyUlaAZhU6vG/4WWBin6Q3AjRzkrsdA9rnRU0eY6d+XlImPjzzPiVLwzc/u7FO8+aqNKdQtWjK1M50cY+oLy2eOATA3qkzfOtMhs7XZMB62XLkwe4uVdanj0YrCAVl5+0podfxfo0IoMNjWZPcj+//77PKJaHGQB7QnrMKzcdFq0igCZT~4338244~3556146; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 17:08:48 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde60_kf173_12381-15822
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.132.220200 OK 968 B URL POST HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2438), with no line terminators
Hash 2f4f96bc694bfaf2ec92f5be774bba6b
838b39c6f427cee49a0a22922297984867d1f526
42241dde4195a6e2ba69899397ce3d4ed9a46740f8d3a7b62c882ede5b7028e4
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 265
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==; utag_main=v_id:01888bac9e2000b1282115f7241805046003700900918$_sn:1$_se:2$_ss:0$_st:1685972327186$ses_id:1685970525729%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:74162273-9a13-4636-9c11-031f813a34a0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:183; dti_apg=%7B%22_rt%22%3A%22DQYpVLR%2BiA7F8CmqlxTN%2BoFTZMyC5QiFxXtkuyjltPU%3D%22%2C%22_s%22%3A%22RhtTe79N%22%2C%22c%22%3A%22TGpuVkNNSDNodjRvSTd0Qg%3D%3Dj0yJxV0xHoKWOAjBmsstLI_wI6S2eBsSImoHTe7Ji7Ilrv17K5JhguaJjKVeCPugaiIvJB4hZXzZv0Pr1ulBFwwrUXMm33QJIZc%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C09736444815161764679134850405317704544%7CMCOPTOUT-1685977727s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc; _cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:48 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 968
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-ad6f2143-d353-47bd-b5d6-0ac74c9b9a41' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:74162273-9a13-4636-9c11-031f813a34a0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:183; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:1ab64364-d22e-4c6b-ac7e-c6000e152575; Expires=Mon, 05 Jun 2023 13:09:18 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:1ab64364-d22e-4c6b-ac7e-c6000e152575|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Mon, 05 Jun 2023 13:09:18 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Mon, 05 Jun 2023 13:09:18 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Mon, 05 Jun 2023 13:09:18 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:57; Expires=Mon, 05 Jun 2023 13:09:18 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=FBA51D6E604039EC2B1A6F277FBC91EA; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Tue, 04 Jun 2024 13:08:48 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120230605060848476456991; domain=.wellsfargo.com; path=/; expires=2 Jun 2033 13:08:48 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!3Szi1L/Ml1sT+NoMntjHYqEj2JIOPIKuvK1sbuAD6SKNX6bHtjxkiWpwxYsDegS0dEE7Nk6Xi+tOVVc=; path=/; Httponly; Secure
DCID=gNaU9j+kQHAohEQ2+WVpW6J1NpuNPh8GrjqYqbmcFPmg5PoYiCw+AoGz7JPA9OwT; Domain=www.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:48 GMT;Httponly; Secure
_abck=09005617DD1C565951EC733F099FEFC6~-1~YAAQlNAXAhefNXeIAQAAtqmsiwqo7ZmP74zOXq3E9/8+Cn9LWPBMsXgl4TbWOTOKOHJgUUgqI3+qYMO/rgKtaM8DbHuTEjujkImIigMnm8JR/P+xDEF6V7A/2U8lIQl13rPu7lt8cC+bhcYC9uZu/Ub3CaliCYxbsNNE3S2uIPz5sH46I6OJxLruHnmjfWld/SG3tSMS9PW2ZptuSqpy5L3CQq/FGjDsOig/5xes3xAyVjqpMeVSyVzxaJ3iWeAeXtAukEs52gUwxZg6qQ4GIjEc00fX937GV82QvknY+yMs1P2FHEhONHOwQLe1E+kMF1YUoSk1dbmDHH/SP4tI2o45/ltKu0tq77qjtcVaN/+lPGVw6/5CCB/yYWekuOC2~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Tue, 04 Jun 2024 13:08:48 GMT; Max-Age=31536000; Secure
bm_sz=2308CE6155044099B5EFD83D948E5589~YAAQlNAXAhifNXeIAQAAtqmsixQpkufhQaTIgYySc+ku8+kF1r4WL2psTh478fAYVUiZBrIX32m5gGRGiIcA2zviOH8dv8/F+vekWl7krkSfFjhKmOg/GgrcvuPqupH1rnasBlKgLn3QhzcDEXM1Jbn1/fsDUEtAW/Gt7zOHV2a4Z9kqmUBOFUJPcRwtlcbfUyUaFRLoMnSQ9XQqCd7ZmXxnECp8PeRMxJj35Z15IToIlcANd8DCkWRTuzpPiFa7xUXHn66SJxhFg+yhMVkMXZrnfk9FEFRrzR8o3zeRHGvgEQ+eaQtS~4338244~3556146; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 17:08:48 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde60_kf173_12520-21822
connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
23.36.79.34200 OK 607 B URL GET HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with CRLF line terminators
Hash 566dda94252f1860a7a28665c715b530
6aa0455dc8ea41441b1f3a733985758dc40af736
43dd833f33570535401d009e6b6f9cde54bdac4e210fc6c89cfdcfcbaa9fc903
GET /auth/static/prefs/atadun.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 11 May 2023 19:12:37 GMT
Vary: Accept-Encoding
ETag: W/"645d3e25-4a0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Content-Encoding: gzip
Content-Length: 607
Date: Mon, 05 Jun 2023 13:08:48 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=RaWPvrUbJvhtcZUIdNyZJ5ifuSM1nG79sKfizxeCI+kl1I2F%2fo3F9GvEqrALZ1Zy; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:48 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.132.220200 OK 969 B URL POST HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2439), with no line terminators
Hash 27fcc6621f46e981b059739bbb774c15
11081d69150adcca75cb511e4e9881b01f5dac24
