ocsp.dcocsp.cn/
47.246.44.230 471 B IP 47.246.44.230:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 3d25d4accc054841904c210030f2765b
5586a01c7f26c3f1b55ffe41fe5ae219492a5334
733dd1e500076a819ae487f05161dd050d436d49a72c1d11e5c58760ef008bcf
POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Fri, 02 Jun 2023 10:49:47 GMT
Ali-Swift-Global-Savetime: 1685702987
Via: cache21.l2de2[0,0,200-0,H], cache15.l2de2[1,0], cache3.se1[21,21,200-0,M], cache3.se1[24,0]
Age: 83
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Fri, 02 Jun 2023 10:51:10 GMT
X-Swift-CacheTime: 3517
Timing-Allow-Origin: *
EagleId: 2ff62c9716857030706121539e
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
163.171.132.220200 OK 19 kB URL User Request GET HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (731), with CRLF line terminators
Hash 1e6eb4e915c02ca6a0eb980f57da0ef8
4cbec623ed193cc13849571ce8d458146a26c62c
642d208fe6ce31965401d17f39c28ef5d939ba30595565b44692d90033c788d4
Analyzer Verdict Alert openphish Wells Fargo & Company
GET / HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:10 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 18842
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; prefetch-src 'self' *.wellsfargo.com *.wellsfargomedia.com; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://resources.digital-cloud-prem.medallia.com https://www.knotch-cdn.com https://www.units.knotch.it https://*.knotch.it/; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.ads.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://www.linkedin.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://*.mworld.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://www.units.knotch.it; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-678793cc-9ffc-459f-87fd-9a2373e5233a' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.ads.linkedin.com https://www.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Language: en-US
X-Akamai-Transformed: 9 18774 0 pmb=mTOE,1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:46ba740e-aa31-4425-ad8f-3cf2a89b3f26; Expires=Fri, 02 Jun 2023 10:51:40 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:0|g:46ba740e-aa31-4425-ad8f-3cf2a89b3f26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 10:51:40 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 10:51:40 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894; Expires=Fri, 02 Jun 2023 10:51:40 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:81; Expires=Fri, 02 Jun 2023 10:51:40 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=11202306020351101857735143; domain=.wellsfargo.com; path=/; expires=30 May 2033 10:51:10 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=; path=/; Httponly; Secure
DCID=acRM+QCOmrDsAfV0gEyuFtw3iOc8lcZKLVpk2mZhtPI%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:10 GMT;Httponly; Secure
_abck=0E96B4C0A95BDB6FCAAA17B2C9026581~-1~YAAQ4KDVF6YLuXiIAQAA4JS7ewkK84EVsIsZP/tWvrcUbvVWjQi9UnNB2JZNFn2kHUOdM/wG48zrnmfw4+ZB/Qn+0xQRz9FRd7g2fSMxq6kpROMkIgsjHkz4GrAu0BwqOvD0d7CmvMoFVRQ6XZfbpk7bF1SHtRfaUd56P2vBQRvnYh+P0apZEWdjllehUVv+iHAVbbTOt3K+oNQOFYHQS9gVQaNBSHbtjvrYazR2CnNguj0BVoDaEIvian7Llu7+MCm6x6Xc0H99vS3gFnGEKQIsvd+i/aScR+p8sjC5URQejFcW5l6Nz/6/d9XXABgrP62zt16ZZy+65jJ4mfQN0OK93CVDzBJC0S4OM9yyRul3EkPbRoq0IoQttJ41reGt~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:51:10 GMT; Max-Age=31536000; Secure
bm_sz=E99C5FA5156F3C418F7AC61EADEE3BA2~YAAQ4KDVF6cLuXiIAQAA4JS7exP9+Zu5OClSvN33xfZ0i1wpsyBu/Yc2ZE9wF7qyS0yVtZKDaLRnfyXMm1ikUsuxlY9PwUP940aiEUU1+XvmCfnN4iixiLbNeHFZfH2yJhjTDPgNshrkQu4MoEFy3DBMgirNSP8RK+e2PpHbPpzeSgAVyGTH3wPcwL7lgd9fohYs/NqKTXhFB8b/wXIT75oyY9c5SJ3VinzG1v7xMg2TJhJSPuZhI7W0+Gp+83eFX6nHpJ0fm8sM5NXxwYHGwPpAkMNcwwiTWP1Zq/WmtfAh5WGFsnul~3687216~4276791; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:51:10 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c99e_kf182_8136-9749
static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
23.36.79.26200 OK 901 B URL GET HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
IP 23.36.79.26:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (1952), with no line terminators
Hash e7cf4c458b327ab7ed31e0936ccd404f
970bf05073f91ad6b8f21521f7c9886f71f2af1d
52b687a685d2239142be0db5335c5710951ba8c2b39a44431a40f156b4d9312d
GET /assets/js/wfui/appdynamics/appdEUMConfig.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 20 Jan 2022 02:38:25 GMT
Vary: Accept-Encoding
ETag: W/"61e8cb21-7a0"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 901
Date: Fri, 02 Jun 2023 10:51:11 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Hg1R3mGxONMHTK6CUWWeqQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www17.wellsfargomedia.com/assets/images/rwd/choice-privileges-card-79x50.png
104.110.27.78200 OK 1.4 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/choice-privileges-card-79x50.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 723ea3757b670b62e78a271262f7a226
0eaa5d0a1bde4446a39f3d9c60a2719581c38837
ce9903039a68a570fa3787c621e9ea79efd40f4b24afd194c4025d085d48abed
GET /assets/images/rwd/choice-privileges-card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "64396a1c-1f52"
last-modified: Thu, 20 Apr 2023 01:30:29 GMT
server: Akamai Image Manager
content-length: 1441
content-type: image/avif
cache-control: private, no-transform, max-age=1175804
expires: Fri, 16 Jun 2023 01:27:55 GMT
date: Fri, 02 Jun 2023 10:51:11 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
104.110.27.78200 OK 1.7 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash c939da49d435a33b6da79639dd7b449e
b5c908f157d240c4b78f1e7a6c0808aa898c9c23
60088561eb43fca42fc2f9c996af43347355642872eabfa97a943d2f28ee474d
GET /assets/images/rwd/wf_logo_220x23.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61bcfcce-10c2"
last-modified: Thu, 20 Apr 2023 01:30:26 GMT
server: Akamai Image Manager
x-serial: 853
x-check-cacheable: YES
content-length: 1712
content-type: image/webp
cache-control: private, no-transform, max-age=1175833
expires: Fri, 16 Jun 2023 01:28:24 GMT
date: Fri, 02 Jun 2023 10:51:11 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
104.110.27.78200 OK 26 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 1f8dadb2c78b667abbb3e1869fb823fd
7ac507de2102b9198b6590d339ed4ebbe5a4db27
c19b0b9b383a1efa5a50fe1c6e48fa46e03512e47666e17cfab1c7bb77c182ef
GET /assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "62057fd1-14ef3"
last-modified: Thu, 20 Apr 2023 01:31:58 GMT
server: Akamai Image Manager
x-serial: 1294
x-check-cacheable: YES
content-length: 25648
content-type: image/avif
cache-control: private, no-transform, max-age=1175993
expires: Fri, 16 Jun 2023 01:31:04 GMT
date: Fri, 02 Jun 2023 10:51:11 GMT
X-Firefox-Spdy: h2
static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
23.36.79.26200 OK 16 kB URL GET HTTP/1.1 static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
IP 23.36.79.26:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (45298)
Hash 308e427d5e59a148900bf524ecd5829a
73baa209d84f2d15c88606b28280d2121efd878c
c15cbdeb4d6f20c36afa165203fc74d9ee00c6d77954971b0e1ba2e5ec222b07
GET /assets/js/wfui/container/wfui-container-bottom.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 07 Mar 2023 21:05:06 GMT
Vary: Accept-Encoding
ETag: W/"6407a702-b125"
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15731
Date: Fri, 02 Jun 2023 10:51:11 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=v43jrrT+8d+kHh4bB5xlvA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
163.171.132.220200 OK 19 kB URL GET HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (33363), with NEL line terminators
Hash 1f9ca16f9fc2bfd6185aa57f8e9e1996
9a32e9cd41b9f7e4ebf0cb2364a333414f1f3e52
f1f5d2d31133a2c5bd964ef6422e45e1d1c5741d98b605d6a2cbf7257092d1ab
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /ui/javascript/homepage-ui/homepage_iaoffer.js HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:46ba740e-aa31-4425-ad8f-3cf2a89b3f26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:81; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:11 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 19159
Connection: keep-alive
Expires: Fri, 02 Jun 2023 00:11:49 GMT
Last-Modified: Tue, 18 Apr 2023 15:19:30 GMT
ETag: W/"643eb502-e805"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Age: 1
X-Via: 1.1 VM-CDG-01hzl162:0 (Cdn Cache Server V2.0), 1.1 kf175:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c99f_kf182_8107-15732
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
163.171.132.220200 OK 24 kB URL GET HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash faeacce8b6ad342cd86a6a8d5e4b52c7
818f0301128768ed137adc0a80759721b57027c8
befa04abc1ca69b01f6d8b97af7399611e49e69b541bf33554ab37f5b6b776c7
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /ui/css/homepage-ui/ps-homepage.css HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:46ba740e-aa31-4425-ad8f-3cf2a89b3f26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:81; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:11 GMT
Content-Type: text/css
Content-Length: 23837
Connection: keep-alive
Expires: Fri, 02 Jun 2023 00:11:49 GMT
Last-Modified: Tue, 18 Apr 2023 15:19:30 GMT
ETag: "643eb502-2a973"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Age: 1
X-Via: 1.1 VM-CDG-01hzl162:2 (Cdn Cache Server V2.0), 1.1 kf182:9 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c99f_kf182_7807-26473
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
163.171.132.220200 OK 58 kB URL GET HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65500), with no line terminators
Hash 817137481b98432168705ff99aa7ca57
9049c9adaa1e735f5e8c1b17f72a88f8fad3994c
884b8a0cdadbb630b742a414622856e833532ecf5eb3ba87b6066bceb521f086
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /ui/javascript/homepage-ui/ps-homepage.js HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:46ba740e-aa31-4425-ad8f-3cf2a89b3f26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:81; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:11 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 58231
Connection: keep-alive
Expires: Fri, 02 Jun 2023 00:11:50 GMT
Last-Modified: Tue, 18 Apr 2023 15:19:30 GMT
ETag: "643eb502-2c686"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Age: 1
X-Via: 1.1 VM-CDG-01cV0174:4 (Cdn Cache Server V2.0), 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c99f_kf182_8107-15733
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
163.171.132.220200 OK 4.3 kB URL GET HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type ASCII text, with very long lines (9269)
Hash 146b9919f2f719b1295784c6e2e93aff
33915df77b9c505bfc7a5de95b70373a3d473e1a
7f0dd14dcdfe3f024760358f7241e23f501250fb312c49cc7886582dad45774f
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /auth/login/static/js/general_alt.js?single HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:46ba740e-aa31-4425-ad8f-3cf2a89b3f26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:81; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:11 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 4280
Connection: keep-alive
Content-Encoding: gzip
Expires: Fri, 02 Jun 2023 10:51:11 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A1CWu3uIAQAAbKJ2Rf1ukfTJa0vOQzXoPwDoyAJviRIfxGjdS5KFeLr5ddeeAaOrhK-cuNk0wH8AADQwAAAAAA|1|0|42bd76257206c3e8afaca5d65627407212d38dfc; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=SpWhs288AWAaJaMG2GHG67V%2fUGabQXvFYwi2L2YCx%2f+Mw4RbvjDaaOAvEZmjtDFd; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:11 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c99f_kf182_8136-9755
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
163.171.132.220201 Created 77 kB URL POST HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
Hash 3b2227177307401f0ad66f16a01dfd5e
098aee523bc90b9abd2658dc3cad2b8d984c148c
f9fce767b48efa5ba940f180d7210d6f9d5c1569743951fb756e574c8e8ce86e
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34 HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:46ba740e-aa31-4425-ad8f-3cf2a89b3f26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:81; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:11 GMT
Content-Type: application/javascript
Content-Length: 76583
Connection: keep-alive
Stored-Attribute-Sha-Checksum: f9fce767b48efa5ba940f180d7210d6f9d5c1569743951fb756e574c8e8ce86e
Last-Modified: Wed, 26 Apr 2023 15:12:23 GMT
ETag: "5b8f9de7319f5214c46d203ee7c78f9bf749d0b7eaa059e3b1056741a3d903ac"
Content-Encoding: gzip
Cache-Control: max-age=21600
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=a8wLGwN8RTV63VPNfu7dyQ%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=FF2F103A2CA13085B841C9751CDE618E~-1~YAAQ4KDVF7ALuXiIAQAAhpa7ewklI5sRm0FBO+VoB/XxgagMZtBIgnKD5uPfj4YC5yLqCphkki47OW4ulJM2jvJ57cGSAqvhDBPmmQcZyeoLFdUB5y+9Ywg7hBo0COJy47r/aybsKJ8smuRbLpPSeijJaveF1poESP4slOtOA4qtjxWfcoucEOHRsa41thNX2FUCzOjEpt98XSDKd33e1Wj6g6cWqa4FdRi+SvIR1ECnB5DiPXl9WB2qB8ZfZYNfH5n8Av/NAXZE8m+H4IG9zu7iRj+HQ5PSWp81hUu313YHxRZZGXpcoClyF/J/SSpqw2HbuUPWMkPHYL9eV2U9iX9BKSr13FTBv27HwvaTQIDf45RRKtr7xA+alQDH2G6L~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:51:11 GMT; Max-Age=31536000; Secure
bm_sz=3ED914B568200AE351BD841470EA0DB7~YAAQ4KDVF7ELuXiIAQAAhpa7exMUy+5bePpj53SOlLOfqV203AXNR24TNOlubMFIpI44FHJYgqLj9UFEmk0aCfzLXAx5G/jH2hXLoZxurSEYaSEXcWI4lFGf8q9juRTJaTsAMy9GKZRuDOmnZImcsBz7CNf6il7uOJO8cr8g1/wfX3JoVbeNVwu/FGLy1QRkncBMQmxGcl8OD5nuB1Hael7V1b5KWK44yLFAUF57lF+I4tEpBk8xSLzU/M0TW2ERGyCxLSfcEpVMdILKUixRk5rfEjJuKzi9+6nlj3oREozJW73xWlmv~3556400~4534853; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:51:11 GMT; Max-Age=14400
X-Via: 1.1 kf182:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c99f_kf182_8210-11079
www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
104.110.27.78200 OK 49 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type PNG image data, 1187 x 406, 8-bit colormap, non-interlaced\012- data
Hash 4576998e5446061faba47c4c609823e0
3beff60a8beab6ef65403e7bc02f996509c737a2
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39
GET /assets/images/sprite/responsive-sprite-v7.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 48569
last-modified: Thu, 21 Jul 2022 20:05:23 GMT
etag: "62d9b183-bdb9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=6457602
expires: Wed, 16 Aug 2023 04:37:53 GMT
date: Fri, 02 Jun 2023 10:51:11 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
104.110.27.78200 OK 22 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Hash 0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=13995353
expires: Sat, 11 Nov 2023 10:27:04 GMT
date: Fri, 02 Jun 2023 10:51:11 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