745d3b56008ad114b9c281a9743cf3b4a2f0b413a514340308af4e138401d38e
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 264
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==; utag_main=v_id:01888bac9e2000b1282115f7241805046003700900918$_sn:1$_se:2$_ss:0$_st:1685972327186$ses_id:1685970525729%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:74162273-9a13-4636-9c11-031f813a34a0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:183; dti_apg=%7B%22_rt%22%3A%22DQYpVLR%2BiA7F8CmqlxTN%2BoFTZMyC5QiFxXtkuyjltPU%3D%22%2C%22_s%22%3A%22RhtTe79N%22%2C%22c%22%3A%22TGpuVkNNSDNodjRvSTd0Qg%3D%3Dj0yJxV0xHoKWOAjBmsstLI_wI6S2eBsSImoHTe7Ji7Ilrv17K5JhguaJjKVeCPugaiIvJB4hZXzZv0Pr1ulBFwwrUXMm33QJIZc%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C09736444815161764679134850405317704544%7CMCOPTOUT-1685977727s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc; _cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:48 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 969
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-cff93eec-af73-47f9-baa2-8b689def4d4f' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:74162273-9a13-4636-9c11-031f813a34a0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:183; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:f7c38af6-4556-46bb-a41c-1360a36885bc; Expires=Mon, 05 Jun 2023 13:09:18 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:f7c38af6-4556-46bb-a41c-1360a36885bc|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Mon, 05 Jun 2023 13:09:18 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Mon, 05 Jun 2023 13:09:18 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Mon, 05 Jun 2023 13:09:18 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:60; Expires=Mon, 05 Jun 2023 13:09:18 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=D91DF552CB8A09963844E3E867380471; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Tue, 04 Jun 2024 13:08:48 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202306050608481311019052; domain=.wellsfargo.com; path=/; expires=2 Jun 2033 13:08:48 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!UqeLISlhT6+RXY3z2xKqB3cO2dndHvvs6LvxZ0HoGkKLB6QuwS1qNUvUaAo/cThm8sAdvsceioR59/0=; path=/; Httponly; Secure
DCID=if0T+vQdATOKoImX4sl9nKzwlAvUw0vNN+%2f9+33WVcu80MhjFwRxzfjETAV6L6w5; Domain=www.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:48 GMT;Httponly; Secure
_abck=5CE71F4C72800B4188CD9D124A75E639~-1~YAAQlNAXAh6fNXeIAQAAO6qsiwoyLbO8zhsjtMq2iR99WbQgkuBS2JwHQbekLAS31K/186+Qg/lPe1lyUziVaVGabHISRxYwT6tuN6OiKn4IvsclJbAdP4yOBjJzhKzARwZGuuHXDmR39zWvjmgNi2CrBdHCVVQ7olyMR4+KdhG04w2J7UETxZwi5gjjyn3Q/eykKt0e7LlJcemeAGfwptsyGx1ujwdnnCPrqc71Dr0ttDzDMFYwtl036atdyWNzyP3jzbyR1A6qlJkJW3LXkP0JXVZweyKLGeNpYzO/r+9f0kGs44fFi1HprVsMIOPI6X3++2YZDQGR1PDkBi9QAsH6FX7kGFv/FFJYUQjBAo0BruEZ3FpSRWYB0ObJ24Jg~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Tue, 04 Jun 2024 13:08:48 GMT; Max-Age=31536000; Secure
bm_sz=4BF2D0B8F8B00345BDB09C585BCE75FB~YAAQlNAXAh+fNXeIAQAAPKqsixRRASzajChhr5IP2cGiuZCOv4wr3a0sObMVIFN2hrUzkxqP+2mKC3IwqN4qJcRtqdi3HhIopEmmI2n9tEzGMtFm8OYekzjx6bzplSI7XE5kqv0Dyp+d3AfrLUJwpLKEDUqHjVyzjFBmiOfxJp9DVyddibuq2RNmR6zQtE8niQ6xMisBAOhYACYAuw4xJpiyzHAV+OWPpdKF88NVuQf2Pm9XbUshv9nA8prYPxO78ihAF6FtrDRMjyl8MVaiFb4JJknQ3+BD3rIIhvQibvJwtn0MjXvg~4338244~3556146; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 17:08:48 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde60_kf173_12381-15823
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.132.220200 OK 964 B URL POST HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2434), with no line terminators
Hash 9b4df1054f99f62edd55fbb2d0d94a3d
cb6d834bbc96aece0102d0cd3a032d285c968979
ef7814f801cec0c7676b87532681f4afc428c5c9574189ea843f5e3312223e6f
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 262
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==; utag_main=v_id:01888bac9e2000b1282115f7241805046003700900918$_sn:1$_se:2$_ss:0$_st:1685972327186$ses_id:1685970525729%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:74162273-9a13-4636-9c11-031f813a34a0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:183; dti_apg=%7B%22_rt%22%3A%22DQYpVLR%2BiA7F8CmqlxTN%2BoFTZMyC5QiFxXtkuyjltPU%3D%22%2C%22_s%22%3A%22RhtTe79N%22%2C%22c%22%3A%22TGpuVkNNSDNodjRvSTd0Qg%3D%3Dj0yJxV0xHoKWOAjBmsstLI_wI6S2eBsSImoHTe7Ji7Ilrv17K5JhguaJjKVeCPugaiIvJB4hZXzZv0Pr1ulBFwwrUXMm33QJIZc%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C09736444815161764679134850405317704544%7CMCOPTOUT-1685977727s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc; _cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:49 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 964
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-db1250a1-3e24-404e-b0a1-a1e6a1fad4d7' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:74162273-9a13-4636-9c11-031f813a34a0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:183; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:0da937f6-1677-4656-86b9-98c02244f724; Expires=Mon, 05 Jun 2023 13:09:18 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:0da937f6-1677-4656-86b9-98c02244f724|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Mon, 05 Jun 2023 13:09:18 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Mon, 05 Jun 2023 13:09:18 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Mon, 05 Jun 2023 13:09:18 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:24; Expires=Mon, 05 Jun 2023 13:09:18 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=19C322C6D08644A64A861321D537A215; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Tue, 04 Jun 2024 13:08:48 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120230605060848500970330; domain=.wellsfargo.com; path=/; expires=2 Jun 2033 13:08:48 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!3giMurUuLOnWwbAGl7IZxfIs0wroUe5rwFNrPaG0qQImRhXHOm7ALsdqKInW/dbEjiBytHY6dCCML7s=; path=/; Httponly; Secure
DCID=4R33pz30A8TZ73QtweZyZ15g8JmlivfVYjC11U+uv0E%3d; Domain=www.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:48 GMT;Httponly; Secure
_abck=518E5FC70FF90C2CBBDE1DAFB7D2F25F~-1~YAAQjtAXAlES7oqIAQAANqusiwrJbC+HvhQeJT6xgKbVOKrY/ccq8p0GIvS7QwbzRJ9Q/rMu3RZvY9cwGR1lSWUzeq73sVuIcc97DeT/DhV6Wdj0I3ZGDpxjlTUFZWZAM+BYFYh1GWLiEStsDxxY9FqdwvoHlLTc40/iJq6rHx6gdqavAW3S85bcaYjt5okwXkccvwVHi61KcGk21hfe29yivjqu0I/MQjXkyfxHtKsrTYIimbl+PoH3+kFzAxQEym6YEV+2F/15vCs00pTyKtHqhLQC/wtC7apwzOO9gUDFqmdZObOuYr32T8U4vwJoMz5qtAxE2krCAUHbkmQHAYIRLx+NtJfdCPbVNqWJPgsszmq1HpKc/cJMQ3BludjW~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Tue, 04 Jun 2024 13:08:49 GMT; Max-Age=31536000; Secure
bm_sz=9DF35371BEB7CEE681FD7CFFAA85547B~YAAQjtAXAlIS7oqIAQAANqusixQp0kkbxkmHYgPCgsfhGsZ8ZOFv1cln17LvGi1OVDTmRwlt3NEeM2kulcuqroGxcfwiGQNNLmlYkE7IIkPQ3bINad6OnhXdBe1Q1utrZU/Xt1jMRMG7ZLqx/licByy28pBiwr672xg6efvoqtk9c5srzfO/D9498mwblFhbjaKonatpw4nr4JUL6SBIqoqwr1BN5R6YflzBQLnKDlEFkYPdeQxiItp906lhjW83AKRdykNv+fPdr0R9+UCKK3JoayOfbcTj62b7YANPxIONKtGawMco~4338244~3556146; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 17:08:48 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde60_kf173_12394-11031
connect.secure.wellsfargo.com/AIDO/glu.js
23.36.79.34200 OK 37 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/AIDO/glu.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 277956ca47c45af356f319a1beb1703b
509311293749cbece9744fd8213b2fa4a2092fca
b7c8b401a94ae1219e828602b0265a165f425f256d4eea56cad2ef2edf8a05ae
GET /AIDO/glu.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 37189
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, OPTIONS
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Encoding: gzip
Date: Mon, 05 Jun 2023 13:08:49 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=Q55VGkknK4vhUUe4+bDivbxKbmezqJQdLZkDIHZKQblOvkhXQ0XBljx%2fUU+E4a6C; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:48 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/jenny/nd
23.36.79.34200 OK 18 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/jenny/nd
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (2293)
Hash 794c056d85b0f84eaf0cc3e08a3bb5cb
ea02de1bc6ec7b1b0c53825c8210e8c58eede339
8e0a11f8d8e006a9fbb4702e1041852e38dbc69990deb3ec6bacb43fcc0e056c
GET /jenny/nd HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/javascript;charset=ISO-8859-1
Content-Length: 17916
Date: Mon, 05 Jun 2023 13:08:49 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:55|g:61233392-b378-42f2-9db6-fe63dcd8495e; Expires=Mon, 05 Jun 2023 13:09:19 GMT; Path=/; Secure
ADRUM_BTa=R:55|g:61233392-b378-42f2-9db6-fe63dcd8495e|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Mon, 05 Jun 2023 13:09:19 GMT; Path=/; Secure
SameSite=None; Expires=Mon, 05 Jun 2023 13:09:19 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812; Expires=Mon, 05 Jun 2023 13:09:19 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812|e:4; Expires=Mon, 05 Jun 2023 13:09:19 GMT; Path=/; Secure
ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=sHokAfWRGw5hJkwV07SjpsX+bM8CEAmemj9oMkQa2Czqxzy5jJ0g4AgKxE%2fRO3WI; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:49 GMT;Httponly; Secure
_abck=114CAF28131B442BE69C180B38EC4C42~-1~YAAQHk8kF4olY22IAQAA36usiwqukmUEJuz0PVGm3l72mgNbXLqdxIMBcw+SAH6Cgi6+yAdmM4V0m2lktidDPldCyMkRt9YetFcwjroqi0By6n2IGlPtRdgtkQ+yXlq95f1FC5++Oz1ZZZHwJ3pZhfLs4i4DgAz8TAezRotuM1rY3hKP1ymrZcQcD+vybJKOxH1rsCangq59EZ1DtTOMz5KCYeC2I2UNPpIF76noirviED9Gl3EeWE3g+XXnywKIfX2DSeeq5T4wds/5Yt8JiS5p485mys1o/QrLkr7opYshFm2kLxElIvhCMvELkTw2B+GmGATXIfyiMd/1pY6fi1JwPPi/XvBp3WypK95HJoKpsDRDWUqI1pe+eOVwTks2~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Tue, 04 Jun 2024 13:08:49 GMT; Max-Age=31536000; Secure