104.110.27.78200 OK 23 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Hash 83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
GET /assets/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5848"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=13995353
expires: Sat, 11 Nov 2023 10:27:04 GMT
date: Fri, 02 Jun 2023 10:51:11 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
104.110.27.78200 OK 22 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Hash f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704
GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=13842180
expires: Thu, 09 Nov 2023 15:54:11 GMT
date: Fri, 02 Jun 2023 10:51:11 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
104.110.27.78200 OK 22 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107\012- data
Hash 1a2740c8df445989e4ee5f5396b6474c
a3f8545619fdd5b2a481952cd9e2c7b169bb43a6
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc
GET /assets/fonts/wellsfargosans-lt.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 21636
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5484"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=13995320
expires: Sat, 11 Nov 2023 10:26:31 GMT
date: Fri, 02 Jun 2023 10:51:11 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
c1.wfinterface.com/tracking/hp/utag.js
23.36.79.32200 OK 55 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/hp/utag.js
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (14989)
Hash 9c21270445d8d24ac6f6cd64ba2d2b87
9b6efc3ccfdefe0993369d64c73d1adb15420700
d0a902bf3de91f273513b56ce62fff64de0a89e4c8e05446546c99ab4a1910b9
GET /tracking/hp/utag.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 28 Mar 2023 20:08:18 GMT
Vary: Accept-Encoding
ETag: W/"64234932-31f01"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 54703
Date: Fri, 02 Jun 2023 10:51:11 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=hqByPmUYxI25j1zTBxbRNg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/target/offers/conversations
163.171.132.220200 OK 2.0 kB URL POST HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/target/offers/conversations
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (10399), with no line terminators
Hash ad0a98d8269e2911daee59fd9201f399
8de751c7ba4d0ee606bc7f026b2f775a892378a1
9eff8704e0f31b599e5b8ed5a5864e56e35c166e2c19b647faa2a788d3bbe6e8
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /target/offers/conversations HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 105
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:46ba740e-aa31-4425-ad8f-3cf2a89b3f26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:81; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:11 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 2002
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; prefetch-src 'self' *.wellsfargo.com *.wellsfargomedia.com; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://resources.digital-cloud-prem.medallia.com https://www.knotch-cdn.com https://www.units.knotch.it https://*.knotch.it/; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.ads.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://www.linkedin.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://*.mworld.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://www.units.knotch.it; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-e82d51e2-1f08-41ea-8ba5-ec21608801f9' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.ads.linkedin.com https://www.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:46ba740e-aa31-4425-ad8f-3cf2a89b3f26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:81; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be; Expires=Fri, 02 Jun 2023 10:51:41 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 10:51:41 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 10:51:41 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893; Expires=Fri, 02 Jun 2023 10:51:41 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:154; Expires=Fri, 02 Jun 2023 10:51:41 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=1120230602035111819708042; domain=.wellsfargo.com; path=/; expires=30 May 2033 10:51:11 GMT; secure=true; SameSite=Lax; HttpOnly
wcmcookiehp=5B735AE7EFFAE079D3586F4C7481AF8E; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
DCID=oxfE8ZQSEudXoo2fg6qbwlBJoZAh%2fVDwEVsYBtJwGT0%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:11 GMT;Httponly; Secure
_abck=076B33E361FD1E1C7F753A74900C3556~-1~YAAQ4KDVF7ULuXiIAQAASpi7ewk4w7xKR0Ug0BQoThHIhPVyV+WlemRQZ34RGWxR61jzsMYGoZmfDq0XEwPFnUdBVJM0ATRVMatR5W210Au3dN1TL4RPuhPOyvQGhsbGxGb1ONqzdiMi44rtong6dFr28ny0EtXq6rG8jwdmtbqAGYoVEgwd4oWK4LC+q0T9iWXML1Es6iqxeDoSS41n4qRnFvpVq5iBydKKlzJ5rFdYP7grc0SST3jHdfsIzP7qma47xKMfvrjR3PZqqdWA9ZlAcLJksfXEkbwJvx5sJdTI6X1Yp0XWvAPJjDBB18u+n4M8hJad3Ux6I5qtVJPb9WvvQiaO80X8vy6rBJhTDjWh1M/Bpc+IQ/YD9c88BkCy~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:51:11 GMT; Max-Age=31536000; Secure
bm_sz=0CBBE8DC6CDD9379431729A87B441C68~YAAQ4KDVF7YLuXiIAQAASpi7exOcdosWPJnBoi/w+BA0AziDj74orD5PQlFrywcU17Ch0GcKWtjK9IPDNIZkHsl4CShugFW4Gy2vfV/eX3IId3ZqY37DAl7qxSqiqHZ/VSBk8y6CFevrpBwngbZKT/Uk2pMfRPGONHq94alB7Bzz42ksucDdSiZopXgOVwqBRW+AbZKqHpGpqpDnY4T2BzbiNyxtFTr56umRM0fjJmZGs6ajyLE6Zbeo8kDTByf0+B2LiAhubN47nnrp02h9qHvO5/sQQpocEi38004LSu7AxDVgv8hl~3556400~4534853; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:51:11 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf173:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c99f_kf182_7807-26479
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AEAwqHuIAQAAcaXr_d_vZAqd6U6wYIOZE9SWMp0CQxrf5UpHPNqNMc_OCcdN&X-G2Q3kxs3--z=q
163.171.132.220200 OK 148 kB URL GET HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AEAwqHuIAQAAcaXr_d_vZAqd6U6wYIOZE9SWMp0CQxrf5UpHPNqNMc_OCcdN&X-G2Q3kxs3--z=q
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 148 kB (148158 bytes)
Hash cd6519c5926ec088a853be34f3f64d57
a86a168ef75aaf1d7c8944841687aee1b72b71f9
06a941104ae1feecec4b03360d3f0f4700940c6aaec877bd549021db5e409a13
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /auth/login/static/js/general_alt.js?async&seed=AEAwqHuIAQAAcaXr_d_vZAqd6U6wYIOZE9SWMp0CQxrf5UpHPNqNMc_OCcdN&X-G2Q3kxs3--z=q HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:46ba740e-aa31-4425-ad8f-3cf2a89b3f26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:81; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:11 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Fri, 02 Jun 2023 10:51:11 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A7CXu3uIAQAAqjPqfGtGzmkuMKTJjHoBMtmJ3m7vwlzoFA2-vzF7AuctUZMJAaOrhK-cuNk0wH8AADQwAAAAAA|1|0|d1315f5d2f9c1bb28f28ae59aa4f90efc352dba3; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=yHeOQ4TT4BXMrpX8WM5PGPFzv%2f9hgzQTv4XfWbGYyvs%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:11 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c99f_kf182_8210-11083
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
163.171.132.220200 OK 313 kB URL GET HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type ASCII text, with very long lines (65357)
Size 313 kB (313270 bytes)
Hash 86b0428bd52fbfeaf6fc736f21b79f1e
357a952f524df35ccf680ecc30ed8764444266bb
fe4623c9de643567800b8518f0a5163d4d6d634f87d93ab792b221834592d5ab
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /auth/login/static/js/general_alt.js?1js HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:46ba740e-aa31-4425-ad8f-3cf2a89b3f26|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:81; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:11 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Fri, 02 Jun 2023 10:51:11 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: DCID=%2f5ZRYaZAMIig7GHRWi4qhZ3smgDPr9QEfsO1Lkc30UywA715liC33QxHkmS%2f96ST; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:11 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c99f_kf182_8107-15736
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
163.171.132.220201 Created 18 B URL POST HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
POST /DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34 HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2612
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=; ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:154
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 201 Created
Date: Fri, 02 Jun 2023 10:51:11 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=5KAo17zad9wIeqOCfLrvGg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=5KAo17zad9wIeqOCfLrvGg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=DBD005584CCFD783BDEE391B7D505A35~-1~YAAQ4KDVF7gLuXiIAQAAxZi7ewldM1X+h+QqnSNQaoiLw8GEICavwhKnVYPItMujiQe7jsz78Fl92f1xaBmF91Mk/m8YoI3xc1x2oG4z/qR/WiQX132mi/KCPlkYEnM1z+fTTOk+JgfJ7gM6Y9BT5/YyHH42WneZnE21TpuCzPqAf27aODdwp6IN1475GcIQ72oUjt2Gbp9xJ8KxxVFmjyPrCy5rBjvMQTtK5tu0nJhxBVFFuLka54wTKljNGMZodjeVXuzjKBBEopXHa7q27x/pPSd88fbgEOUlj6O5U1oEQq3T472nQ+p6UWeOG425rq58MMv4NUr3IPttFiS651u36BlkMvslJ8Na/g05PyeGzwKCHSZrNwyAfs1TdBVP~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:51:11 GMT; Max-Age=31536000; Secure
bm_sz=EA8348591BC15B472A32AF63F0E49463~YAAQ4KDVF7kLuXiIAQAAxZi7exNiESF86+FMAYj7zuQcJAA7n9u/G+3LMVzvivH2ceHfpRB+ZzQJCDZjl+5Xf5Mfwbnc+ehpmwafR0GBqK81w25CY8ucEA1ewPgW8qeEovTUZt0VFC7MEPzCTHaEYVUimPyh1Bmgf45aB4trXON93wTzM1EJ6uqZFlWYRXsVF7BwfODuI3eSGWadm0UUD3u479CY2d88x2CjXhg/1LKXHyRBxvs7kWEIzQVL2xFPWf906YmZ9KsKZTX5q3Gd73B+wIxBt3M+djHzwvEt5mxfnb6sAwEF~3556400~4534853; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:51:11 GMT; Max-Age=14400
X-Via: 1.1 kf182:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c99f_kf182_7807-26500
www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
104.110.27.78200 OK 964 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 7f9f34586bf809f8eb21ceb6b46045d7
90691768aff809a00ce2b33df7e37e34dcdbcbe0
dca86ff9007564cbcb0515ec84dfc727fd8648005a8f12eb0bf5a3278431d6e0
GET /assets/images/icons/icon-hires_192x192.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6116f9a6-dcf"
last-modified: Thu, 20 Apr 2023 01:32:50 GMT
server: Akamai Image Manager
content-length: 964
content-type: image/avif
cache-control: private, no-transform, max-age=1175980
expires: Fri, 16 Jun 2023 01:30:51 GMT
date: Fri, 02 Jun 2023 10:51:11 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
104.110.27.78200 OK 9.2 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash cd112f1acb59ef6e59e09c0effd8ce2a
bc104cd92adc32a8f695300d2b0cc69c2776f6af
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c
GET /assets/images/icons/ico/favicon.ico HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/x-icon
content-length: 9198
last-modified: Fri, 17 Dec 2021 21:10:38 GMT
etag: "61bcfcce-23ee"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=9682
expires: Fri, 02 Jun 2023 13:32:33 GMT
date: Fri, 02 Jun 2023 10:51:11 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_hppb_savings_1700x700.jpg
104.110.27.78200 OK 1.3 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_hppb_savings_1700x700.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 9a1eae7d2190524a3314d76363aaeeff
f3ac6dec3572f491f1d5b914974858bfe9751566
4774cc6c28fbd2c229c3460b3669b7348db73d3477407e4e82112ad3f037cb6f
GET /assets/images/contextual/responsive/hpprimary/wfi_ph_hppb_savings_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6453c9c0-5f1d"
last-modified: Tue, 16 May 2023 13:47:10 GMT
server: Akamai Image Manager
content-length: 1344
content-type: image/avif
cache-control: private, no-transform, max-age=1133851
expires: Thu, 15 Jun 2023 13:48:43 GMT
date: Fri, 02 Jun 2023 10:51:12 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_900217040_616x353.jpg
104.110.27.78200 OK 24 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_900217040_616x353.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 87b3f9d652a18e74ea8ef53a99b251d6
8773c9b3a11fb9247039d731888724ccfb74bb5d
86e522c61649a3fd7b76ea8d8304d88fa1b86d029a349c64a2e4ee3683d019c4
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_900217040_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63cb7c49-e902"
last-modified: Thu, 20 Apr 2023 01:30:31 GMT
server: Akamai Image Manager
content-length: 23508
content-type: image/avif
cache-control: private, no-transform, max-age=1175916
expires: Fri, 16 Jun 2023 01:29:48 GMT
date: Fri, 02 Jun 2023 10:51:12 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1345111232_616x353.jpg
104.110.27.78200 OK 13 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1345111232_616x353.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 7d601c2b059838fc333feb0e3e020fe1
f57bc430ce2a2b0c146e8d573569367c6bf75bc3
dd412907ae375cbc6e9882290356cf22bc0c669ae33f831039e3b22168117810
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1345111232_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63cb7c53-e73f"
last-modified: Thu, 20 Apr 2023 01:30:29 GMT
server: Akamai Image Manager
content-length: 13330
content-type: image/avif
cache-control: private, no-transform, max-age=1175895
expires: Fri, 16 Jun 2023 01:29:27 GMT
date: Fri, 02 Jun 2023 10:51:12 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_cash-stack_color-gradient_64x64.png
104.110.27.78200 OK 1.1 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_cash-stack_color-gradient_64x64.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 1be95b0b232926a8f3015e422dc7d26a
9d9c8a27b6a0a5fceaf3a36da19296e9822b4b2f
8351da32a7b86365880337290fee8d5d3c3bf9f6b0bdc7ae8c8991930c63dbae
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_cash-stack_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63617b6e-da1"
last-modified: Thu, 20 Apr 2023 01:30:33 GMT
server: Akamai Image Manager
content-length: 1083
content-type: image/avif
cache-control: private, no-transform, max-age=1175972
expires: Fri, 16 Jun 2023 01:30:44 GMT
date: Fri, 02 Jun 2023 10:51:12 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1305630454_616x353.jpg
104.110.27.78200 OK 18 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1305630454_616x353.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 4d74f6d202bf00523871f6380d9da158
511af47b1ce2a77f5c27cf3addfd80f289bb76ba
8932b18f9d89396f9292d507904d01306b97c8ae75165c93005b04aa7d9853ce
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1305630454_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "635162e8-d177"
last-modified: Thu, 20 Apr 2023 01:30:30 GMT
server: Akamai Image Manager
content-length: 18075
content-type: image/avif
cache-control: private, no-transform, max-age=1176016
expires: Fri, 16 Jun 2023 01:31:28 GMT
date: Fri, 02 Jun 2023 10:51:12 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
104.110.27.78200 OK 1.1 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 89a0759ff4f79071f11a1f90bffd9337