bm_sz=3AC5B7A70897C319839A5613D4445F45~YAAQHk8kF4slY22IAQAA36usixRylV4DBYMsJgrx/fMYnMTO0Al98ZeQ02fqDMd2SDg/GU8AoJiQqF4nLTSd4n1qMYwEg9jSz5I1Cj0iCbVFxfXhM7VGJ460Tzuedfsw/Z6HW/NvxkPyqPnq5QUvnzJBKofnR+mXLAj8xnec/+BKWeINe0+/PSmUJsehf7fHH513FphhxTw9ZyzuBTZVFnJQdSNitOt0PKnIpaEg506YaC/lZ45DI1BvcaVgCsKcbnoKtTzAghQSmTvHSiQZkwNB+jnMi/+qU7a7wZydLDmZJ2Zq7IDf~3487286~3749189; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 17:08:49 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBHeG53R2YrMG9BWjN0MmRsQzRWQ2hiQVJpdEpYZDgweFk2ZklxYWZyNm56ajhVa01LcDlnVVV2WW41S0tEQ1pTNnpINGNuWXpnaVdybFplZ0dwM1pueE1VdU1qUVFRaDZoWTZvdms0NDVMRnVVT3hzaXc4RGxFNllXaDFSVjhydk9QL1Z4VVM2Z21RRG5VYlo3eEh1MGpvaXBUa1d2K2ZhTjFGb2hCOGs2U1RyaEJ1UWJsTHJBYkU5c0duR3BsRUVLdm5GQ0Frd3VNdzZXSURqTm9HWnlFTnRNUlh4YVdFYmVUTEViaEtOOEhMcUFzdHl6NFBGdERVUEVvdFh4U1NhSTJmZHVESXRBSnZLV2V6SDBiMkdqNVFORUFlUTNLZDJKS2Jka01VPXw1ZmE0ZWQwMGI0MmUzNjY1NDZmZTYyOGU2MTRlMDE2ZjU4OTAzNjJkZWJlMDQyNmI4MzhlYzc1NDNiZDY0NzEzZTYzNzRiMWMzYzY1MjIxMjcwZjYxZDNhMGI3NjAxY2FmYjhjNzdlNjRjOGYxYzRhZWUzNTY1M2UwOTdiNWZkNTk0ZmE1ZTRlMjE3YTY2OWJkMDQ5MmM5ODI2ZGU3MTI3MjBkMWM2MDFmY2YxNDM3OGZkYjUyOGExYTIyOTY5ZmY2OGY4YTcyZDVmOGI1ZmMyZTJhMWM0OWMzM2YwNDVhNzFkYTc2MDdhZDIzNGRkNDI2NjkyNWU2ZTM2N2M1N2Y2NmJlZjY3YjI0YTE5Yjc3NTYzNTk1ZTNjODBjYmRiNGQ2Mzg3MzBmNDZkNDAwNDQ2NmZiMTdmMWE1OWJkM2ZhYThhMjc1NDA2MDFhNDA2ZTk2OGNmODYxODZiY2ZkNzQxZDQxODk2ZTQwYTBjNmFkM2EzNWFmNzRkMDdjY2M3MTNhNzNlYTk4MjUzNjM3OWVkOTU4MzEzNDU3ZDcxNjRlOWY4MWVjYmY1NmI1NGJjZWI0OWU5MzQ3ZjQ3MDAyOGFlNzNhYzg3YWFiNTFmZjM2YWMzNjU5MjEzN2E3M2Q4NmRlMzI1OGE2NDlmNWRhNmFkNjA3OGVhZjI5NjczZjliYXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com&t=jsonp&c=qziasuicychugnom&eu=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F
23.36.79.34200 OK 90 B URL GET HTTP/1.1 connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBHeG53R2YrMG9BWjN0MmRsQzRWQ2hiQVJpdEpYZDgweFk2ZklxYWZyNm56ajhVa01LcDlnVVV2WW41S0tEQ1pTNnpINGNuWXpnaVdybFplZ0dwM1pueE1VdU1qUVFRaDZoWTZvdms0NDVMRnVVT3hzaXc4RGxFNllXaDFSVjhydk9QL1Z4VVM2Z21RRG5VYlo3eEh1MGpvaXBUa1d2K2ZhTjFGb2hCOGs2U1RyaEJ1UWJsTHJBYkU5c0duR3BsRUVLdm5GQ0Frd3VNdzZXSURqTm9HWnlFTnRNUlh4YVdFYmVUTEViaEtOOEhMcUFzdHl6NFBGdERVUEVvdFh4U1NhSTJmZHVESXRBSnZLV2V6SDBiMkdqNVFORUFlUTNLZDJKS2Jka01VPXw1ZmE0ZWQwMGI0MmUzNjY1NDZmZTYyOGU2MTRlMDE2ZjU4OTAzNjJkZWJlMDQyNmI4MzhlYzc1NDNiZDY0NzEzZTYzNzRiMWMzYzY1MjIxMjcwZjYxZDNhMGI3NjAxY2FmYjhjNzdlNjRjOGYxYzRhZWUzNTY1M2UwOTdiNWZkNTk0ZmE1ZTRlMjE3YTY2OWJkMDQ5MmM5ODI2ZGU3MTI3MjBkMWM2MDFmY2YxNDM3OGZkYjUyOGExYTIyOTY5ZmY2OGY4YTcyZDVmOGI1ZmMyZTJhMWM0OWMzM2YwNDVhNzFkYTc2MDdhZDIzNGRkNDI2NjkyNWU2ZTM2N2M1N2Y2NmJlZjY3YjI0YTE5Yjc3NTYzNTk1ZTNjODBjYmRiNGQ2Mzg3MzBmNDZkNDAwNDQ2NmZiMTdmMWE1OWJkM2ZhYThhMjc1NDA2MDFhNDA2ZTk2OGNmODYxODZiY2ZkNzQxZDQxODk2ZTQwYTBjNmFkM2EzNWFmNzRkMDdjY2M3MTNhNzNlYTk4MjUzNjM3OWVkOTU4MzEzNDU3ZDcxNjRlOWY4MWVjYmY1NmI1NGJjZWI0OWU5MzQ3ZjQ3MDAyOGFlNzNhYzg3YWFiNTFmZjM2YWMzNjU5MjEzN2E3M2Q4NmRlMzI1OGE2NDlmNWRhNmFkNjA3OGVhZjI5NjczZjliYXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com&t=jsonp&c=qziasuicychugnom&eu=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 96d47dba295358876e912e51971594fd
91114638f98b6a28b0ad9e587867cca10e748b1b
90fdf4b5b1ad0690e62a0376d3dd3c11db4f305d7e8b31ad64fada4b945711be
GET /AIDO/vyHb?d=ZW5jZEBHeG53R2YrMG9BWjN0MmRsQzRWQ2hiQVJpdEpYZDgweFk2ZklxYWZyNm56ajhVa01LcDlnVVV2WW41S0tEQ1pTNnpINGNuWXpnaVdybFplZ0dwM1pueE1VdU1qUVFRaDZoWTZvdms0NDVMRnVVT3hzaXc4RGxFNllXaDFSVjhydk9QL1Z4VVM2Z21RRG5VYlo3eEh1MGpvaXBUa1d2K2ZhTjFGb2hCOGs2U1RyaEJ1UWJsTHJBYkU5c0duR3BsRUVLdm5GQ0Frd3VNdzZXSURqTm9HWnlFTnRNUlh4YVdFYmVUTEViaEtOOEhMcUFzdHl6NFBGdERVUEVvdFh4U1NhSTJmZHVESXRBSnZLV2V6SDBiMkdqNVFORUFlUTNLZDJKS2Jka01VPXw1ZmE0ZWQwMGI0MmUzNjY1NDZmZTYyOGU2MTRlMDE2ZjU4OTAzNjJkZWJlMDQyNmI4MzhlYzc1NDNiZDY0NzEzZTYzNzRiMWMzYzY1MjIxMjcwZjYxZDNhMGI3NjAxY2FmYjhjNzdlNjRjOGYxYzRhZWUzNTY1M2UwOTdiNWZkNTk0ZmE1ZTRlMjE3YTY2OWJkMDQ5MmM5ODI2ZGU3MTI3MjBkMWM2MDFmY2YxNDM3OGZkYjUyOGExYTIyOTY5ZmY2OGY4YTcyZDVmOGI1ZmMyZTJhMWM0OWMzM2YwNDVhNzFkYTc2MDdhZDIzNGRkNDI2NjkyNWU2ZTM2N2M1N2Y2NmJlZjY3YjI0YTE5Yjc3NTYzNTk1ZTNjODBjYmRiNGQ2Mzg3MzBmNDZkNDAwNDQ2NmZiMTdmMWE1OWJkM2ZhYThhMjc1NDA2MDFhNDA2ZTk2OGNmODYxODZiY2ZkNzQxZDQxODk2ZTQwYTBjNmFkM2EzNWFmNzRkMDdjY2M3MTNhNzNlYTk4MjUzNjM3OWVkOTU4MzEzNDU3ZDcxNjRlOWY4MWVjYmY1NmI1NGJjZWI0OWU5MzQ3ZjQ3MDAyOGFlNzNhYzg3YWFiNTFmZjM2YWMzNjU5MjEzN2E3M2Q4NmRlMzI1OGE2NDlmNWRhNmFkNjA3OGVhZjI5NjczZjliYXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com&t=jsonp&c=qziasuicychugnom&eu=https%3A%2F%2Fwww--wellsfargo--com--pd49329d48d6c.wsipv6.com%2F HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 90
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Mon, 05 Jun 2023 13:08:49 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=rsP99s1bi2SGAtedJgq9Q68HZA9tqj53XAp%2fZKGCNeQfdJFXj5R2QZoPdJVl7Gu2; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:49 GMT;Httponly; Secure
_abck=F4FD8FFEC42ED6C255382E53B6A8036D~-1~YAAQHk8kF5glY22IAQAAN62siwqrtt/gkD2GaULUVsiM1t84vUtuYPCuBnRfw0PZyFF9ymmVY6d58rdRYV2eXucFGqpO+TpzgXc445sXlau2JPULOhAsUT+imy5xEf3FBdD03MYh++ubxYSSRaiAYNlsix0K6NfH3/LtQ/jxUeZAahscqMRiS/nQBJSd66D+IkvLeB9nPqw6s8CHcnmH6r/PLoeSCpsMXMS+f5vXbX8Qb+G8M2wNHHV1Gq1kLszRRDnk85/aDP4+jd5/BIq1S9oxko1Hlzfaf3RpEYsGko6WpM3u9CLK4MmebeOkOW0lt7bmXz8pufWxiweVwDvZTNh6eOqa0M3Iwv5R57rlpeNSy7C8GHUqhF0ikZ7Bo2OY~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Tue, 04 Jun 2024 13:08:49 GMT; Max-Age=31536000; Secure
bm_sz=281F395E0C1B34E8FF34A6DC8A49EC7A~YAAQHk8kF5klY22IAQAAN62sixTlkV9nnH8mK5FZMuyu0t7m8D3YLT5ZjNdvbw0d5KWZHdkEdV2yvMgEI90x5bwPs3ykI1jXD3/ebZ+zP5I/f41bqNN5cST+LOMZZ638WZb6ffkF/YjwjLzBuG9C4UbvVZe4o5l+bnZ3xKZ4H9rcqajF1hsfYHry8dHxCcRBaYvgLNHVbDdCgnjXmr864UPSowRaPg9MzxJS1CxqenzR7i2XsyY7qj+odNiSO2Vo06rlkjaOHwzH/yz2PO65/klSs9/Nm/oAb5XQ7MEydnaWDenuYaw/~3487286~3749189; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 17:08:49 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/PIDO/pic.js?r=0.004985563752898714
23.36.79.34200 OK 52 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/PIDO/pic.js?r=0.004985563752898714
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash e81cd0341ad1c74c8af265bdc0fb5c7f
e22dfb88441ee7676d5c173e48957ff8e0256e1f
9026f9f7910e3fdbcb68d27ebeaa0688636180bc75174a9ce1b956431c885076
GET /PIDO/pic.js?r=0.004985563752898714 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 52510
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 05 Jun 2023 13:08:49 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=yJWOWeDQoTsgVJnJI%2fYPBHnoEabfQmsJHASeZYxIIevuc3+J5cx9QjP8Ju9GZMTp; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:48 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.38387501084496245
23.36.79.34200 OK 137 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.38387501084496245
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 137 kB (136660 bytes)
Hash 8039233182faa4add64de929f748058c
be6459ffe7ddea160b685318a4879253a1405de4
6dc5d1a3527483e4bd98c34b5893896cc96be8582a8f35be81e74f2e7812f5ab
GET /AIDO/mint.js?dt=login&r=0.38387501084496245 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 136660
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 05 Jun 2023 13:08:49 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=pbliHQLr71ve8saB1l4KT8YgY3aoylsjjmgRMiPz%2fnCy8I1oVA1XPrG8tHMPjRy0; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:48 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
163.171.132.220200 OK 134 B URL POST HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 54674977f4d5e48611a14c12572ea44a
5da00f4eea123481576d40166bfde2f062022e1e
ae9db2cad9c18ec9c763d1eee67a24d60c7b583bb9605b6aed657500cea1c398
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/dip/v1/dip HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
ADRUM: isAjax:true
Content-Length: 2046
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==; utag_main=v_id:01888bac9e2000b1282115f7241805046003700900918$_sn:1$_se:2$_ss:0$_st:1685972327186$ses_id:1685970525729%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQYpVLR%2BiA7F8CmqlxTN%2BoFTZMyC5QiFxXtkuyjltPU%3D%22%2C%22_s%22%3A%22RhtTe79N%22%2C%22c%22%3A%22TGpuVkNNSDNodjRvSTd0Qg%3D%3Dj0yJxV0xHoKWOAjBmsstLI_wI6S2eBsSImoHTe7Ji7Ilrv17K5JhguaJjKVeCPugaiIvJB4hZXzZv0Pr1ulBFwwrUXMm33QJIZc%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C09736444815161764679134850405317704544%7CMCOPTOUT-1685977727s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc; _cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0; _gcl_au=1.1.978480641.1685970528; _ga=GA1.2.800086625.1685970528; _gid=GA1.2.1064855404.1685970528; _gat_gtag_UA_107148943_1=1; ISD_WCM_COOKIE=!3giMurUuLOnWwbAGl7IZxfIs0wroUe5rwFNrPaG0qQImRhXHOm7ALsdqKInW/dbEjiBytHY6dCCML7s=; ADRUM_BTa=R:27|g:0da937f6-1677-4656-86b9-98c02244f724|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:24; LSESSIONID=eyJpIjoiSkdEdUdoZTVZT291dlNScEs4TzhcL2c9PSIsImUiOiJIanU4dHhaZnRzNlhUcWVzMDN5U0p6UTZnblViYUVEdTZxMmVkMGt0SzE2MFJvZHhRYmFtWlZuMnZiUXN5S0JFQnJcLzFQZEpxZ0thSWJySmk2MTdzNnkrMHFOaG1jMUM2SXNNXC91RFZJQ1U2RXRIUjN4Q3k5bGNPYTlNT0g4Z1pcL2h0Zkc3MHJyOXZ0V01sekVvZHY3Smc9PSJ9.8be751b631705469.N2U2YTE1ZWRlNjZjYzc3YmY3ZjRiNTFjZTMwM2U1OWQ2YTU3ODI4OTM5NTI2ZjhjODQzOTRiZjY2ZDFkMGU3ZQ%3D%3D; ndsid=ndsal5gef9ci99liivblvt
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 134
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
X-Akamai-Transformed: 9 206 0 pmb=mTOE,1
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=2xS5EBYytrwA8ACwC1sxDFFeCXCahj4vagDfZxgqjeAolo2cg2eQB4UM1lDY0BC1; Domain=www.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:49 GMT;Httponly; Secure
_abck=9D8E61080FA1A6D2CB18B43452193A0F~-1~YAAQlNAXAk2fNXeIAQAAoa6siwogql/V+6E7IXvyYd7R0mqvaCU2b6umT8YKF2McYslrtxcdqCGYvAx3f8IwrnznOi9D3jqaF5+kCBixqBedeu+fHXPC6J6DmsLs65PrKV6tq0qikSgH/boVGKJrv6wobZNNf0TIQHoDYhTtzKDTGu3fOZY69C6Kyn2gEkYHSWUqGy6OwglWAalIxkxWlrbZnp/uVLFbLsLhn7WbyzMB47BF99V0YMv23JehgL+a2zfIYLgzz5tNo++eOEEFxnGue/wk54woA+ATMvrlUsZznxzJDV6Tiu4nIVseSQrkYZTsSHQf/DEi/O5QlPAVfAP2G0Sqdpr4xfZEQtELSuGV2viLg9YlIKrB0XWVYr69~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Tue, 04 Jun 2024 13:08:49 GMT; Max-Age=31536000; Secure
bm_sz=DAEC4A4AEC0BC1B51684E83B9E2357BF~YAAQlNAXAk6fNXeIAQAAoa6sixR2lcJrwf1clY+Q0jCk8xow26QDVK8siU4uOefan35wuWfKSjS/jjVhpbXM4FHiBvWKg1lvj4UzI2gpBZBTkgNts7Js2mdtbF0Nai+xqhWZ1o0DH5GW3UB+3/xekxxtZ3fxSNKzvqZKbAY/wG8xRBLy9g9R9oEfrl+MhjZRvuYsquXHaWFG8v1KvWtUsroLoR+mWNJeuGuLMHVjaNzWF/RO5CJO+mNZrfJYBxU1FLkQOooZm8vymReCvA7ydHQPm2A/p9XJpaMzQjfH1hZFYhKG39B9~3422264~4403764; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 17:08:49 GMT; Max-Age=14400
X-Via: 1.1 kf175:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde61_kf173_12394-11048