2d734cb1eda293788a673c1fae36b2c1d7e92bae
2223c16db671322ea90112c50128563ee80413e33769d718bd92b99da094712c
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "633eedd3-e69"
last-modified: Thu, 20 Apr 2023 01:30:30 GMT
server: Akamai Image Manager
content-length: 1131
content-type: image/avif
cache-control: private, no-transform, max-age=1175896
expires: Fri, 16 Jun 2023 01:29:28 GMT
date: Fri, 02 Jun 2023 10:51:12 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
104.110.27.78200 OK 562 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2bcde1c3190b4af34b91259d18dcc641
3e6b6735a8876b4a326648142fab032a8bc57999
de658330c0f53de61d10240f572508c31ee9db580f34b856430724f2e499104c
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63cb7c4d-769"
last-modified: Thu, 20 Apr 2023 01:30:29 GMT
server: Akamai Image Manager
content-length: 562
content-type: image/webp
cache-control: private, no-transform, max-age=1175854
expires: Fri, 16 Jun 2023 01:28:46 GMT
date: Fri, 02 Jun 2023 10:51:12 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_o_enjoysp300_1600x700.jpg
104.110.27.78200 OK 2.3 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_o_enjoysp300_1600x700.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 3ce78d6dc48322da6961f79a42940dab
528dce02a84b67925d3e41632eaa418f0de7ad23
a137906477e02c4e3a756f805d90072a0c2e5c0d50290f0932de573ab29de76f
GET /assets/images/contextual/responsive/lpromo/wfi_ph_o_enjoysp300_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "641a0e62-1da30"
last-modified: Thu, 20 Apr 2023 01:31:14 GMT
server: Akamai Image Manager
content-length: 2317
content-type: image/avif
cache-control: private, no-transform, max-age=1026576
expires: Wed, 14 Jun 2023 08:00:48 GMT
date: Fri, 02 Jun 2023 10:51:12 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
104.110.27.78200 OK 463 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 4ba6a57b8c9f52ede1b958bd4b63700b
22a693eb43a2a76ab994782bc50cc262f986a240
c13a85df86fed8e3d77b952a59a1736743127f1422873b47b4d0a59092c62de2
GET /assets/images/homepage/position-1-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-9f2c"
last-modified: Thu, 20 Apr 2023 01:30:38 GMT
server: Akamai Image Manager
content-length: 463
content-type: image/avif
cache-control: private, no-transform, max-age=1175993
expires: Fri, 16 Jun 2023 01:31:05 GMT
date: Fri, 02 Jun 2023 10:51:12 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
104.110.27.78200 OK 831 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 026f5e731899c436dbbec268e870905a
160ed7b7fe9a30e81aae6f1136db6ce939113a7e
2a242450947c5c9d9496cd2d4acb67d50b269f5ce36070c3b98c4f88db3307db
GET /assets/images/homepage/position-2-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-cf3e"
last-modified: Thu, 20 Apr 2023 01:33:02 GMT
server: Akamai Image Manager
x-serial: 1447
x-check-cacheable: YES
content-length: 831
content-type: image/avif
cache-control: private, no-transform, max-age=1175955
expires: Fri, 16 Jun 2023 01:30:28 GMT
date: Fri, 02 Jun 2023 10:51:13 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
104.110.27.78200 OK 405 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 08e3eec615bb3f7d07a95e1e79f96189
c05ef7184eedcb31aee442ad8c474ff306b1d473
89026cd6ac7b7314c1a5b075471d09a9b672ac011254541c9d2b521b90c6cb3e
GET /assets/images/homepage/position-3-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-7b35"
last-modified: Thu, 20 Apr 2023 01:33:39 GMT
server: Akamai Image Manager
content-length: 405
content-type: image/avif
cache-control: private, no-transform, max-age=1176244
expires: Fri, 16 Jun 2023 01:35:17 GMT
date: Fri, 02 Jun 2023 10:51:13 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
104.110.27.78200 OK 840 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 6ec98f68003e2c6714282b232614e8d1
2e159a3a6e6796d1cc201770ac015f96f905ef56
f9c237c7739705ea404e9682f13e557a1d984f2493f6f619bdfce44c9a71445d
GET /assets/images/rwd/Active-Cash-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-1d25"
last-modified: Thu, 20 Apr 2023 01:31:18 GMT
server: Akamai Image Manager
x-serial: 1153
x-check-cacheable: YES
content-length: 840
content-type: image/webp
cache-control: private, no-transform, max-age=1175931
expires: Fri, 16 Jun 2023 01:30:04 GMT
date: Fri, 02 Jun 2023 10:51:13 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
104.110.27.78200 OK 712 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 89489c444f1ee92b133eb97304e31020
62ea0737595301aabcda8a6dbe95184ba9a75558
e06b14ec84ac8651fc009b444e0560a78c1919f45df8106a9c14cd708d5b804e
GET /assets/images/rwd/Reflect-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-1c20"
last-modified: Thu, 20 Apr 2023 01:30:55 GMT
server: Akamai Image Manager
x-serial: 1166
x-check-cacheable: YES
content-length: 712
content-type: image/webp
cache-control: private, no-transform, max-age=1175803
expires: Fri, 16 Jun 2023 01:27:56 GMT
date: Fri, 02 Jun 2023 10:51:13 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
104.110.27.78200 OK 962 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 699a91c4d536a60f1a4bd48622194f70
91b303fbf65778043ddd2fe6f39f4798f207f320
8c456a47b3f97fa54853761f544146ab5b5277a11603a18f080947d76e31d54a
GET /assets/images/rwd/wf_autograph_card_79x50.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-81c"
last-modified: Thu, 20 Apr 2023 01:32:43 GMT
server: Akamai Image Manager
content-length: 962
content-type: image/avif
cache-control: private, no-transform, max-age=1070783
expires: Wed, 14 Jun 2023 20:17:36 GMT
date: Fri, 02 Jun 2023 10:51:13 GMT
X-Firefox-Spdy: h2
connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
23.36.79.34200 OK 571 B URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
Hash 6497c4493a39dde646c25ba77769bdff
a274bf8eeb1162704dffb48a94fa7984257d5bb0
87539e9903c436b134e3eedeb2fba22286fbca83cfd766afd62e6de9d10167aa
GET /accounts/static/7M/accounts/short/accounts-cache.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: W/"645c0402-497"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 571
Date: Fri, 02 Jun 2023 10:51:13 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=bm770j+gRqvnzQ4ljwOf8RwMMRXPzvdxb473tz4Aco8%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:12 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
104.110.27.78200 OK 1.1 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 21385ee55bb1e5a680bb48257446fb86
9639eb9d1c5805fa350013eaa2f11c08835459e0
cfcc50571ad947e067c5a0853534d3016eaaef2fd98ffdb9b0d4d3c1bdda0273
GET /assets/images/rwd/bilt_card_79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fc445-1be6"
last-modified: Thu, 20 Apr 2023 01:31:08 GMT
server: Akamai Image Manager
content-length: 1083
content-type: image/avif
cache-control: private, no-transform, max-age=1175939
expires: Fri, 16 Jun 2023 01:30:12 GMT
date: Fri, 02 Jun 2023 10:51:13 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
104.110.27.78200 OK 1.7 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash e218a28576f6620622d48155284b5551
d189e371b0ce3dac93f0b9e660c426d932da9274
f990b81e77666bac79e3f1f9399b7763ca7eb64b1d70acea21cbe954413cc0c3
GET /assets/images/rwd/first_time_experience-account_summary.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "618287e9-14da"
last-modified: Thu, 20 Apr 2023 01:30:31 GMT
server: Akamai Image Manager
content-length: 1662
content-type: image/avif
cache-control: private, no-transform, max-age=1175958
expires: Fri, 16 Jun 2023 01:30:31 GMT
date: Fri, 02 Jun 2023 10:51:13 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
104.110.27.78200 OK 7.4 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash c885a0955f4f35b25bceca71830f266d
4bbdc15de0149dee5e6feae4fb32a520a983a1ca
5c18c7230c1e013e39d16af91a84fdedd4a6cb5874e26729f0883978c4ba229e
GET /assets/images/rwd/Native_App_Phone_Personal_v8.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6328cc17-9829"
last-modified: Thu, 20 Apr 2023 01:39:11 GMT
server: Akamai Image Manager
x-serial: 7
x-check-cacheable: YES
content-length: 7363
content-type: image/avif
cache-control: private, no-transform, max-age=1176177
expires: Fri, 16 Jun 2023 01:34:10 GMT
date: Fri, 02 Jun 2023 10:51:13 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/women-in-greenhouse_616x353.png
104.110.27.78200 OK 31 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/women-in-greenhouse_616x353.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 6e75964fb01ae452f65c9fa41cd3326e
1a0909cc3f5290bb291f4d35abdc4df63767ef9e
417df9b440b214aa81b429a205291afb424c1ae8a3c9143dd22e17befaada5e2
GET /assets/images/rwd/women-in-greenhouse_616x353.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6410d4f7-b51b"
last-modified: Thu, 20 Apr 2023 01:30:32 GMT
server: Akamai Image Manager
x-serial: 1698
x-check-cacheable: YES
content-length: 30860
content-type: image/avif
cache-control: private, no-transform, max-age=1175848
expires: Fri, 16 Jun 2023 01:28:41 GMT
date: Fri, 02 Jun 2023 10:51:13 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
104.110.27.78200 OK 20 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 87490ccdfd428eee95e906fbce88432a
e1c384061e5aaf77bcf202341510db8cdc2ae350
936c825f599809216670e9444d31e555e587b6f9943a89681cfef3621c5b0843
GET /assets/images/rwd/volunteers_cars_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "618017dd-cd21"
last-modified: Thu, 20 Apr 2023 01:30:41 GMT
server: Akamai Image Manager
content-length: 19628
content-type: image/avif
cache-control: private, no-transform, max-age=1175847
expires: Fri, 16 Jun 2023 01:28:40 GMT
date: Fri, 02 Jun 2023 10:51:13 GMT
X-Firefox-Spdy: h2
c1.wfinterface.com/tracking/gb/detector-dom.min.js
23.36.79.32200 OK 138 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/gb/detector-dom.min.js
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65434)
Size 138 kB (138549 bytes)
Hash c71e354b6a3fbb7e60e42b5cd392761e
b0abcc1cda4144fb29550225f7c3dd0342d11fbf
c5efd80b0945674f1ffbb895395fb45f44b6030a3d2c6380b03202e667c51923
GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 28 Mar 2023 20:08:12 GMT
Vary: Accept-Encoding
ETag: W/"6423492c-7049c"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 138549
Date: Fri, 02 Jun 2023 10:51:13 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=L8ndnrpC9ap%2fH9y%2fcpjwSg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
163.171.132.220201 Created 18 B URL POST HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
POST /DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34 HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2206
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=; ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:154; utag_main=v_id:01887bbb97590037d937e4dfe73c05046003700900918$_sn:1$_se:1$_ss:1$_st:1685704871578$ses_id:1685703071578%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 201 Created
Date: Fri, 02 Jun 2023 10:51:13 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Q+h6PuJw4IuIQdk6cpgLtw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=Q+h6PuJw4IuIQdk6cpgLtw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=6D63CE41C1175FD95CDFD3C9758C1AD8~-1~YAAQ4KDVF8ULuXiIAQAALp27ewkXELyG2Dtd+IvnLb7+NP5XfO7tL1uMn32uHuaWjJtyrJjjkDbSkdu3oo46VTOqst3uCyrpS9syKrxiDwJq1bPvoejhSNqqAy+518zx9hyNghUT/KoZdzcNj1VzUnpZfx+BWmcuWA4DMZN5Pp7vOto0JIAVngxdlNfdqtLo0n4wOA1RZaEvZWvvhE+IbEYPT9RbrMZRkCTQnI1tKD5wt6Nys94KMtmjShFZkea5EcTbeB7vw36ppwJZtwEGh6+rcpoRmvmjawQ+my/tcm4AqyhS8xCvqqedM6SwTcRthrCamBXjQX2eOU/SYPLgRdpqm3tcT8Xg5qYoRF5Hca+RQC38yF+enmAjc9dJCMkP~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:51:13 GMT; Max-Age=31536000; Secure
bm_sz=ED8F754D6E9BC8842E52F62106837B6A~YAAQ4KDVF8YLuXiIAQAALp27exNaygE1qVpGe7LdPWJ7Pnoje9Chb6+vXe2v/tgWbSsxnEg5a348YZnRB0wLGZxMj3rWUlkvyMHt9M6J67oqUubir2qrT52tQnsOiAr3pVSNhfEtdVKYIqOkXxtfvAwrFdZbngY4jyEnNQ+M8ZaOZWVFbxnIxzkvPOw5lxY7SrfnBraFj1Xu2291BFuqvqY5IxCnwac3HpdC6yzzD50KeELd2CEv5LdPAFTvWIoptp6bGDCeoQrL2KIICxVdFf7GAM/AiLjXuI+71+Lsqh9EHQbWNNNU~3163193~4536376; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:51:13 GMT; Max-Age=14400
X-Via: 1.1 kf182:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9a1_kf182_8107-15761
connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
23.36.79.34200 OK 151 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 151 kB (150669 bytes)
Hash 606768efc5f09f1bcbcab3ac2b57e6a9
492cb10d937d521094d70ccf2c94026cae6c1a3b
eea296c15063e79f41dab7cc6edf10febc0739261c21f47c8d04a42f93497220
GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Allow: GET, POST, OPTIONS
Access-Control-Allow-Methods: POST
X-Frame-Options: SAMEORIGIN
ETag: W/"645d3f60-1854"
Last-Modified: Thu, 11 May 2023 19:17:52 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Fri, 02 Jun 2023 10:51:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
WesdAksn=A8Kcu3uIAQAAq-WS3Jpiuqly1EZjwvVQJo27dbU5lOSa4DrhhKUc8ht0Rv5gAVtaKpqcuNk0wH8AADQwAAAAAA|1|0|ec3a197407c31e47d29a5f61a3cd6e87e28dab13; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=cYBN+T5Xe%2fAEvXP%2fa6Fdh40xV0BiGSnbNHNqsQrZZzLg9j60urhardvA6ZdvhkF5; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:12 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
23.36.79.32200 OK 45 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 02 Jun 2023 10:51:13 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=paKVY2MkS+aKO2bw+Vw2Vw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
163.171.132.220201 Created 18 B URL POST HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
POST /DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34 HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2170
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=; ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:154; utag_main=v_id:01887bbb97590037d937e4dfe73c05046003700900918$_sn:1$_se:1$_ss:1$_st:1685704871578$ses_id:1685703071578%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 201 Created
Date: Fri, 02 Jun 2023 10:51:13 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=YLbpnaaNoNfhlqHdLliHqQ%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=YLbpnaaNoNfhlqHdLliHqQ%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=D6253BC3CC8E008AF95C27BF95105620~-1~YAAQ4KDVF8wLuXiIAQAApp67ewkeYiauZ4kWsGKIXU/s6Y/Zxk5zUD3tYy3kuR5r0yF4WRStWYs3OlecKZsnWmUGTIKKypMWAxwH3eGCQLdOnujRZozKibfWNXkwuACUvHJHzDjuvw9VqzLfiHJI2XxaSm+V8fW44Ig1C4+0iEeCzfEB5iYfbHmKpWxETFVB05JsBuBpI4P8OeYQIuDbPcbZ+TfS6R7u2cY+dJdqA0u75W6KUFqz4LDbrRnsZ/KCQwTQp6rYiUs/FvP6yE925tToZzq+ccf4dnLrBhpqEDX6TlcUKTdXbPpl8pzoIdKkBUFZmeNu71k3sUWi8SXUok+jROMrB1G1h+FIjanTuuk/LUmTnn7aUJXJjYx/vn4u~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:51:13 GMT; Max-Age=31536000; Secure