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
54.201.127.203200 OK 265 B URL POST HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP 54.201.127.203:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.eum-appdynamics.com
FingerprintFC:48:9F:81:33:3D:2B:6F:D9:CA:C8:3B:5F:11:C2:DC:DE:71:48:F5
ValidityTue, 14 Jun 2022 00:00:00 GMT - Sat, 15 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash cf640a963b08193482d97423d5aebdb5
266f1edbc0d574e95ab0e608369f870867c34b17
1f979f93d8932e371904e835e3447e965d7cc4d37e25c6ebbc516c86f226d605
POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 12112
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 05 Jun 2023 13:08:49 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:55|g:8f96f78c-d5ff-4db4-bc3e-d3fcd3be871a; Path=/; Expires=Mon, 05-Jun-2023 13:09:19 GMT; Max-Age=30
ADRUM_BTa=R:55|g:8f96f78c-d5ff-4db4-bc3e-d3fcd3be871a|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e; Path=/; Expires=Mon, 05-Jun-2023 13:09:19 GMT; Max-Age=30
SameSite=None; Path=/; Expires=Mon, 05-Jun-2023 13:09:19 GMT; Max-Age=30; Secure
ADRUM_BT1=R:55|i:559461; Path=/; Expires=Mon, 05-Jun-2023 13:09:19 GMT; Max-Age=30
ADRUM_BT1=R:55|i:559461|e:12; Path=/; Expires=Mon, 05-Jun-2023 13:09:19 GMT; Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?x
163.171.132.220200 OK 0 B URL POST HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?x
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/imp/v1.0/report/?x HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
content-type: text/plain;charset=UTF-8
Content-Length: 296
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==; utag_main=v_id:01888bac9e2000b1282115f7241805046003700900918$_sn:1$_se:2$_ss:0$_st:1685972327186$ses_id:1685970525729%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQYpVLR%2BiA7F8CmqlxTN%2BoFTZMyC5QiFxXtkuyjltPU%3D%22%2C%22_s%22%3A%22RhtTe79N1CrPMAP63mQFmX7%2B%22%2C%22c%22%3A%22TGpuVkNNSDNodjRvSTd0Qg%3D%3Dj0yJxV0xHoKWOAjBmsstLI_wI6S2eBsSImoHTe7Ji7Ilrv17K5JhguaJjKVeCPugaiIvJB4hZXzZv0Pr1ulBFwwrUXMm33QJIZc%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AWHefWQAAAAA4COWBAsC0xPjKuj7HI7l%22%2C%22diB%22%3A%22AcqJRvpzfD724TiLeTUSJCk5Kh9nDZLN%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22kdF5Gnwz4wD_8Jpp-ulOFg%3D%3DieejYgcreHwh1cfnDaegsa8n6QrvCWP2Lynhx_xv2tmYlLpcy9o8GA8JzzvFl7ERQyim_wTz5967Nau5I8jpumtJh5UaMlsO5Ar-bCwJ35eTlfJNA8FRIxFGfqljytgwoQ07wYCHNHsLX-OhBpQd3MJOVdVM_D-ytlC4-ZQ_wGQsm_p645rqPN9z%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VeAviW6xmi13sE%2FkE%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C09736444815161764679134850405317704544%7CMCOPTOUT-1685977727s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc; _cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0; _gcl_au=1.1.978480641.1685970528; _ga=GA1.2.800086625.1685970528; _gid=GA1.2.1064855404.1685970528; _gat_gtag_UA_107148943_1=1; ISD_WCM_COOKIE=!3giMurUuLOnWwbAGl7IZxfIs0wroUe5rwFNrPaG0qQImRhXHOm7ALsdqKInW/dbEjiBytHY6dCCML7s=; ADRUM_BTa=R:27|g:0da937f6-1677-4656-86b9-98c02244f724|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:24; LSESSIONID=eyJpIjoiSkdEdUdoZTVZT291dlNScEs4TzhcL2c9PSIsImUiOiJIanU4dHhaZnRzNlhUcWVzMDN5U0p6UTZnblViYUVEdTZxMmVkMGt0SzE2MFJvZHhRYmFtWlZuMnZiUXN5S0JFQnJcLzFQZEpxZ0thSWJySmk2MTdzNnkrMHFOaG1jMUM2SXNNXC91RFZJQ1U2RXRIUjN4Q3k5bGNPYTlNT0g4Z1pcL2h0Zkc3MHJyOXZ0V01sekVvZHY3Smc9PSJ9.8be751b631705469.N2U2YTE1ZWRlNjZjYzc3YmY3ZjRiNTFjZTMwM2U1OWQ2YTU3ODI4OTM5NTI2ZjhjODQzOTRiZjY2ZDFkMGU3ZQ%3D%3D; ndsid=ndsal5gef9ci99liivblvt; _imp_di_pc_=AWHefWQAAAAA4COWBAsC0xPjKuj7HI7l
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:57 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=nqUYEFvPtSEwgiaX3oa9z83IrDYyOyO8RtvzaB9In1ymXZuxxuQryKb3dZOE1lm8; Domain=www.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:57 GMT;Httponly; Secure
_abck=38FEB685801223BC0F063665557CF503~-1~YAAQjtAXAoEU7oqIAQAAVsysiwpAWb0O4yqkoqK1GhHCTLsVeo5O5Yar+qfrJFEd2IaJkcxavzTAgEFNlRtKLq1wpeHy7KJKX4GRjqYLey2wenyqHl4UMPvG3VGGqfbvTeNDAaGRK6rfB3ly6x2/rJJvv0IQvKkzjnsdyt1CGlRkKOYRMfy/F+ZMqHb81oZzD3YD3p044NQpnb+/BQarE9+14O8Z+Inz+Fl3Qe0a7JZiF18eQczQIvk9IgOpIpjW5qBiOlKxWvw54/VrNjdTEfAyytTE5l73AVCGvfMLVuFXUrihCY3YzGm/045NnTuDwlhLz+G1RfPHAQERr1yzeTpKSr4Sl4Z4CWUju2Mo8RNyFh1Ehlld81fa9NQcbprk~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Tue, 04 Jun 2024 13:08:57 GMT; Max-Age=31536000; Secure
bm_sz=02840274C6CCFEDAA15DE86BC1E2A33E~YAAQjtAXAoIU7oqIAQAAVsysixSGEvMl4HJrCdBc4+bXbrVI0V6T7sYhTJF0EiXRAkwti6IT4Sse0p3EIrTRu6Wfm4D6K8P+1qXsBS59WejdEcy9ip6fOh7YPhEsDwUe0Lx9ivL2KC6Ed3AhzzCC8MXL3cFsmLjIMRAmCNmtycKIJL8BV00DEgyMjfMUrf1/fdOz7gyjNcmEbpUCJ9XUPpL04EgsaA4G9fvxRrv5H1uEm+tqJ7Qo72SRwHe7LAbx25CEZm5tnU7UEBBRX81iekwX0w48Ags7Ew1EU9TU/oyKBTqmh809~4468803~3158070; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 17:08:57 GMT; Max-Age=14400
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde69_kf173_12394-11149
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0&_cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc&pid=37f79e20-1427-44e5-8704-18b8ade05c7c&sn=2&cfg=32a3f9ce&pv=2&aid=