bm_sz=11C8FB3011956B2877B922705AC949DE~YAAQ4KDVF80LuXiIAQAApp67exNWa+pwOLSnolkIw2sbd7Er2fBDl8RtxdKT8Y55XKMCqVHdTjraR6GLqZJLHZ1x61mu2inoSSlb9RBma+QhSYKRWQwnfSpKWv3zpKaglk87hT0ARxvss1ZuXJfSwyxUMPK8KtgbYvIl9uqZsAnS40q/Te2AIt0UL3rWx7I1N3JhpZs30mmrfjDNHe0TQkk6s+URD+llSonOWy6hutKEV5Y/V3BJOgItYdEW+feFNOrd7NxUDIbmv+7/Z7EUz+bn9qcrBb7HQg5w+cenhvnYVfodvUXn~3163193~4536376; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:51:13 GMT; Max-Age=14400
X-Via: 1.1 kf182:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9a1_kf182_8107-15771
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
23.36.79.26200 OK 14 kB URL GET HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP 23.36.79.26:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (32088), with CRLF line terminators
Hash 5f310e2e2a558d76b916e137aee73462
c7ff0190c9c2c414321211f3863e9e27f32b713e
385196f0fce7cea80c2c99d971780ecb73df9dea6e5b2d95d19df3aa849c7b1f
GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 14304
Date: Fri, 02 Jun 2023 10:51:13 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=XhOooxz1wb0ChahFMTS2Zg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.df910294345cedd2922e.chunk.css
23.36.79.34200 OK 39 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.df910294345cedd2922e.chunk.css
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 1415f9572acbb3f9c9b735caa721379c
b028e1c6270ffbbeaaad4df08669a519dabef72c
38526f61faf9a7f3f0612e909fb6f786a7ffba9b899c4d37ee66a7f08dd8f69d
GET /accounts/static/7M/accounts/public/stylesheets/wfui.df910294345cedd2922e.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 39080
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-98a8"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Fri, 02 Jun 2023 10:51:13 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=WW3LYcvO2j+xaJkBt8W4PA%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.6f78b5133f378c92c1b9.chunk.css
23.36.79.34200 OK 24 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.6f78b5133f378c92c1b9.chunk.css
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 7761c210936c5ffbc16bf3a859c5c649
30b0294e872a612bbb44fef185397b20839a6a7f
5b306356aae0365e64f0f2aeb36e88aaebcfad3cede0791f87a2cd3d8fbbe9af
GET /accounts/static/7M/accounts/public/stylesheets/main.6f78b5133f378c92c1b9.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 23979
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-5dab"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Fri, 02 Jun 2023 10:51:13 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=4+4Qinpw4F3TRCb3ipZDmg%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.0b407b6e491f76ce3813.js
23.36.79.34200 OK 3.8 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.0b407b6e491f76ce3813.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (7626), with no line terminators
Hash 376eecf5abc22210cbcec8dc18f21cf6
be2406fc2ef24c86c85eb04a9c36559ef1fa3d7b
a56f4f80c32f2fd3a8d47679dfd0456765d23a853a0f12c5bdf7e8bae4c65a20
GET /accounts/static/7M/accounts/public/js/runtime.0b407b6e491f76ce3813.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: W/"645c0402-1dca"
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Content-Encoding: gzip
Content-Length: 3788
Date: Fri, 02 Jun 2023 10:51:13 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=Xowc%2fzx1HiT5Pp8M4RfVV6Ta5RHXz9%2f9TwloiiBtnxk%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:13 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.e50d6f2958b549874d2c.chunk.js
23.36.79.34200 OK 367 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.e50d6f2958b549874d2c.chunk.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65439)
Size 367 kB (366646 bytes)
Hash ed876d09f51c9e3bf7a72d9cd0c6ba70
1451ebd78f86e66969ac4dd31d52744cc68fd9a1
09d080b8cbf4892422de75f1a0f2ce43e3c9578cf6179674546782dacc6178f7
GET /accounts/static/7M/accounts/public/js/vendor.e50d6f2958b549874d2c.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 366646
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-59836"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Fri, 02 Jun 2023 10:51:13 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=4Z1H9GzVy+GDMcEyDOHldtLL14wDHDfCMf+z8CJuPRE%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:13 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.77e559b79db575fffbe9.chunk.js
23.36.79.34200 OK 331 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.77e559b79db575fffbe9.chunk.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65446)
Size 331 kB (331228 bytes)
Hash 6ef479c44379f2b9baec883c473a53dd
6d971f4dc64d2a685ca927c90021ebaa601c2726
11b00cbc413cf23b0f7d71dd7f65469d1eae548afbeaa034f0261307093d1d24
GET /accounts/static/7M/accounts/public/js/wfui.77e559b79db575fffbe9.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 331228
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-50ddc"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Fri, 02 Jun 2023 10:51:13 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=yTS7GfhI+ZlLtaudYm4jI%2fe7NJsl0FNkulFwGsQNBFEVbIRnmoBt2SWmqk5zglaY; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:13 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
163.171.132.220200 OK 175 B URL POST HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash d5cd7ff5b87f3979185124415ec2c499
d1fd2fd8e1f54b4d6321f19c335252a09f1c6c82
69dc10b6632a322b098a41b5bf04938b4f619e2aa33333787dcc11682268dbec
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Content-Type: multipart/form-data; boundary=---------------------------39121748349052286384759271
Content-Length: 163
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=; ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:154; utag_main=v_id:01887bbb97590037d937e4dfe73c05046003700900918$_sn:1$_se:1$_ss:1$_st:1685704871578$ses_id:1685703071578%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ0YZLkD8g7F8CmqwHOJmcFaVrCF6kzP0gJmigSA9NA%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:13 GMT
Content-Type: application/json
Content-Length: 175
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
x-envoy-decorator-operation: ingress DeviceCategoryPost4
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=iAojpGjuYTcCrh721rsD7tWb2pygrQJlymfGXhvpLcE%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:13 GMT;Httponly; Secure
_abck=C8C9597FF3FEA8BA14DE83D29EE1F34D~-1~YAAQ2qDVF79hmDmIAQAAJ6C7ewmBC8TB03DiiSsxdIBCh63H7/bw19jZKpjtv8EvfSPDlJhKVzF45aOqjGe5yyA4OqU7TwRnGc+++M5IkxW1sdIMDL1B2/MGSPA1RdcD4rjp8lUGAsg0PgWGWmHN9M51wAxZCbF8p3/+Nd1MOpFt2z50UqtF+sZQjZ8PAW9zFStDn7RwlcaIZZS1+TtqQFLtkbYQNQ/qgNsqvfV2iBBLnElUx8ijMC1KfKys6q1l9ua5wVIpgrNc27GViy31n+n72irO0dfA9yetO4tY9nA8xBxGD/ebf9POdgK/ne0D413sSRDFpHGLfdj8RPGHIB4XdA24OcMPik0vpIVG+LAajQWhiITcUM/5CbmydX9H~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:51:13 GMT; Max-Age=31536000; Secure
bm_sz=6260B95165DA6BBA385657A561744070~YAAQ2qDVF8BhmDmIAQAAJ6C7exNUK0gBwOEkL7ut4DGzuMtAw8xD/pV0p3vwje4ycNQFs3qkl6wFWtkkq01fI0BfiaiYfQLdTISIAysVgz4wzEJ+IKz7qG0Z0GWzghPJt4ywJvP0vL/ir88ITCfXaz9phrZ8dG4FVZ0qw7dOM3AtuaLLlzdheb2sLtaR5UDGrwdHzdxnQEN1hkXPaWNItzg1thm1lNLa/OV7G1Ob4ts73NAWqWubh5zKeA2YuZPB9PTKlFC6TLjQPe595F3K/Z1VXrKa1wBRLrXwiKQUbGIh/pkjxp4S~3163193~4536376; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:51:13 GMT; Max-Age=14400
X-Via: 1.1 kf175:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9a1_kf182_8107-15775
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.a939a86ee26c77766c4a.chunk.js
23.36.79.34200 OK 308 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.a939a86ee26c77766c4a.chunk.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 308 kB (307653 bytes)
Hash c85014374233a557bb0c3371506bb5a0
aeb987debdb406b79606440a165a027770ee03c7
79c53c9a2acedfe344e6246a510b6c7a687fb868006a15f7afd5886a1b88abf1
GET /accounts/static/7M/accounts/public/js/main.a939a86ee26c77766c4a.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 307653
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-4b1c5"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Fri, 02 Jun 2023 10:51:13 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=3TZ42bEPdDTVpMpBU0OlgS%2fJtZT4rGFiUxPtw2sdFLNXc1e632KyarQh0+2VAt4N; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:13 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
23.36.79.32200 OK 45 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?t=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 02 Jun 2023 10:51:14 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=swZfjDgqxx0HWHx2FiedEA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
23.36.79.32200 OK 45 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?t=AW-984436569 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 02 Jun 2023 10:51:14 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=E0KxLE3OTkFB4NSBR+rsCw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
23.36.79.34200 OK 607 B URL GET HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with CRLF line terminators
Hash 566dda94252f1860a7a28665c715b530
6aa0455dc8ea41441b1f3a733985758dc40af736
43dd833f33570535401d009e6b6f9cde54bdac4e210fc6c89cfdcfcbaa9fc903
GET /auth/static/prefs/atadun.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 11 May 2023 19:12:37 GMT
Vary: Accept-Encoding
ETag: W/"645d3e25-4a0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Content-Encoding: gzip
Content-Length: 607
Date: Fri, 02 Jun 2023 10:51:14 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=Bfl2+YC2eclsYruAf6kg0YOPucP8yHI1Bw13M4LoqKo%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:14 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
23.36.79.32200 OK 45 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 02 Jun 2023 10:51:14 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=qb4ZLVQvKArKVShtkzCV3Q%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4%3A0&_cls_v=d7136a16-a33a-498f-a568-e45d949fa652&pv=2&f_cls_s=true
23.36.79.9200 OK 1.1 kB URL GET HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4%3A0&_cls_v=d7136a16-a33a-498f-a568-e45d949fa652&pv=2&f_cls_s=true
IP 23.36.79.9:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (4589), with no line terminators
Hash e8c5e773abd3694fd508e8601518e016
028510ff913090feeb6e7335e44ade2441bacc82
dd9c8823968a18f8fcccce9d514041960f0c50ffc55419cf3c40ab72ca08ce63
GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4%3A0&_cls_v=d7136a16-a33a-498f-a568-e45d949fa652&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1144
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Fri, 02 Jun 2023 10:51:14 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=32a3f9ce; Secure; SameSite=None;HttpOnly;Secure
_cls_v=d7136a16-a33a-498f-a568-e45d949fa652; Secure; SameSite=None;HttpOnly;Secure
_cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!5iQPAlRA3xUD0rXpnNE5eVRfS7HzY2bo1mbNkqiDEnKL3uu8D5+eLEItyHWKOk8KX/BcLycmBmQfCg==; path=/; Httponly; Secure
DCID=C9qA7I3pvX%2fkKR2QGFthov%2fCDx3Z8HkpkDmDgAJWtkyRjueq5OhEyMPi+4+dkTH4; Domain=rubicon.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:14 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.132.220200 OK 970 B URL POST HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2440), with no line terminators
Hash ddbbb4fd99d58ba0c2e97fdadc56929c
6189a3ccdc99007b978d41bd3e55fb426347987d
a72673e4e19867627e8ea74539de4f1fd1bdff7d1d4fa17834b93598bed1332d
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 266
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=; ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:154; utag_main=v_id:01887bbb97590037d937e4dfe73c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704873603$ses_id:1685703071578%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ0YZLkD8g7F8CmqwHOJmcFaVrCF6kzP0gJmigSA9NA%3D%22%2C%22c%22%3A%22Z0ZvZDBvYjNCQlFIUndpeQ%3D%3DCb7MvMxmRIxB8w97d9H7mgLKmSlg16Euz_mcvXKYSeF376rWZ7DfkZj_PZmNMcp3W0Bh-X3k1dlBr2vnVSOL33nS19FfbtLACIg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C62069262418767105896131097976890072041%7CMCOPTOUT-1685710273s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=d7136a16-a33a-498f-a568-e45d949fa652; _cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:14 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 970
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-b2f4496c-3672-415a-890a-c79394e8b0bb' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:154; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:a460b7b0-ba7c-49fb-a797-48a9c9fffbfa; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:a460b7b0-ba7c-49fb-a797-48a9c9fffbfa|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:24; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=E4473B85DA001CEBFEAF972FF3ACBEDF; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 01 Jun 2024 10:51:14 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202306020351142128870882; domain=.wellsfargo.com; path=/; expires=30 May 2033 10:51:14 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!sBWurHYhh9Mq9JwGl7IZxfIs0wroUX1UbNCn2cPSq8xcKvK0tkqJoWK9hlWm+kf6i+cEkbBnOmiGxE8=; path=/; Httponly; Secure
DCID=VEUdCIb1%2fly8uztWGQYzKzHsfTZPbQXhwAiu28GLeLw%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:14 GMT;Httponly; Secure
_abck=596906FE0C26B4047B799FC5F7857C77~-1~YAAQ2qDVF8ZhmDmIAQAAbqK7ewlL2dwki81YysG/LhII9TzYV7wIPdC8cSM3PzIx/zNV9MXppP+miaebDTFygFPW1j5Q7RNXm59INZOqFspw+Si+mEeJIkIOTLPCZnaSbtKrnmXAUdRlo0MU3cti6ju1/7WXG0TlIUSZ/ouUzUw0tICEj4EYyD0vKI2YNBcFsQOdbojQfmD4w65ExdTEOLS8Ra3mwt355rmtTeO/IbzVkFXxwe5Edd4Z7SwwHxORzuWjo+rgV8OEjBqeDzyKkiek5lNsXQN16edXZyCU365GpID4H60uHG6rJqgUzCa/50HCmc8E5OChB328Rzwqu+2QfN0JQalF3rHl/pet5wbIkkqpPCeEYV+a72Qlj9Na~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:51:14 GMT; Max-Age=31536000; Secure
bm_sz=70C845C2A1D36EB6BE8B1B1EBC351B4C~YAAQ2qDVF8dhmDmIAQAAbqK7exMCeod3F/xHhJcqmvCUtQCvJDNUpFTOZvI1l3WaXshzfNTKdvNjtv3+FK/u+a3FSbtJnzoJCdjM2iGY0l8yy8AQs5qCg4o5pztN7MPVhCrdZgz3qKtY56rhz6biShlKsO4kb/oFc6mxq6ALR2iEe5PVvAlDXrRaSwjORy2yXEAQFcGb/fuoAMTH0xrkF6+jXCK8tpQGytEXeZh6LhS05ShrDpSmqdaDpuI4dizE+BmefqHlkI6RbGsUQYLmUxIb7RB9BKwa1VgbBb+orkvnX6OZeJ3/~4471092~4339249; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:51:14 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9a2_kf182_7807-26583
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.132.220200 OK 965 B URL POST HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2434), with no line terminators
Hash 807dc3a17ff95c42068e0ca1fa8f6199
00531124a34a14cc2b10f4d4c5936341070f420a
75f048c829237ca73ab37e6bdaa2f445c00cd0db4a73091fded9366892d2e79f
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 262
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=; ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:154; utag_main=v_id:01887bbb97590037d937e4dfe73c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704873603$ses_id:1685703071578%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ0YZLkD8g7F8CmqwHOJmcFaVrCF6kzP0gJmigSA9NA%3D%22%2C%22c%22%3A%22Z0ZvZDBvYjNCQlFIUndpeQ%3D%3DCb7MvMxmRIxB8w97d9H7mgLKmSlg16Euz_mcvXKYSeF376rWZ7DfkZj_PZmNMcp3W0Bh-X3k1dlBr2vnVSOL33nS19FfbtLACIg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C62069262418767105896131097976890072041%7CMCOPTOUT-1685710273s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=d7136a16-a33a-498f-a568-e45d949fa652; _cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:14 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 965
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-cca8ca12-fbb0-498f-9a24-061dc6f470b6' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:154; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:84edea4a-8c8b-4d72-ad73-e38c484132c7; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:84edea4a-8c8b-4d72-ad73-e38c484132c7|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:23; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=FF8BAFA0721DDD92B5257AEEFA9CA8A9; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 01 Jun 2024 10:51:14 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120230602035114209351714; domain=.wellsfargo.com; path=/; expires=30 May 2033 10:51:14 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!28i666UE8xFKz2oGl7IZxfIs0wroUa4xrvlOxzBWwoQJ/srXJqCgbRlxLZS4X+ijpD50Xd7Otja+fWw=; path=/; Httponly; Secure
DCID=BmyNV5hvPO3IXCZ9pIT9LIKI7x4arat%2fjzGUxaaNyRM%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:14 GMT;Httponly; Secure
_abck=2F1A3E3DD0ECB1FC068B5EE03F6E0FF0~-1~YAAQ2qDVF8RhmDmIAQAAaaK7ewkw93tdrSiQ4a63sCBq+UaWMA3P8IED9uTeWsG/c2mA/01EzlscMm59QEF+rucu5XhYIxi3BvJ5stoQVYwQm/0fXwzV9PKZWR+n7pTKIYuRofSOYuNTNmIL8zdDv3Ep62tRlVwSbPtYmIqKmOcwetMmap5VktvGqUtl+E2iwwirmduLzenKY0kRCvZvLAj4W0KbaxtAZMCvKMyv/EwGeZAdsYhoSb8wS7ge84XvorV/5cviCMbF/l8bgK8Pha1exCl1pkX7Rgclrf5g1FCJ9XqN9i6uw7FCGEMjYG1jwZHJrEmxb79MBFmRmMouPVHW1rDhTR/zryB8sw9S9cQftCY94YHozjIbSjn5V7DP~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:51:14 GMT; Max-Age=31536000; Secure
bm_sz=D64336D1157B29984C963345CBCA937F~YAAQ2qDVF8VhmDmIAQAAaaK7exO5BDN+5dQbMWVwrJmhi1FespViixjhmpofeIenaxVCF9NAPUBOgY4X+fwIITkVX/u1ZwX3+Lh1158mvjXyYtEpCec/jGkG9pl5smoEpVp9flxjpa+lCuhXVU5YKJfMBng3bbuUpFn7Sa4z7qGCgMoaM5ai1hNZ1/NApyDlmNustijU2VP2PtXOM307KuVIIr3j3unta6IvGviARUPC+RaqqXgVx+uYrf+7ixrF5c4HdEYcbbv+icny8tPCEIvCvpoAtRwSWP49XpHObVJ1yY/0KOLP~4471092~4339249; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:51:14 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9a2_kf182_8136-9792
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073638&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073638&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073638&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=; ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:154; utag_main=v_id:01887bbb97590037d937e4dfe73c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704873603$ses_id:1685703071578%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ0YZLkD8g7F8CmqwHOJmcFaVrCF6kzP0gJmigSA9NA%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C62069262418767105896131097976890072041%7CMCOPTOUT-1685710273s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=d7136a16-a33a-498f-a568-e45d949fa652; _cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:14 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 10:51:14 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=DSyJi9cjo9rCQ3TXgosgi+xuRgs4Vhf95xLIFDs2lMHhAGWSCAGQ9ZjaJiAJ3wMr; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:14 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9a2_kf182_8107-15784
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.132.220200 OK 970 B URL POST HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2437), with no line terminators
Hash 4360e5a8b971820cb8f692c8b766006a
567f4a2e239094cde3930854d62fca45cf4e310b
8a6e2fda022880832dca6abcdf4f8f7fed48acd17b11e479ecb3fa91c52dec52
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 264
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=; ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:154; utag_main=v_id:01887bbb97590037d937e4dfe73c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704873603$ses_id:1685703071578%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ0YZLkD8g7F8CmqwHOJmcFaVrCF6kzP0gJmigSA9NA%3D%22%2C%22c%22%3A%22Z0ZvZDBvYjNCQlFIUndpeQ%3D%3DCb7MvMxmRIxB8w97d9H7mgLKmSlg16Euz_mcvXKYSeF376rWZ7DfkZj_PZmNMcp3W0Bh-X3k1dlBr2vnVSOL33nS19FfbtLACIg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C62069262418767105896131097976890072041%7CMCOPTOUT-1685710273s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=d7136a16-a33a-498f-a568-e45d949fa652; _cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:14 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 970
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-465caadc-7ff0-414b-adaa-1800af1bbe7c' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:154; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:60c429e5-c113-4118-b840-3180645b8fc9; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:60c429e5-c113-4118-b840-3180645b8fc9|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:62; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=5F6578D94F1D32C4C9E001981396EF0D; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 01 Jun 2024 10:51:14 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120230602035114513268208; domain=.wellsfargo.com; path=/; expires=30 May 2033 10:51:14 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!sK1MKotm8GdryaIMntjHYqEj2JIOPLYj08p+tLU2fr2Oq+2Tku1zp/f6P9cZVFj5EPZJPhVFbqqKSzE=; path=/; Httponly; Secure
DCID=fifcphfurC8DeMHevBogj44Nn28OtT4bJaatwW3IkIDbFS2hVsOkJjj%2fyYzqxmCo; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:14 GMT;Httponly; Secure
_abck=B71A753FEE417119E67F34A36DDE2D4C~-1~YAAQ4KDVF9MLuXiIAQAAkqK7ewm/sPGxSdbZr6xzbJ3IfW4rlWXMsL7WsamtmJb1//Xo/tMbDC0m4GL9HeH6VIVk8xnwSERhGCJJelWe/lmfqetxoUphPdX7wxyL9FVX1kdCocUUy33cUSzMavhLCUJs/7HrUAY94yMy1/y9EtkZHHuKKAi47SWsJCzpvy69mmkANJhcAa1Vs4E4Igrh23A2CWH3ygycBQkrqXOuv6kCA7zZ4YsEroYT4d/d7lm/K3FIJz/G69yleW3SwQTO5rOOZpdh4iYpnsb+Hkz4KnNNp0N4jaAB/RSaKtwvuW26RvUt1tvBUAw3JfmAl9TioSBXhCwtuAm7dDftwzNVWAx2z7W5X6g8YTeSt21XGYlt~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:51:14 GMT; Max-Age=31536000; Secure
bm_sz=379CDF8CB6E9D73E759441015EB4D77C~YAAQ4KDVF9QLuXiIAQAAkqK7exMBNekWsAJCVoxxH4fFS82xXhgyguypFbUYuCNCvE1n71V7axFQJU3AOO/7bwpH9RKbhcmYuo915sYDsFg8ddVLdLf90VhM8ZxcARS5jAAzdUO+0XXWVizyCfHKA7iU4C0o1cHjC+LRacRcXMR8G+fl5+TaNljgEcgVT/1kKYr1kcOCyv9HPaHw0VdVGqcMplDC4jmXgcFNfE1eONUUKEitPuUopS0KXX/L91qtZdyD+x2QXSlBfG5J0G3xwm74YkytZ6A0T52TEeWwHOjOmalFqKmz~4471092~4339249; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:51:14 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9a2_kf182_8107-15786
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.132.220200 OK 969 B URL POST HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2439), with no line terminators
Hash 5122eb6e24e1e7d5cc65126801e130d3
8238dacbb22010ca43295a1616311b01412afec8
df203cb4e4724559c557eff6171d3a23f12c2ac25dd9de73c541a9138e396f80
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 264
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=; ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:154; utag_main=v_id:01887bbb97590037d937e4dfe73c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704873603$ses_id:1685703071578%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ0YZLkD8g7F8CmqwHOJmcFaVrCF6kzP0gJmigSA9NA%3D%22%2C%22c%22%3A%22Z0ZvZDBvYjNCQlFIUndpeQ%3D%3DCb7MvMxmRIxB8w97d9H7mgLKmSlg16Euz_mcvXKYSeF376rWZ7DfkZj_PZmNMcp3W0Bh-X3k1dlBr2vnVSOL33nS19FfbtLACIg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C62069262418767105896131097976890072041%7CMCOPTOUT-1685710273s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=d7136a16-a33a-498f-a568-e45d949fa652; _cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:14 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 969
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-67574b63-df11-455c-82dd-e27aab471bfc' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:154; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:17cdd403-8cda-45ae-945c-471258aac087; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:17cdd403-8cda-45ae-945c-471258aac087|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:56; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=6E4D6FFE91AEC15B229DBE271B7D14C1; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 01 Jun 2024 10:51:14 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202306020351142099168870; domain=.wellsfargo.com; path=/; expires=30 May 2033 10:51:14 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!TCYWhv/t7HHAJywMntjHYqEj2JIOPEpLQjfmDCGf3jUs6TDHMqL6S+iHi5uRbr9AsT/OtV22DA35ix8=; path=/; Httponly; Secure
DCID=WrF3VmXCERQmRhx%2f8DRdpxfSA5xGetMRyunPmsJtYy5VDuef%2fOrv+CzEj7kEQbxB; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:14 GMT;Httponly; Secure
_abck=9DF42E743A90A03FB5E2379573FD3138~-1~YAAQ4KDVF9ULuXiIAQAAoKK7ewkmI1yZoQaEjLXSI9BQ/uOms9CsML4p9QoJe3ygtzrC2wiPzWWGICM4RfwwYG7aFe9DAuRyFFkTK8+FD8BQR2ja1FPJTci383iwerEXriJL/ZCmnXKynprahkIp0PIjLMom7/d7+wSyqwVw0hnv1aXVQlVTA+9HKd6AsgNskwuyYH0ElpNSTPaUIRa5CRz5SwA+0rTalguv1qF/0G/8scc829fmI9M0i2Ns0AjuHqHLYrJf82H3HybzMNFJmmtzCLRQek+us/mXzPZ4gFEVlQ9KevTbQMY6P3NvTbpEEbxTihlkHImhb/ceq3cDj/mvbWQruPqQhHsCZlNJnY4Rt+xmVW9GtRbIBqD6LjcN~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:51:14 GMT; Max-Age=31536000; Secure
bm_sz=D86FA40A3B7B7B3A6FAF21E298E4592A~YAAQ4KDVF9YLuXiIAQAAoKK7exPpyh4a6wuZr5FSpuMOzQVFwXzol7rFDhg/OyTlLoX6leONTBrBvL94lCC/GhFcZNcBBZFokvSRFTcOPon3IfMRPNjEto+vhEnAX6GnIFdROHh2Z/rzPhQczgqPgcdOqzQM3WXQeLtQP9sIRJronAbTR3Es4VrnOe9MYaevOnu6XC7EGf0W8tdY7gd7gpw6yeC17ZIcYuE5bS9FEjKovrVtoOdmfgUjZKAnM83OojvgOw9Vg9OjSZN3KKXtzmmwMq518y5JLmBpsG0Yl89zoQCnwUBr~4471092~4339249; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:51:14 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9a2_kf182_8210-11123
c1.wfinterface.com/tracking/ga/ga.js
23.36.79.32200 OK 20 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/ga.js
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (49163)
Hash 8402e9ebdf9290c018b0617018227681
2d840fcd6c3008d9aca747ba0ce056b496db8e1b
0b2af045acafbdf14516bf55f310568036ace959946d16edb1acebcd58029d22
GET /tracking/ga/ga.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-c025"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 19477
Date: Fri, 02 Jun 2023 10:51:14 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=tJkF3BJmGXf44upiaLxqNA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073774&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073774&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073774&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32 HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=; ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:154; utag_main=v_id:01887bbb97590037d937e4dfe73c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704873603$ses_id:1685703071578%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ0YZLkD8g7F8CmqwHOJmcFaVrCF6kzP0gJmigSA9NA%3D%22%2C%22c%22%3A%22Z0ZvZDBvYjNCQlFIUndpeQ%3D%3DCb7MvMxmRIxB8w97d9H7mgLKmSlg16Euz_mcvXKYSeF376rWZ7DfkZj_PZmNMcp3W0Bh-X3k1dlBr2vnVSOL33nS19FfbtLACIg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C62069262418767105896131097976890072041%7CMCOPTOUT-1685710273s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=d7136a16-a33a-498f-a568-e45d949fa652; _cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:14 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 10:51:14 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=IQ1UOdiv+Bjz+Jndoyj1++3mnHudh4vui8HWOIPprMxIrVKLosn1p0l7ZHgII%2fao; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:14 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9a2_kf182_7819-27344
c1.wfinterface.com/tracking/ga/ga_conversion_async.js
23.36.79.32200 OK 14 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/ga_conversion_async.js
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (35846)
Hash 0a40602db7616a31c9da4548ee920190
878e01cb0c90cb247aabc137327655a6fcffcbd5
6c771bd1c269646a76015f2f6410a40c031e5adea88f665bfe9ae15a972ab6ab
GET /tracking/ga/ga_conversion_async.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-8c31"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 13593
Date: Fri, 02 Jun 2023 10:51:14 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=kYMRtQnberyJ0wlOZ84qEA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/AIDO/glu.js
23.36.79.34200 OK 37 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/AIDO/glu.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 8349d750356165076187a6f250eb4475
f8800f870c8c09ac480411559f52f13b172db87c
c7790461bdbe96429cca1a92f79d5300bbe8538fdb8d1b6bce4d31e755acd5ab
GET /AIDO/glu.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 37182
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, OPTIONS
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Encoding: gzip
Date: Fri, 02 Jun 2023 10:51:14 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=oClEYl5vzVyK8TdHr4bHRRUd2h83dGY4xpmBxChcDXU%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:14 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073789&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073789&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073789&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8 HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=; ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:154; utag_main=v_id:01887bbb97590037d937e4dfe73c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704873603$ses_id:1685703071578%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ0YZLkD8g7F8CmqwHOJmcFaVrCF6kzP0gJmigSA9NA%3D%22%2C%22c%22%3A%22Z0ZvZDBvYjNCQlFIUndpeQ%3D%3DCb7MvMxmRIxB8w97d9H7mgLKmSlg16Euz_mcvXKYSeF376rWZ7DfkZj_PZmNMcp3W0Bh-X3k1dlBr2vnVSOL33nS19FfbtLACIg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C62069262418767105896131097976890072041%7CMCOPTOUT-1685710273s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=d7136a16-a33a-498f-a568-e45d949fa652; _cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:14 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 10:51:14 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=66+F1EQkPeb3dD4uqpD%2fuEVr8M54D0W0hmbchurQiZsXWUmiP994LCy4%2f9kkLlBm; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:14 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9a2_kf182_8136-9794