23.36.79.9200 OK 163 B URL POST HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0&_cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc&pid=37f79e20-1427-44e5-8704-18b8ade05c7c&sn=2&cfg=32a3f9ce&pv=2&aid=
IP 23.36.79.9:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 177113ca47b56b10aadead12b750b4c9
a5de507708c61a76ebae6840dc0f9952f856b481
117ec03eca923af763a8e81631bc7c8dc19aa715cccf247548b8d62333424edf
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0&_cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc&pid=37f79e20-1427-44e5-8704-18b8ade05c7c&sn=2&cfg=32a3f9ce&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 34063
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=32a3f9ce; _cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0; _cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 163
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Mon, 05 Jun 2023 13:08:58 GMT
Connection: keep-alive
Set-Cookie: ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!BY9EDRMRYGp7PPHpnNE5eVRfS7HzY1AouUQDWZuezCRwTxdQCXMY4EbbIhPISkEJCGsQv2gmo5KK5w==; path=/; Httponly; Secure
DCID=0o+q%2fE8wjZSqf6a4BCme+kqU+gPpOWcEAayN2HJGgW%2fsouBMSbEo6ipr5emUUv4g; Domain=rubicon.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:58 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0&_cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc&pid=37f79e20-1427-44e5-8704-18b8ade05c7c&sn=3&cfg=32a3f9ce&pv=2&aid=
23.36.79.9200 OK 163 B URL POST HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0&_cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc&pid=37f79e20-1427-44e5-8704-18b8ade05c7c&sn=3&cfg=32a3f9ce&pv=2&aid=
IP 23.36.79.9:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 177113ca47b56b10aadead12b750b4c9
a5de507708c61a76ebae6840dc0f9952f856b481
117ec03eca923af763a8e81631bc7c8dc19aa715cccf247548b8d62333424edf
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0&_cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc&pid=37f79e20-1427-44e5-8704-18b8ade05c7c&sn=3&cfg=32a3f9ce&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 54124
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=32a3f9ce; _cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0; _cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 163
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Mon, 05 Jun 2023 13:08:59 GMT
Connection: keep-alive
Set-Cookie: ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!K+G4hauziuNKGeHpnNE5eVRfS7HzYybtqavkl+cvTS77pHPLrMskC1d9bC0tZQC6g/kdfqkk8l15Og==; path=/; Httponly; Secure
DCID=zBfBDFXkK5r4XLQUmtKMmRkafm0HD6+ZpKU6XdMQYCzqtQDbj%2fkmU4TJWK0yC6fs; Domain=rubicon.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:58 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M52
54.201.127.203200 OK 26 B URL GET HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M52
IP 54.201.127.203:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.eum-appdynamics.com
FingerprintFC:48:9F:81:33:3D:2B:6F:D9:CA:C8:3B:5F:11:C2:DC:DE:71:48:F5
ValidityTue, 14 Jun 2022 00:00:00 GMT - Sat, 15 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6a43099d5c8fe991a7aa7ebaca53069d
5bce2f0d57305c58c7b05bfce29ebb39a18f5570
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M52 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 05 Jun 2023 13:08:50 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.a939a86ee26c77766c4a.chunk.js
23.36.79.34200 OK 580 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.a939a86ee26c77766c4a.chunk.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
Size 580 kB (579856 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /accounts/static/7M/accounts/public/js/main.a939a86ee26c77766c4a.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 307653
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-4b1c5"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Mon, 05 Jun 2023 13:08:48 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=LhRgW3+lRuD10ht1eMBYH%2f4PIR0mZ0YBKMcDZRxub+vTkwti5B2Lz39Yk2mnF4Kv; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:47 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--pd49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
163.171.132.220200 OK 265 B URL POST HTTP/1.1 www--wellsfargo--com--pd49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 6086f8a7f6d0695462efa19c2d86499b
3e3ee0c5e1b34c5b865e5827d905c0abcc4d80f8
bc9204ad57542920ea35bcdc8346b05b3fd1d10b9758e8f85e4c05feca5bfa71
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/imp/v1.0/report/?m&fq=load HTTP/1.1
Host: www--wellsfargo--com--pd49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
content-type: text/plain;charset=UTF-8
Content-Length: 648