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073813&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073813&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073813&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=; ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:154; utag_main=v_id:01887bbb97590037d937e4dfe73c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704873603$ses_id:1685703071578%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ0YZLkD8g7F8CmqwHOJmcFaVrCF6kzP0gJmigSA9NA%3D%22%2C%22c%22%3A%22Z0ZvZDBvYjNCQlFIUndpeQ%3D%3DCb7MvMxmRIxB8w97d9H7mgLKmSlg16Euz_mcvXKYSeF376rWZ7DfkZj_PZmNMcp3W0Bh-X3k1dlBr2vnVSOL33nS19FfbtLACIg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C62069262418767105896131097976890072041%7CMCOPTOUT-1685710273s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=d7136a16-a33a-498f-a568-e45d949fa652; _cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:14 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 10:51:14 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=A0JiaMglCuYNLqhF4d0MkDxUzL3AGIOKMUoR%2fhoGSdyN5U%2f%2foNWa0KJhOTIhfdkX; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:14 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9a2_kf182_8210-11125
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073780&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073780&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073780&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32 HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=; ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:154; utag_main=v_id:01887bbb97590037d937e4dfe73c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704873603$ses_id:1685703071578%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ0YZLkD8g7F8CmqwHOJmcFaVrCF6kzP0gJmigSA9NA%3D%22%2C%22c%22%3A%22Z0ZvZDBvYjNCQlFIUndpeQ%3D%3DCb7MvMxmRIxB8w97d9H7mgLKmSlg16Euz_mcvXKYSeF376rWZ7DfkZj_PZmNMcp3W0Bh-X3k1dlBr2vnVSOL33nS19FfbtLACIg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C62069262418767105896131097976890072041%7CMCOPTOUT-1685710273s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=d7136a16-a33a-498f-a568-e45d949fa652; _cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:14 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 10:51:14 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=myz8k2JjrrfRj2ypVGUUWPcrNSqgvQg1%2fVNhYXdgOwK0N5zkPyw7OgAl1Xi2Xrys; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:14 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9a2_kf182_7807-26586
connect.secure.wellsfargo.com/PIDO/pic.js?r=0.7895844423475817
23.36.79.34200 OK 52 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/PIDO/pic.js?r=0.7895844423475817
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 27f575192a5b3034063e7c767a80841c
7e5b8b86dfe5a86e6a68372911798d40f721964d
7616ed218f1a431f5d688e6346d3a436b68f1bf841eabcfb3a182e7f63bf669a
GET /PIDO/pic.js?r=0.7895844423475817 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 52523
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 02 Jun 2023 10:51:14 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=UhE5sMmdvHm+f6xlcm0ofBXjOidYJAVeSUcKgpSMOFm%2fmVytoFyiTZNqOigvPgrE; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:14 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
c1.wfinterface.com/tracking/ga/ec.js
23.36.79.32200 OK 1.3 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/ec.js
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (2771)
Hash 0ae62a83927125e9b9dfa97f89af9d3f
efb68f49f2b9b6b5567bf26a17015ede289e429d
618688d9849fef712931832c71e01be145d1791d6da917a702ab86a74ce66089
GET /tracking/ga/ec.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-aed"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1313
Date: Fri, 02 Jun 2023 10:51:14 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=UfYgZjSCtH0TV1oJWVAR2g%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
23.36.79.26200 OK 16 kB URL GET HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
IP 23.36.79.26:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (599)
Hash aeccb854b0a76aa9f478e466c8011b29
625d31cbeb8978cf2419f58d14bba92a42dbb45c
7f0d10bc282c3d7b0eb4d7527303490f8d3b86a1c65e293c2d9f0793006441e6
GET /assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 Mar 2021 23:46:24 GMT
Vary: Accept-Encoding
ETag: W/"60401fd0-bbed"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15970
Date: Fri, 02 Jun 2023 10:51:14 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=QIZEn%2fTnB9Fl8k98DI+HLg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073828&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073828&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073828&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=; ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:154; utag_main=v_id:01887bbb97590037d937e4dfe73c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704873603$ses_id:1685703071578%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ0YZLkD8g7F8CmqwHOJmcFaVrCF6kzP0gJmigSA9NA%3D%22%2C%22c%22%3A%22Z0ZvZDBvYjNCQlFIUndpeQ%3D%3DCb7MvMxmRIxB8w97d9H7mgLKmSlg16Euz_mcvXKYSeF376rWZ7DfkZj_PZmNMcp3W0Bh-X3k1dlBr2vnVSOL33nS19FfbtLACIg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C62069262418767105896131097976890072041%7CMCOPTOUT-1685710273s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=d7136a16-a33a-498f-a568-e45d949fa652; _cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:14 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 10:51:14 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=7sAPgPPIP47%2f6dVf%2f8A4JT9c2sycg1jjxLtORUHtyKV0+WrH04ZKbSOt42S9Yp66; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:14 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9a2_kf182_8136-9798
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0&_cls_v=d7136a16-a33a-498f-a568-e45d949fa652&pid=0082b450-76bc-47ec-939c-5a59ced931cf&sn=1&cfg&pv=2&aid=
23.36.79.9200 OK 1.1 kB URL POST HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0&_cls_v=d7136a16-a33a-498f-a568-e45d949fa652&pid=0082b450-76bc-47ec-939c-5a59ced931cf&sn=1&cfg&pv=2&aid=
IP 23.36.79.9:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (4589), with no line terminators
Hash e8c5e773abd3694fd508e8601518e016
028510ff913090feeb6e7335e44ade2441bacc82
dd9c8823968a18f8fcccce9d514041960f0c50ffc55419cf3c40ab72ca08ce63
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0&_cls_v=d7136a16-a33a-498f-a568-e45d949fa652&pid=0082b450-76bc-47ec-939c-5a59ced931cf&sn=1&cfg&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 2801
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=32a3f9ce; _cls_v=d7136a16-a33a-498f-a568-e45d949fa652; _cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1144
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Fri, 02 Jun 2023 10:51:14 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=32a3f9ce; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!gg4ZAykBVM1zoVrpnNE5eVRfS7HzY3XHA1ma3ZwxQqeOchx0v08+BksoJVFLymBjUQYluP5Q2PmERg==; path=/; Httponly; Secure
DCID=yZh20H0cn1KMmVYhHCDxBwkceWnXDGkcwiM7%2fLBbt+3VT2hgC8TPsVf7BYYMuNjc; Domain=rubicon.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:14 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073845&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=2
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073845&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=2
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073845&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=2 HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=; ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:154; utag_main=v_id:01887bbb97590037d937e4dfe73c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704873603$ses_id:1685703071578%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ0YZLkD8g7F8CmqwHOJmcFaVrCF6kzP0gJmigSA9NA%3D%22%2C%22c%22%3A%22Z0ZvZDBvYjNCQlFIUndpeQ%3D%3DCb7MvMxmRIxB8w97d9H7mgLKmSlg16Euz_mcvXKYSeF376rWZ7DfkZj_PZmNMcp3W0Bh-X3k1dlBr2vnVSOL33nS19FfbtLACIg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C62069262418767105896131097976890072041%7CMCOPTOUT-1685710273s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=d7136a16-a33a-498f-a568-e45d949fa652; _cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:14 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 10:51:14 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=5QG2KhtVLWIp97ccYsfC9leXeFC2i9yuCUQXQgnlEmYKvhroH9Mv05xypBqY1ayH; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:14 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9a2_kf182_8210-11129
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073807&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_sav_savingsprospectrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-264163-16%7Etcm%3A91-223657-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073807&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_sav_savingsprospectrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-264163-16%7Etcm%3A91-223657-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073807&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_sav_savingsprospectrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-264163-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=; ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:154; utag_main=v_id:01887bbb97590037d937e4dfe73c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704873603$ses_id:1685703071578%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ0YZLkD8g7F8CmqwHOJmcFaVrCF6kzP0gJmigSA9NA%3D%22%2C%22c%22%3A%22Z0ZvZDBvYjNCQlFIUndpeQ%3D%3DCb7MvMxmRIxB8w97d9H7mgLKmSlg16Euz_mcvXKYSeF376rWZ7DfkZj_PZmNMcp3W0Bh-X3k1dlBr2vnVSOL33nS19FfbtLACIg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C62069262418767105896131097976890072041%7CMCOPTOUT-1685710273s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=d7136a16-a33a-498f-a568-e45d949fa652; _cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:14 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 10:51:14 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=EJYI+NInFWC8hYkuWx+F9kYsVe1+8c9liyv9ih9Ty4kA5Z1i5FX+BqQIhQshIxYx; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:14 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9a2_kf182_8107-15795
ort.wellsfargo.com/securereporting/reporting/v1/csp
23.36.79.17 0 B URL ort.wellsfargo.com/securereporting/reporting/v1/csp
IP 23.36.79.17:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /securereporting/reporting/v1/csp HTTP/1.1
Host: ort.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 3398
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Length: 0
X-Vcap-Request-Id: 62900a51-c494-4e82-7345-cc7ea78a0198
X-Xss-Protection: 1; mode=block
Date: Fri, 02 Jun 2023 10:51:14 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:0|g:85ca6f6a-deae-4ddc-a2fc-22bc8dfc540d; Max-Age=30; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure
ADRUM_BTa=R:0|g:85ca6f6a-deae-4ddc-a2fc-22bc8dfc540d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Max-Age=30; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure
SameSite=None; Max-Age=30; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766; Max-Age=30; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:2; Max-Age=30; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:2|d:3; Max-Age=30; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure
DCID=PPURfsWpUcVnnaYUV0N5Co02qJlzXVBWAyAsUiixZ4g%3d; Domain=ort.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:14 GMT;Httponly; Secure
_abck=6F15C03801553FFC49DAFF6CCAEEA95C~-1~YAAQDU8kF8gWzGyIAQAAoqS7ewkv2KyQxlB7ms1Ozl2bENRXU6YagPWKqOZ87f8oVwlJsuP2a+eeseqk3M1TbF4VXcH7mrpgkxr4jZ6EqY9uAokzEivZ2eqU3NKX0k6+usWMKkd8Fa2W/NdMZKrNRIJ6YBG4w4UId1s1fkBnlHlOgnN0ka2Cnql4A2y7nbJG9fCoa8jxHkzFmKJOX8x7iDc9e8n3KkOHNopNdt/LD+RYd+zz2BeQCAPQZ+Ihc8QPX2alCbIH4eegaZYkKFj8M6DQfCix6Aq5C4PknK7MmoryyYPgIoPKVk5Tkt1pb71ekUEfjHuaJkTyPtQiwC1685AMVNFrLNQhusasRPUvJf1KQieRKzAeazbNIhTD+gqz~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:51:14 GMT; Max-Age=31536000; Secure
bm_sz=B7DB04E62C058B8C0C5441FAE2653FC4~YAAQDU8kF8kWzGyIAQAAoqS7exPI5aRfSThtuIJtsNqCVGbq9yWYEhMMIRAXYhVpdc03NLpufe4uCzZiaiqmgKUs/A20YGMSrrwUnsKz6E1BiEeWAgtG1VE1AsEFqua2kBBXNtLuv27Uot4T/lzrzrO7CfRTQrluE5Mf/w4HPcq9Kvuw6cvjSOMxf1l3pW5qGNdTYRcMeN7hnoOarKSLIUIYh9vSw7Vp/ANVF0eU8Jgio2z2pCWTJiTcHHa97+bGb1hxuhFqWPRtWQG3MziJuu+RbcxbjUoJPiM3gdS+UcTTtRu9nmNU~4408899~4599862; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:51:14 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073801&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-264163-16%7Etcm%3A91-223657-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073801&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-264163-16%7Etcm%3A91-223657-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073801&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-264163-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=; ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:154; utag_main=v_id:01887bbb97590037d937e4dfe73c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704873603$ses_id:1685703071578%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ0YZLkD8g7F8CmqwHOJmcFaVrCF6kzP0gJmigSA9NA%3D%22%2C%22c%22%3A%22Z0ZvZDBvYjNCQlFIUndpeQ%3D%3DCb7MvMxmRIxB8w97d9H7mgLKmSlg16Euz_mcvXKYSeF376rWZ7DfkZj_PZmNMcp3W0Bh-X3k1dlBr2vnVSOL33nS19FfbtLACIg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C62069262418767105896131097976890072041%7CMCOPTOUT-1685710273s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=d7136a16-a33a-498f-a568-e45d949fa652; _cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:14 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 10:51:14 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=0HPk4+yKKUYjkuopIvsOq8Gpw2GAadq2pUsxHYWbtrQNTwOf2O2B5gGBos3P8%2f4E; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:14 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9a2_kf182_8107-15794
connect.secure.wellsfargo.com/jenny/nd
23.36.79.34200 OK 18 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/jenny/nd
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (2293)
Hash e9dbad27a6a74abca727ba3e412e9959
5a910aa83fc9a3a80db23230b8564a449202ce35
d7c753476558b8a72ad63685d927e7cd18807fced85394fcc9b4d5f40c5c3895
GET /jenny/nd HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/javascript;charset=ISO-8859-1
Content-Length: 17983
Date: Fri, 02 Jun 2023 10:51:15 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:55|g:30783c57-eeb4-429d-a287-9ec45801d7cf; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure
ADRUM_BTa=R:55|g:30783c57-eeb4-429d-a287-9ec45801d7cf|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure
SameSite=None; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812|e:3; Expires=Fri, 02 Jun 2023 10:51:44 GMT; Path=/; Secure
ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=9u1ag83qfUsxXTP2PRr+z9E6Jne3h32%2fGkrBLlYU%2fwU%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:14 GMT;Httponly; Secure
_abck=897199B50C14E4E8AB1D795AE8057208~-1~YAAQHk8kF6S/Lm2IAQAAAqW7ewl9MiMGUptsB0P1gJDjNA7zfi5hf3FnUynxlh0vGRrHG8GqkhXhK1eQsKhLFWY5L0TOQ8NXTIAre0N3VZf38qQ+yG8/CZAsb7r5ocs5ZInljKpeZFZ2zqVFV6vU+dCxAGtdgWbutGAG7P6QvXwQRsnGWxcXHoxcNQi9GBLkGGQPYj0hHlz8j7Un7ITavL1WNjDLwIOVGOLse0YsOFpQnfgEFbQFMFPmAVONDPuOFucvRYwQLqNJmYCNKkQRaOaQ5ErISVIr4cZ26slx7H55PAsxIFFkiIas5hcJkG0mnwxHHCMr6axvAOhL6EKYlHX+hVI+KXRHFnkjTKfpBt5ZleMJd5ngJwkV3wVtOOpt~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:51:15 GMT; Max-Age=31536000; Secure
bm_sz=1DFCC041CB90BE0D0E9835567752D34A~YAAQHk8kF6W/Lm2IAQAAAqW7exMvve08UgbWYB36GIxbv8y06x+/tCSWpqFoCS47BPLiXhFgZLW7T1H0BCCfD+q5eviTa15ph/AYm1vgxZDdqqMCriWtOwVxoWVjMmyd+4DBXi9EmrcEBb4dFXCt8cPCRyWGObKoS8w7BdtuSaIjNhQalGZg5bGO56LbVXLACVTQHUqm1WJT3NywP6SP8bSYUAroNTarrMVCJeGKf3jNjx3uKSDdz1s1x5/BPITQQRy8NBAIFzNoDz495qog6sqi+IBKknn3xQ3Uc6YdLO0be0yUy2yl~3224631~4601157; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:51:14 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073850&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073850&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073850&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=; ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:154; utag_main=v_id:01887bbb97590037d937e4dfe73c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704873603$ses_id:1685703071578%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ0YZLkD8g7F8CmqwHOJmcFaVrCF6kzP0gJmigSA9NA%3D%22%2C%22c%22%3A%22Z0ZvZDBvYjNCQlFIUndpeQ%3D%3DCb7MvMxmRIxB8w97d9H7mgLKmSlg16Euz_mcvXKYSeF376rWZ7DfkZj_PZmNMcp3W0Bh-X3k1dlBr2vnVSOL33nS19FfbtLACIg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C62069262418767105896131097976890072041%7CMCOPTOUT-1685710273s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=d7136a16-a33a-498f-a568-e45d949fa652; _cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:15 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 10:51:15 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=F5kinuCQBE+GnUD5YZuSrAzm%2f2ACeXnr1uqwHbeX61yilSKNjnEZu3bEczG64IHs; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:14 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9a2_kf182_7807-26600
connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.017788797027266323
23.36.79.34200 OK 137 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.017788797027266323
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 137 kB (136646 bytes)
Hash d1a7b0737ef18ba3ffc468e69e1d2492
786928968c42db7093fd4eef1deff01518a72202
a05f28ba830537f2be887e258525a35a72ad85124cc24dae5218be14e2689d05
GET /AIDO/mint.js?dt=login&r=0.017788797027266323 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 136646
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 02 Jun 2023 10:51:15 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=7sog5vYAq8nEu1JLnkvB7eXNR30w5%2frw3MGUao3Gu9I%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:14 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073856&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073856&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073856&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32 HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=; ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:154; utag_main=v_id:01887bbb97590037d937e4dfe73c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704873603$ses_id:1685703071578%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ0YZLkD8g7F8CmqwHOJmcFaVrCF6kzP0gJmigSA9NA%3D%22%2C%22c%22%3A%22Z0ZvZDBvYjNCQlFIUndpeQ%3D%3DCb7MvMxmRIxB8w97d9H7mgLKmSlg16Euz_mcvXKYSeF376rWZ7DfkZj_PZmNMcp3W0Bh-X3k1dlBr2vnVSOL33nS19FfbtLACIg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C62069262418767105896131097976890072041%7CMCOPTOUT-1685710273s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=d7136a16-a33a-498f-a568-e45d949fa652; _cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:15 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 10:51:15 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=0zyXGvHza0MNuwVnEN1c%2flI3vCr3o831JVISJ4Cmv2OMFtkHjHQ0sVR0DxA8QIl9; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:15 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9a2_kf182_8210-11135
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073853&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073853&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073853&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3 HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=; ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:154; utag_main=v_id:01887bbb97590037d937e4dfe73c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704873603$ses_id:1685703071578%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ0YZLkD8g7F8CmqwHOJmcFaVrCF6kzP0gJmigSA9NA%3D%22%2C%22c%22%3A%22Z0ZvZDBvYjNCQlFIUndpeQ%3D%3DCb7MvMxmRIxB8w97d9H7mgLKmSlg16Euz_mcvXKYSeF376rWZ7DfkZj_PZmNMcp3W0Bh-X3k1dlBr2vnVSOL33nS19FfbtLACIg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C62069262418767105896131097976890072041%7CMCOPTOUT-1685710273s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=d7136a16-a33a-498f-a568-e45d949fa652; _cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:15 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 10:51:15 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=P3WAXn+2FpHM8tBZq00gm2Ax89YpaZXn5crusg3RXUI59Etrw1i488rw8BnD%2fpOn; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:15 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9a2_kf182_8136-9800
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073818&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_chk_digitalcashbonusrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32&promoSlot=1
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073818&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_chk_digitalcashbonusrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32&promoSlot=1
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F&cb=1685703073818&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_chk_digitalcashbonusrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32&promoSlot=1 HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=; ADRUM_BTa=R:27|g:6dcfd270-8f9f-4886-96a1-af8107ddd3be|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:154; utag_main=v_id:01887bbb97590037d937e4dfe73c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704873603$ses_id:1685703071578%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ0YZLkD8g7F8CmqwHOJmcFaVrCF6kzP0gJmigSA9NA%3D%22%2C%22c%22%3A%22Z0ZvZDBvYjNCQlFIUndpeQ%3D%3DCb7MvMxmRIxB8w97d9H7mgLKmSlg16Euz_mcvXKYSeF376rWZ7DfkZj_PZmNMcp3W0Bh-X3k1dlBr2vnVSOL33nS19FfbtLACIg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C62069262418767105896131097976890072041%7CMCOPTOUT-1685710273s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=d7136a16-a33a-498f-a568-e45d949fa652; _cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:15 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 10:51:15 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=Z8z5waWcuIEc6CyFAFZp9N%2fi+cNZgT+JHrolyM2kWaSjk3e3qJUSirkL27iYrkI9; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:14 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9a2_kf182_7819-27347
connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEArYWQrV2xIS0poN0sva20zZk8wVUxqeE10elhXSDNYOGVNZG5KbjVjZDVtWGIvdi9lazMvRzZCU2JrZVlYd29pNWlwRk9oTXlPNXUydEM5dkd6emVkVHFkampvUU9jYlZIaCt5U0FaaWdjWE4wdE9TZ2c5YzRHRDZGbkhaNmpFWUdNSGg5aE1TM2pvUng2Y3hDMjk3MzRhdStXWmFIeE1CUXlyd2xRSDZRUndQdS9pN21YcllYTkkrcDExZkErenFaY3R0YVN2YURDaFJHbm9YWTBueXRUQWxVWHpWcm1rNWpZWnI0N1lhQXVsWGtTa1ZtYkY0Y0JwS3FDaDZ2T201RExISEdxNWVrWmtKNit3QW8vODROT1R1dlhRSnRvVzdvS1h4OGJ3PXw4NDM4M2M5NDRiZjY4YTIyMDg4Y2FjNGMxZjU2YWViOTY1NTVmZGUyYjg5N2Y2Y2ZlZGVjMWRmMjFiOWI2NWJkNDg0NDk1Nzk2MGFiZTQ4ZTBjM2ZkYWQxYWE1YWNlYWU4MTAwYzZmZGU1NDRiMTAwMmUxODA0ZGM4ZjdmYTNiMzRiNzBiMzQ4NTYzNTQzODNjN2E3YTA4ZDZiYjQxYjQxOTc0MjdiMGYyNzAwOTI5OGRkNDExZDZlNTkzYTVhYTQ3ZTRjYmU2MzRmYTU4Y2JkYjlkOTFiM2VhODNkYzE2OTQwMzg3NTc0ODU5ZDEwYmNlMmZkMTM0ZWEzNzUyOWZiNzA4ZGZhYjBkMTdlNDgwYmY0OTcwNzQxYzM4NDQwNjFiMTU1ZTc0YjhlMDliOWRhMjE4ZDljODJkNTNjMmM0YzU3YTIxZTVjN2UwMDFiN2VlMzZiN2IzMDM1MWUyMjM3ZGMyMmJlNTc4YTIxNzQxNThiYzc3MThlMTQ4MmYxNjg2MDdjMTk4ZjJkZWY2ODJkYzM2ZmRkZjk0ODYxN2Q2MmVkZmNmOWMxODhiMzVhOWU5Zjk4NThhZTI0Nzc3M2FlMmQwZjQzNzYwNTFlNzZhMDkxYzAzMDAwOGM4NTIyODFkNzhhZjY1MDc2ZjQyNTE1MzE0ZWUwYmRhYWU1MzYxM3wwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com&t=jsonp&c=ggwq_zqcmvslhskc&eu=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F
23.36.79.34200 OK 90 B URL GET HTTP/1.1 connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEArYWQrV2xIS0poN0sva20zZk8wVUxqeE10elhXSDNYOGVNZG5KbjVjZDVtWGIvdi9lazMvRzZCU2JrZVlYd29pNWlwRk9oTXlPNXUydEM5dkd6emVkVHFkampvUU9jYlZIaCt5U0FaaWdjWE4wdE9TZ2c5YzRHRDZGbkhaNmpFWUdNSGg5aE1TM2pvUng2Y3hDMjk3MzRhdStXWmFIeE1CUXlyd2xRSDZRUndQdS9pN21YcllYTkkrcDExZkErenFaY3R0YVN2YURDaFJHbm9YWTBueXRUQWxVWHpWcm1rNWpZWnI0N1lhQXVsWGtTa1ZtYkY0Y0JwS3FDaDZ2T201RExISEdxNWVrWmtKNit3QW8vODROT1R1dlhRSnRvVzdvS1h4OGJ3PXw4NDM4M2M5NDRiZjY4YTIyMDg4Y2FjNGMxZjU2YWViOTY1NTVmZGUyYjg5N2Y2Y2ZlZGVjMWRmMjFiOWI2NWJkNDg0NDk1Nzk2MGFiZTQ4ZTBjM2ZkYWQxYWE1YWNlYWU4MTAwYzZmZGU1NDRiMTAwMmUxODA0ZGM4ZjdmYTNiMzRiNzBiMzQ4NTYzNTQzODNjN2E3YTA4ZDZiYjQxYjQxOTc0MjdiMGYyNzAwOTI5OGRkNDExZDZlNTkzYTVhYTQ3ZTRjYmU2MzRmYTU4Y2JkYjlkOTFiM2VhODNkYzE2OTQwMzg3NTc0ODU5ZDEwYmNlMmZkMTM0ZWEzNzUyOWZiNzA4ZGZhYjBkMTdlNDgwYmY0OTcwNzQxYzM4NDQwNjFiMTU1ZTc0YjhlMDliOWRhMjE4ZDljODJkNTNjMmM0YzU3YTIxZTVjN2UwMDFiN2VlMzZiN2IzMDM1MWUyMjM3ZGMyMmJlNTc4YTIxNzQxNThiYzc3MThlMTQ4MmYxNjg2MDdjMTk4ZjJkZWY2ODJkYzM2ZmRkZjk0ODYxN2Q2MmVkZmNmOWMxODhiMzVhOWU5Zjk4NThhZTI0Nzc3M2FlMmQwZjQzNzYwNTFlNzZhMDkxYzAzMDAwOGM4NTIyODFkNzhhZjY1MDc2ZjQyNTE1MzE0ZWUwYmRhYWU1MzYxM3wwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com&t=jsonp&c=ggwq_zqcmvslhskc&eu=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 44248f1dd3921adc84897fcb35ac57fa
b4190859b763c727e987e22f9cc517a10bee3691
dc2a3d79e9d937be4e42adbf34eaf48e66ff0d0e1289c472442b179b792a9a3e
GET /AIDO/vyHb?d=ZW5jZEArYWQrV2xIS0poN0sva20zZk8wVUxqeE10elhXSDNYOGVNZG5KbjVjZDVtWGIvdi9lazMvRzZCU2JrZVlYd29pNWlwRk9oTXlPNXUydEM5dkd6emVkVHFkampvUU9jYlZIaCt5U0FaaWdjWE4wdE9TZ2c5YzRHRDZGbkhaNmpFWUdNSGg5aE1TM2pvUng2Y3hDMjk3MzRhdStXWmFIeE1CUXlyd2xRSDZRUndQdS9pN21YcllYTkkrcDExZkErenFaY3R0YVN2YURDaFJHbm9YWTBueXRUQWxVWHpWcm1rNWpZWnI0N1lhQXVsWGtTa1ZtYkY0Y0JwS3FDaDZ2T201RExISEdxNWVrWmtKNit3QW8vODROT1R1dlhRSnRvVzdvS1h4OGJ3PXw4NDM4M2M5NDRiZjY4YTIyMDg4Y2FjNGMxZjU2YWViOTY1NTVmZGUyYjg5N2Y2Y2ZlZGVjMWRmMjFiOWI2NWJkNDg0NDk1Nzk2MGFiZTQ4ZTBjM2ZkYWQxYWE1YWNlYWU4MTAwYzZmZGU1NDRiMTAwMmUxODA0ZGM4ZjdmYTNiMzRiNzBiMzQ4NTYzNTQzODNjN2E3YTA4ZDZiYjQxYjQxOTc0MjdiMGYyNzAwOTI5OGRkNDExZDZlNTkzYTVhYTQ3ZTRjYmU2MzRmYTU4Y2JkYjlkOTFiM2VhODNkYzE2OTQwMzg3NTc0ODU5ZDEwYmNlMmZkMTM0ZWEzNzUyOWZiNzA4ZGZhYjBkMTdlNDgwYmY0OTcwNzQxYzM4NDQwNjFiMTU1ZTc0YjhlMDliOWRhMjE4ZDljODJkNTNjMmM0YzU3YTIxZTVjN2UwMDFiN2VlMzZiN2IzMDM1MWUyMjM3ZGMyMmJlNTc4YTIxNzQxNThiYzc3MThlMTQ4MmYxNjg2MDdjMTk4ZjJkZWY2ODJkYzM2ZmRkZjk0ODYxN2Q2MmVkZmNmOWMxODhiMzVhOWU5Zjk4NThhZTI0Nzc3M2FlMmQwZjQzNzYwNTFlNzZhMDkxYzAzMDAwOGM4NTIyODFkNzhhZjY1MDc2ZjQyNTE1MzE0ZWUwYmRhYWU1MzYxM3wwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com&t=jsonp&c=ggwq_zqcmvslhskc&eu=https%3A%2F%2Fwww--wellsfargo--com--1c49329d48d6c.wsipv6.com%2F HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 90
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Fri, 02 Jun 2023 10:51:15 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=UPk7rZuJqyDTrdmw56w5ZclhDa8qX9h5PgvJNWB0i0SXn1To6Bz3n5zfv4C44RcS; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:15 GMT;Httponly; Secure
_abck=84D7279E9DBC9F2454BE7987B0D44031~-1~YAAQHk8kF6y/Lm2IAQAAAaa7ewnZQpp1hc8QcAt543VVEkh8UxDfxR5sDwpDgwhFNbljB481S1PWm5ke4+wXZfhRml1/ctZh1F2WUM14T6sryKoe43pvIi+iUV7JtnmA03X7QgBL16Y1KsQKu4lNExEmdGUIWiYvviZYblK5r+mrUFlK4MYgxUpCeA/k1iwGBbO9bkRdT6bEZdQwFOG4scEX2v0cmtEOqX0vz+0+LjTzdDmoGmhwBVVAtFlyrNEv4HZQmza4i3g+mc2x4IduUSzsH7cW2UOA+kakIAN5PAQ02QJuLLbSlprHOrIfo8/SyJkF+NNfLMK8IDuFeD8VO1c0wq4t0yAA+XCjeyo9/OqvSgwC9vI0RZRw4sTA6RaP~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:51:15 GMT; Max-Age=31536000; Secure
bm_sz=ECC224699930C33C36DDFED9E2ED552C~YAAQHk8kF62/Lm2IAQAAAaa7exNJdas+LlU1g1gZkjgUQPMS4PqfYjv9nmRscK9Auf7j8E6r7nA4YnhB3TpSK8ImIel2GHMHzb4DobwORE1EWDS1Peq66Ufxsovux/yKmIUr+hBbOgOOleYzXz3LyDj4rQwAdUzRlPDtqBO8xXO7wiq93z5Bcuv+s5bw6+0ee6V6VZG5EJIOD5yL+1RxrtoV593nIQSjtvqOk01RkJ5DzFwWzJaAyIc9urttobtr7HjeSu3BM2LsUSqXGBNxl77hw1lMGRpmnlLcWR4BjhOoiiNAizUP~4277569~3753028; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:51:15 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
163.171.132.220200 OK 134 B URL POST HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 67817d820529347f92887ce328c2a7af
ad25f009530011993147ac4da5cb9b7d8a164a03
1c05e7c65aa75b2d487aac2f5f2a513b02a93bb05113746de87db4a3b15230c0
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/dip/v1/dip HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
ADRUM: isAjax:true
Content-Length: 2046
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=; utag_main=v_id:01887bbb97590037d937e4dfe73c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704873603$ses_id:1685703071578%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ0YZLkD8g7F8CmqwHOJmcFaVrCF6kzP0gJmigSA9NA%3D%22%2C%22c%22%3A%22Z0ZvZDBvYjNCQlFIUndpeQ%3D%3DCb7MvMxmRIxB8w97d9H7mgLKmSlg16Euz_mcvXKYSeF376rWZ7DfkZj_PZmNMcp3W0Bh-X3k1dlBr2vnVSOL33nS19FfbtLACIg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtlENlm%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C62069262418767105896131097976890072041%7CMCOPTOUT-1685710273s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=d7136a16-a33a-498f-a568-e45d949fa652; _cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0; ISD_WCM_COOKIE=!TCYWhv/t7HHAJywMntjHYqEj2JIOPEpLQjfmDCGf3jUs6TDHMqL6S+iHi5uRbr9AsT/OtV22DA35ix8=; _gcl_au=1.1.705386660.1685703074; ADRUM_BTa=R:27|g:17cdd403-8cda-45ae-945c-471258aac087|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:56; _ga=GA1.2.459830590.1685703074; _gid=GA1.2.2090300715.1685703074; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoiV1BPdElnSVFXNXdjN0NqUTRnNkVkZz09IiwiZSI6IitWc0ZzSkdPSHlKV0JPV2txNjJnTDVMb056elBsNUQ2cDdzVElEQmc1Uzl0MVFaTnZ3UWhGR2QwWmlHQ1BhWUFyNjg1Rnc5d29NZThSSW9zKzhzWVwvQWhaTjlROGVYbGhTZGxTMGZkbXBYMEsyRmx0eUp6ZWR2NVg2STRmbXZEek82b2RjZTJRZHFnQms0YnkzSGVPZFE9PSJ9.ba9086a36b9e2599.NjE3ZDgwZGFjZjlkMDE4ZTQxMGUyMDIzOWMyMDZjYjEwY2VhNjNhYTU3OWE3ZWNhMzRiNjFlNWYwZTM1NDZmYQ%3D%3D; ndsid=ndsa8u4lt97utsdlieg3524
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 134
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