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!Ix25BESmq3mfuris0q/LsATxthJGHkqj96DLqZdAfFMLvxH6OhWfMKBJHxm+Lk3J0ZWMMpilioSlrg==; utag_main=v_id:01888bac9e2000b1282115f7241805046003700900918$_sn:1$_se:2$_ss:0$_st:1685972327186$ses_id:1685970525729%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQYpVLR%2BiA7F8CmqlxTN%2BoFTZMyC5QiFxXtkuyjltPU%3D%22%2C%22_s%22%3A%22RhtTe79N%22%2C%22c%22%3A%22TGpuVkNNSDNodjRvSTd0Qg%3D%3Dj0yJxV0xHoKWOAjBmsstLI_wI6S2eBsSImoHTe7Ji7Ilrv17K5JhguaJjKVeCPugaiIvJB4hZXzZv0Pr1ulBFwwrUXMm33QJIZc%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AWHefWQAAAAA4COWBAsC0xPjKuj7HI7l%22%2C%22diB%22%3A%22AcqJRvpzfD724TiLeTUSJCk5Kh9nDZLN%22%2C%22_fr%22%3A10000%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C09736444815161764679134850405317704544%7CMCOPTOUT-1685977727s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=8e683b89-3638-4438-8699-5a75f1ef11fc; _cls_s=1e16f489-8c40-4496-8be8-8c1ac016a7cc:0; _gcl_au=1.1.978480641.1685970528; _ga=GA1.2.800086625.1685970528; _gid=GA1.2.1064855404.1685970528; _gat_gtag_UA_107148943_1=1; ISD_WCM_COOKIE=!3giMurUuLOnWwbAGl7IZxfIs0wroUe5rwFNrPaG0qQImRhXHOm7ALsdqKInW/dbEjiBytHY6dCCML7s=; ADRUM_BTa=R:27|g:0da937f6-1677-4656-86b9-98c02244f724|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:24; LSESSIONID=eyJpIjoiSkdEdUdoZTVZT291dlNScEs4TzhcL2c9PSIsImUiOiJIanU4dHhaZnRzNlhUcWVzMDN5U0p6UTZnblViYUVEdTZxMmVkMGt0SzE2MFJvZHhRYmFtWlZuMnZiUXN5S0JFQnJcLzFQZEpxZ0thSWJySmk2MTdzNnkrMHFOaG1jMUM2SXNNXC91RFZJQ1U2RXRIUjN4Q3k5bGNPYTlNT0g4Z1pcL2h0Zkc3MHJyOXZ0V01sekVvZHY3Smc9PSJ9.8be751b631705469.N2U2YTE1ZWRlNjZjYzc3YmY3ZjRiNTFjZTMwM2U1OWQ2YTU3ODI4OTM5NTI2ZjhjODQzOTRiZjY2ZDFkMGU3ZQ%3D%3D; ndsid=ndsal5gef9ci99liivblvt; _imp_di_pc_=AWHefWQAAAAA4COWBAsC0xPjKuj7HI7l
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 13:08:50 GMT
Content-Type: text/plain
Content-Length: 265
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=6XOlU3fvgo43L3nui6ITDnI73MopKofIVW7UvAm2HOWJf7vtncLW%2fEhJFX3NiTJa; Domain=www.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:50 GMT;Httponly; Secure
_abck=E71C632353C4AB3E9351043D1608E000~-1~YAAQjtAXArMS7oqIAQAAybGsiwraZtzs2jvE2Ex3hD/cstDVpOtClL0Ddqj/Brqp2DA86CoFUgagYOHGwy5GrCuil7MUTfBTY4QZYOQlFya+Fy36CM+SowjJDEphN60mOGzPR9iJb+W55hs/hoDraAm1aNBjMPS0tw9oEXerrp90TsXg9QS4H3Dxoh2ME9NQ3hCltdfK/yAuZ6J07G9gXP+9uXbs1VQNo/tuqzz2kWyuw4vb1b1IadvRV/LpFl9y2PeiPARz5ML4PqHs+Zi8wq9e0Iy/MiR9pk8gTcmDQaEfOELcy4Ygk2l1OB3NWNcU+5tW8sqYN4wuXkokCCl95JnEmAWuKdMU6Q3V4dGAq7fJaCXgZKELeA280KJ4O/VX~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Tue, 04 Jun 2024 13:08:50 GMT; Max-Age=31536000; Secure
bm_sz=902B5B9C4CF4B75B8584715F854F6A3F~YAAQjtAXArQS7oqIAQAAybGsixRNqAT/Y6SM3qH1km/I7+mnQ0tIK19F4VI0YejbYFaPfIxIlT1DRXh972i+3ItXQx79oE7AV6WzJUOYUoZ1Q1vtMEvI+6EaN4npy9/klrOXd0gVMotamvMlr9JBVBIi8Ip6aRBidxl8KEB6XXdre/0CjUwmyzWGSO8KAj24qxxZJ1HTDFGfLQOvcKAP6bhI4K+voVnpqJ/5XCFnA3BAHeK5VrpYUk6ffTgQ+mLqO0Ot9ViDRIcLK+wgkOOQFpXAzFAHBl6iyy7xIUGr4nTK+JK6vyvI~3617078~4604470; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 17:08:50 GMT; Max-Age=14400
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647dde62_kf173_12394-11059
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.e50d6f2958b549874d2c.chunk.js
23.36.79.34200 OK 534 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.e50d6f2958b549874d2c.chunk.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
Size 534 kB (534008 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /accounts/static/7M/accounts/public/js/vendor.e50d6f2958b549874d2c.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 366646
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-59836"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Mon, 05 Jun 2023 13:08:48 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=owuiJ7LezhkBGOBQ8jDIYbGUxCTqiSm9Q%2fn%2fiH8HFQWuBGPVAdoD8Qw52sq6TCCO; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:48 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.77e559b79db575fffbe9.chunk.js
23.36.79.34200 OK 539 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.77e559b79db575fffbe9.chunk.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
Size 539 kB (538739 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /accounts/static/7M/accounts/public/js/wfui.77e559b79db575fffbe9.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 331228
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-50ddc"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Mon, 05 Jun 2023 13:08:49 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=1WG67o3odIE5ITkppfQyjE%2fdRkAOd43Nlr1ep1DOterL4GTj8UdTUuxYNX7C4TMh; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Mon, 05 Jun 2023 13:23:48 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
54.201.127.203200 OK 26 B URL GET HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
IP 54.201.127.203:443
Requested by https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.eum-appdynamics.com
FingerprintFC:48:9F:81:33:3D:2B:6F:D9:CA:C8:3B:5F:11:C2:DC:DE:71:48:F5
ValidityTue, 14 Jun 2022 00:00:00 GMT - Sat, 15 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6a43099d5c8fe991a7aa7ebaca53069d
5bce2f0d57305c58c7b05bfce29ebb39a18f5570
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--pd49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 05 Jun 2023 13:08:50 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2