X-Akamai-Transformed: 9 206 0 pmb=mTOE,1
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=XbbCVaxNjqhfL952UAtQ8e0dwmQxA3QgzYCMbiiPPQE%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:16 GMT;Httponly; Secure
_abck=5806DC6404298D356925B1EEABA0476F~-1~YAAQ4KDVF/4LuXiIAQAAoqq7ewk5WLB8tAoKpE/+/R9QmwqUtC/MyZUpYwd7QowbPfgTFUFDWPBFqhZ7TXQ+J6PniD4WkwO4hzIx+5c6GtsKiThD2QXM3jvt2Z9jO2zExcD0YP8toyYx9Odzsjr9hpFmk9za5istYUhTpegTk+deoxdjLTfLZf6WD2RiEaXHpdlRRCUU6bjV44qa5G/ntmkFEewVmmhZ2VfnQciDy3bWjOsY2ei99Hc+YTxrC6aQNoP9QSDiEmMH4K+Kf0pQ6FhsAB7eFNHMxCuk8nepKzFwuo4KPkLfJAwnGgl9+MPgL9pxU01CFvSeGfyi4xKhuzJHLPUoWm7UBv4fM93CvfYOD8W/VV0sfjJbNUEO+fRi~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:51:16 GMT; Max-Age=31536000; Secure
bm_sz=946D99616B26D87A43B528380FD65B88~YAAQ4KDVF/8LuXiIAQAAoqq7exMbNflqo6lJRvYEtN4ggcubz45rXrul5wvXycvk3IfbnD8/bUuzcxxAoBREz/Tm9WtWJfCJ3MCRMS0NYpDJJr0OJoBhgTdTLqwT3nV0K3TGJVc1Eekh9/C5YfOpz8UKkbzfBZLOQR+2tUXCdH0Ca7a8c2ZviR7F0i1FiD/FHYkzNLBWIb5QkktkZW2AKdkS8u7/zpF4ARMIQcmpr+XP9qrOgV+ivh/VkGQ76Kw8e0enKxSAQL1ZEcPa6tV8Y6f9C20COuPpovYZuwLolGJ7CYByoVHt~3225412~4474180; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:51:16 GMT; Max-Age=14400
X-Via: 1.1 kf175:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9a4_kf182_8107-15876
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
163.171.132.220200 OK 265 B URL POST HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 1ae6938ab7fce3e9f37c06036c6c38d0
383942569f0f359ed289414bd3e95541e6837c79
626ed614c4468d5f015086f312ddbb1c36f6ef75979de9da1af6724255ae2c3d
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/imp/v1.0/report/?m&fq=load HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
content-type: text/plain;charset=UTF-8
Content-Length: 852
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=; utag_main=v_id:01887bbb97590037d937e4dfe73c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704873603$ses_id:1685703071578%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ0YZLkD8g7F8CmqwHOJmcFaVrCF6kzP0gJmigSA9NA%3D%22%2C%22c%22%3A%22Z0ZvZDBvYjNCQlFIUndpeQ%3D%3DCb7MvMxmRIxB8w97d9H7mgLKmSlg16Euz_mcvXKYSeF376rWZ7DfkZj_PZmNMcp3W0Bh-X3k1dlBr2vnVSOL33nS19FfbtLACIg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtlENlm%22%2C%22_fr%22%3A10000%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C62069262418767105896131097976890072041%7CMCOPTOUT-1685710273s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=d7136a16-a33a-498f-a568-e45d949fa652; _cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0; ISD_WCM_COOKIE=!TCYWhv/t7HHAJywMntjHYqEj2JIOPEpLQjfmDCGf3jUs6TDHMqL6S+iHi5uRbr9AsT/OtV22DA35ix8=; _gcl_au=1.1.705386660.1685703074; ADRUM_BTa=R:27|g:17cdd403-8cda-45ae-945c-471258aac087|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:56; _ga=GA1.2.459830590.1685703074; _gid=GA1.2.2090300715.1685703074; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoiV1BPdElnSVFXNXdjN0NqUTRnNkVkZz09IiwiZSI6IitWc0ZzSkdPSHlKV0JPV2txNjJnTDVMb056elBsNUQ2cDdzVElEQmc1Uzl0MVFaTnZ3UWhGR2QwWmlHQ1BhWUFyNjg1Rnc5d29NZThSSW9zKzhzWVwvQWhaTjlROGVYbGhTZGxTMGZkbXBYMEsyRmx0eUp6ZWR2NVg2STRmbXZEek82b2RjZTJRZHFnQms0YnkzSGVPZFE9PSJ9.ba9086a36b9e2599.NjE3ZDgwZGFjZjlkMDE4ZTQxMGUyMDIzOWMyMDZjYjEwY2VhNjNhYTU3OWE3ZWNhMzRiNjFlNWYwZTM1NDZmYQ%3D%3D; ndsid=ndsa8u4lt97utsdlieg3524
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:16 GMT
Content-Type: text/plain
Content-Length: 265
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=3P3iYIT9Tz5Hf6gDzSQ8mnf3x9telQALaCWI%2fOewwy0%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:16 GMT;Httponly; Secure
_abck=6655CAC76589704A12D1A800240848A8~-1~YAAQ4KDVFwUMuXiIAQAAw6u7ewlTjkCcYnPz+e+RmVwAZTs1aqYyfNjeFgdbLg/9rcJqvM/jqruQ24vTd7QAX/+ZnbyN4vzqRZbDubAuZiIJrkMyqizyNrY0Iilw3cmUlABUjzQ/GoLbN5wC1wYZpXwucmna48PY+bS+ryXE4Fgf4dxuxA/R3bB3DmO9owq/QQLvP6UxhT5+ivIGPwys9MmBG1T8hSAJFBy11mgyY2RJNW4evKw+cmMeU/v6M2mZ+aUaDxUDvxKED2Ylzlm8jjBVVe5M0OlZc68lKUcVneFaxhyDc9F6LfzleztiKsJrJC/Hl3HQljxJWZ88HtC4+NrcwjzISs4uEAL1p23t1GDlhe/wOe+yHXKUFXKYsjM7~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:51:16 GMT; Max-Age=31536000; Secure
bm_sz=358512AD5AA4E0A2238E23CAAB8EA02C~YAAQ4KDVFwYMuXiIAQAAw6u7exPk6sKR/ylz1HbFIXRf8hD8jvg/K+dym81zQpiK5til6XbeEZEwunQeOXreVSC9nm+vEX8K6o1rqgFGisNCvnut+YRjUi378+NxEhQSx7oOjOwsVfK1MtPFiqxrAzPRLpNYYpvaB8Y9945BjkLDatfYopk6jH0HRlO/VOFDdyML72X6O9jTx28n/eD21SnEDOHdP83Z6ytBoUnc5+3C7cfl+6Yi+QuoVpB1ygyVThAl8lka6tlPzl2aB3lHiC6D5BPgqDjLjB2nUnJ7ZE21dhg0Ad1z~3225412~4474180; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:51:16 GMT; Max-Age=14400
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9a4_kf182_8210-11160
www--wellsfargo--com--1c49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?x
163.171.132.220200 OK 0 B URL POST HTTP/1.1 www--wellsfargo--com--1c49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?x
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/imp/v1.0/report/?x HTTP/1.1
Host: www--wellsfargo--com--1c49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
content-type: text/plain;charset=UTF-8
Content-Length: 296
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!W5r49P4Y/+fO8JpnfhFjdbQk89Ydzizd2dF/0yBhx0oSbc9OPwI8ldSBwcsQY80li9DzsFQRy9yANbg=; utag_main=v_id:01887bbb97590037d937e4dfe73c05046003700900918$_sn:1$_se:2$_ss:0$_st:1685704873603$ses_id:1685703071578%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ0YZLkD8g7F8CmqwHOJmcFaVrCF6kzP0gJmigSA9NA%3D%22%2C%22c%22%3A%22Z0ZvZDBvYjNCQlFIUndpeQ%3D%3DCb7MvMxmRIxB8w97d9H7mgLKmSlg16Euz_mcvXKYSeF376rWZ7DfkZj_PZmNMcp3W0Bh-X3k1dlBr2vnVSOL33nS19FfbtLACIg%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtlENlmxCrPEhWSgmsKmX7%2B%22%2C%22_fr%22%3A20000%2C%22diA%22%3A%22AaTJeWQAAAAAfHERWBy7SJQyFKva4lPi%22%2C%22diB%22%3A%22AcqJRvpzfD724TiLeTUSJCk5Kh9nDZLN%22%2C%22fr%22%3A%22lsEz3ZwZhieKUfzYtb1HHw%3D%3DIbMrkSa_YYn9RnXxYGun0zHBIO4PTv6SQTEItG0Nt5a7ASUzhbN1-AsXpyk6yGrvTI8kcoy71HEhgmVplknueD4pwwVv1ei3K4tgu5v3NznDS2ar0_TWGRXuOolsK04Q1WO2Fyng6s7vMo8H6PBX7yq13i0a8Sit9PSzi0afOGpjROAd01nqcn8c%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VeAvaf7x%2Bj1XwC8Uk%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C62069262418767105896131097976890072041%7CMCOPTOUT-1685710273s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=d7136a16-a33a-498f-a568-e45d949fa652; _cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0; ISD_WCM_COOKIE=!TCYWhv/t7HHAJywMntjHYqEj2JIOPEpLQjfmDCGf3jUs6TDHMqL6S+iHi5uRbr9AsT/OtV22DA35ix8=; _gcl_au=1.1.705386660.1685703074; ADRUM_BTa=R:27|g:17cdd403-8cda-45ae-945c-471258aac087|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:56; _ga=GA1.2.459830590.1685703074; _gid=GA1.2.2090300715.1685703074; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoiV1BPdElnSVFXNXdjN0NqUTRnNkVkZz09IiwiZSI6IitWc0ZzSkdPSHlKV0JPV2txNjJnTDVMb056elBsNUQ2cDdzVElEQmc1Uzl0MVFaTnZ3UWhGR2QwWmlHQ1BhWUFyNjg1Rnc5d29NZThSSW9zKzhzWVwvQWhaTjlROGVYbGhTZGxTMGZkbXBYMEsyRmx0eUp6ZWR2NVg2STRmbXZEek82b2RjZTJRZHFnQms0YnkzSGVPZFE9PSJ9.ba9086a36b9e2599.NjE3ZDgwZGFjZjlkMDE4ZTQxMGUyMDIzOWMyMDZjYjEwY2VhNjNhYTU3OWE3ZWNhMzRiNjFlNWYwZTM1NDZmYQ%3D%3D; ndsid=ndsa8u4lt97utsdlieg3524; _imp_di_pc_=AaTJeWQAAAAAfHERWBy7SJQyFKva4lPi
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 10:51:23 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=rPR0ILoZ+UrevVujn7GopJbW5vRHLuPTMAsGo%2fSyALI%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:23 GMT;Httponly; Secure
_abck=DEA2CA98573D8C48CEF656ADDBA97197~-1~YAAQ4KDVF3AMuXiIAQAA28a7ewn5vOpemOhKStJ8PujFx0Qrvrf8ExpKZNcHbImmu/3pX/6nN+RwVbfLJJ9H3w+N0SXDjPcoO7OUWrLQmJJSsm49m1ONiGZPFP4WuHG8Kq435ZKZmFToypBdujVm7kllizD0JXipoCEoMxWYiTGPiyG6MGmGm7GNLHYiCy0qneBzURw4N2O2SXIGC3d4OHTUeX6WbWq6eo6CaXrzGeC/Tgydp/Qpb6M6IZjm/nON6GtA+D1e1hMscLoj2+YeGLQGbuLacBJzhvgJu/cU4DSfHycDyD3hOXMuAq/GR6J/eGG1FmaYu/CQrYsMA7i+bPFXhu26LMI8DbC8d0dxdnspfSAQf5Px3HFtDo0hnJp9~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 10:51:23 GMT; Max-Age=31536000; Secure
bm_sz=B65E0AC9388D192E09CB4102E83639AB~YAAQ4KDVF3EMuXiIAQAA28a7exNZ8MJ6aBqpA2elsZHXw73aONrAdCSYt0+ULJ+jNEfZGR+Mp6+19lAx6v5yFCXEuyx41cq6WpuA3PSouAD/mCXgM68LVHR9IOjcRMdEAX8YaUAe61fE9rsl0vDQK5VTDS55fitwvnQp+pXj4IQIQuOe6AXiV6Bn65nNy5AHM+Wi+8838XVhnaXip0prYTdfatZdOBBWHb/s+ZY2iUyzLQal99NeyEhGyuIAtrToh0J4JY3cLB15zCbyd+eUpR9xlaP2ZT+DyaHN2Oz7eyRKKiuVRXRt~4338229~3749171; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 14:51:23 GMT; Max-Age=14400
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479c9ab_kf182_8107-16009
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0&_cls_v=d7136a16-a33a-498f-a568-e45d949fa652&pid=0082b450-76bc-47ec-939c-5a59ced931cf&sn=2&cfg=32a3f9ce&pv=2&aid=
23.36.79.9 164 B URL POST rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0&_cls_v=d7136a16-a33a-498f-a568-e45d949fa652&pid=0082b450-76bc-47ec-939c-5a59ced931cf&sn=2&cfg=32a3f9ce&pv=2&aid=
IP 23.36.79.9:0
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 2fcd469f53b81f61988471c1ac9725db
d014e5ba1ef83b4ed392b5ee56d5d4bb73d1e0ec
070878617f82e350a1b5ca8d29055f9b0923116ef6222828bc89cd1d0a2203c5
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0&_cls_v=d7136a16-a33a-498f-a568-e45d949fa652&pid=0082b450-76bc-47ec-939c-5a59ced931cf&sn=2&cfg=32a3f9ce&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 34119
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=32a3f9ce; _cls_v=d7136a16-a33a-498f-a568-e45d949fa652; _cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 164
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Fri, 02 Jun 2023 10:51:25 GMT
Connection: keep-alive
Set-Cookie: ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!Rk77wmqUfc3C2/Mq/D2JHXmrrcNtC6Ab3JXS7HDrVULCHQp85LnT5yQszwrtbEE3A2c4fLOXrwnpgw==; path=/; Httponly; Secure
DCID=47NndF1LxSqEjxWtu%2fGTnVtJKKUA5iF%2fIr0zlR%2f7hHKYBiWro292L3MTLmWu9wO8; Domain=rubicon.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:24 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0&_cls_v=d7136a16-a33a-498f-a568-e45d949fa652&pid=0082b450-76bc-47ec-939c-5a59ced931cf&sn=3&cfg=32a3f9ce&pv=2&aid=
23.36.79.9 164 B URL rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0&_cls_v=d7136a16-a33a-498f-a568-e45d949fa652&pid=0082b450-76bc-47ec-939c-5a59ced931cf&sn=3&cfg=32a3f9ce&pv=2&aid=
IP 23.36.79.9:0
ASN #20940 Akamai International B.V.
Certificate IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (65507), with CRLF line terminators, ASCII text, with no line terminators
Hash 2fcd469f53b81f61988471c1ac9725db
d014e5ba1ef83b4ed392b5ee56d5d4bb73d1e0ec
070878617f82e350a1b5ca8d29055f9b0923116ef6222828bc89cd1d0a2203c5
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0&_cls_v=d7136a16-a33a-498f-a568-e45d949fa652&pid=0082b450-76bc-47ec-939c-5a59ced931cf&sn=3&cfg=32a3f9ce&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 50639
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=32a3f9ce; _cls_v=d7136a16-a33a-498f-a568-e45d949fa652; _cls_s=71a8a18c-7f9e-486c-8a07-475298b9a8c4:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 164
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Fri, 02 Jun 2023 10:51:25 GMT
Connection: keep-alive
Set-Cookie: ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!rBOj47PpuwLmPGsq/D2JHXmrrcNtC2ZpgW38Oo6YQ0dciGKnnos+659Kb4//VPNMVQhLJi1JD01ANg==; path=/; Httponly; Secure
DCID=qOfxR%2fb1IjTm%2fRuI077E6ej2P5BC%2fw0yUBsISMZQJFNfOM6xxRbLIu6IElGgnDpp; Domain=rubicon.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:06:25 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
52.27.22.254200 OK 26 B URL GET HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
IP 52.27.22.254:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.eum-appdynamics.com
FingerprintFC:48:9F:81:33:3D:2B:6F:D9:CA:C8:3B:5F:11:C2:DC:DE:71:48:F5
ValidityTue, 14 Jun 2022 00:00:00 GMT - Sat, 15 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6a43099d5c8fe991a7aa7ebaca53069d
5bce2f0d57305c58c7b05bfce29ebb39a18f5570
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 02 Jun 2023 10:51:15 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
52.27.22.254200 OK 26 B URL GET HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
IP 52.27.22.254:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.eum-appdynamics.com
FingerprintFC:48:9F:81:33:3D:2B:6F:D9:CA:C8:3B:5F:11:C2:DC:DE:71:48:F5
ValidityTue, 14 Jun 2022 00:00:00 GMT - Sat, 15 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6a43099d5c8fe991a7aa7ebaca53069d
5bce2f0d57305c58c7b05bfce29ebb39a18f5570
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 02 Jun 2023 10:51:15 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
52.27.22.254200 OK 0 B URL POST HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP 52.27.22.254:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.eum-appdynamics.com
FingerprintFC:48:9F:81:33:3D:2B:6F:D9:CA:C8:3B:5F:11:C2:DC:DE:71:48:F5
ValidityTue, 14 Jun 2022 00:00:00 GMT - Sat, 15 Jul 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 1535
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 02 Jun 2023 10:51:21 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:55|g:6a5579ff-a3d6-490b-abab-d90ec0ec1bde; Path=/; Expires=Fri, 02-Jun-2023 10:51:51 GMT; Max-Age=30
ADRUM_BTa=R:55|g:6a5579ff-a3d6-490b-abab-d90ec0ec1bde|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e; Path=/; Expires=Fri, 02-Jun-2023 10:51:51 GMT; Max-Age=30
SameSite=None; Path=/; Expires=Fri, 02-Jun-2023 10:51:51 GMT; Max-Age=30; Secure
ADRUM_BT1=R:55|i:559461; Path=/; Expires=Fri, 02-Jun-2023 10:51:51 GMT; Max-Age=30
ADRUM_BT1=R:55|i:559461|e:3; Path=/; Expires=Fri, 02-Jun-2023 10:51:51 GMT; Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 1
server: envoy
X-Firefox-Spdy: h2
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
52.27.22.254200 OK 0 B URL POST HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP 52.27.22.254:443
Requested by https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.eum-appdynamics.com
FingerprintFC:48:9F:81:33:3D:2B:6F:D9:CA:C8:3B:5F:11:C2:DC:DE:71:48:F5
ValidityTue, 14 Jun 2022 00:00:00 GMT - Sat, 15 Jul 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 13335
Origin: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--1c49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 02 Jun 2023 10:51:16 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:55|g:72483b32-28ea-492c-a93e-6a63cb93bf28; Path=/; Expires=Fri, 02-Jun-2023 10:51:46 GMT; Max-Age=30
ADRUM_BTa=R:55|g:72483b32-28ea-492c-a93e-6a63cb93bf28|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e; Path=/; Expires=Fri, 02-Jun-2023 10:51:46 GMT; Max-Age=30
SameSite=None; Path=/; Expires=Fri, 02-Jun-2023 10:51:46 GMT; Max-Age=30; Secure
ADRUM_BT1=R:55|i:559461; Path=/; Expires=Fri, 02-Jun-2023 10:51:46 GMT; Max-Age=30
ADRUM_BT1=R:55|i:559461|e:2; Path=/; Expires=Fri, 02-Jun-2023 10:51:46 GMT; Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2