ocsp.dcocsp.cn/
47.246.44.227 471 B IP 47.246.44.227:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 261098d4c3d8ebda3b6d02003230971b
1c0406a90de52f1ba4b928908b948603f21e6078
f999c469ff9cf945aa9a17bbf7d648f1c6462923f8963f28ee1a9b7702ed2805
POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Tue, 06 Jun 2023 00:38:45 GMT
Ali-Swift-Global-Savetime: 1686011925
Via: cache21.l2de2[47,46,200-0,M], cache21.l2de2[47,0], cache1.se1[68,68,200-0,M], cache1.se1[70,0]
X-Cache: MISS TCP_REFRESH_MISS dirn:4:152784117
X-Swift-SaveTime: Tue, 06 Jun 2023 00:38:45 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: 2ff62c9516860119257992946e
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
163.171.132.220 19 kB URL www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (731), with CRLF line terminators
Hash 1676fab520610f388b089dd5449dff51
f75ff71811d7625054d1f32625b62b46b7f95be8
b3e833b06f48d1bc24324cab6b2d4932de1b00c7f5b223140a4f142e93973dd8
Analyzer Verdict Alert openphish Wells Fargo & Company
GET / HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:46 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 18851
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; prefetch-src 'self' *.wellsfargo.com *.wellsfargomedia.com; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://resources.digital-cloud-prem.medallia.com https://www.knotch-cdn.com https://www.units.knotch.it https://*.knotch.it/; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.ads.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://www.linkedin.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://*.mworld.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://www.units.knotch.it; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-b9a30f65-7ecd-4243-8b7c-25b4f067c00f' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.ads.linkedin.com https://www.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Language: en-US
X-Cnection: close
X-Akamai-Transformed: 9 18779 0 pmb=mTOE,1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:16eb86cb-df62-493f-9cc0-618ccbf6e140; Expires=Tue, 06 Jun 2023 00:39:16 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:0|g:16eb86cb-df62-493f-9cc0-618ccbf6e140|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Tue, 06 Jun 2023 00:39:16 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Tue, 06 Jun 2023 00:39:16 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894; Expires=Tue, 06 Jun 2023 00:39:16 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:86; Expires=Tue, 06 Jun 2023 00:39:16 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=112023060517384675906664; domain=.wellsfargo.com; path=/; expires=3 Jun 2033 00:38:46 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=; path=/; Httponly; Secure
DCID=CUxupx3HKLFN1rQ4ZkNhDnV6Sea2Qc4533x5FpT18FpbQRqiXIXnjKPjvM4jvv+S; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:46 GMT;Httponly; Secure
_abck=06F5B1AD94FE28BDE8FDA60F91500013~-1~YAAQjtAXAh4BE4uIAQAAy1kkjgq3Sl2VW4FeQWYyBSuHJveY1nyyrKdUQdFyzm+7qnmNtsnwetoXxaDgJlsSdRwNRkNStdTIyX7k2fVAj2zzUgTsQpLt7hLA0bpJsyWT1Fbo8EAYZjt8SRjA2YpSusUeWZTKvLyR9Nxu9FFr5vfXrdEyWzzkxNBwLkewYnKHYO8cBZk3ZGyEPh1Ky7s4nGEb5Dyxg+46oWvEB1RW9Il1a6T+IAO6I2jXyQwLaix8yk1m/6pbExCydXLYZMzAkzZI5xaCm5hAFL42lGrrL8/0yaxwdnk7/OlzHHacpIQyaubArK8XOpXH5IDmgy4HK/9t0OY/p434koFsD5XT1UtcnmnE8oUhBgB18csOvfbe~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 05 Jun 2024 00:38:46 GMT; Max-Age=31536000; Secure
bm_sz=7DB95EB8AA454E54FC308D84D6AF48B7~YAAQjtAXAh8BE4uIAQAAy1kkjhSx8vo9N9RnpRTauNQAr1w3alz2kU5SbFDfeIrB+/p7Kedrzzo4BgGCHbx7rUxJ/NwRaylgr+yycMSloThwXvDXwDMjw7C30QfmY2GjdB6Clf8AyeEn2SmIMwmA+EoszaRkCfzqLo0GP9UgdAQPfrm3iVOAUjqtLvYlN1Fh44I0Pxk4X9zVgsGLmzA9RuIqa6XFwqGJglAOQm2lsvRqbSFPvkn1YqjS4iLj0EoI27DnPkTn8h9fh34C4oHI/cU7pp6zbBkfjW/PMzlMdBhElfCh8vCj~4535874~3616834; Domain=.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 04:38:46 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8015_kf175_12005-18041
www17.wellsfargomedia.com/assets/images/rwd/choice-privileges-card-79x50.png
104.110.27.78200 OK 1.4 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/choice-privileges-card-79x50.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 723ea3757b670b62e78a271262f7a226
0eaa5d0a1bde4446a39f3d9c60a2719581c38837
ce9903039a68a570fa3787c621e9ea79efd40f4b24afd194c4025d085d48abed
GET /assets/images/rwd/choice-privileges-card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "64396a1c-1f52"
last-modified: Thu, 20 Apr 2023 01:30:29 GMT
server: Akamai Image Manager
content-length: 1441
content-type: image/avif
cache-control: private, no-transform, max-age=866971
expires: Fri, 16 Jun 2023 01:28:18 GMT
date: Tue, 06 Jun 2023 00:38:47 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
104.110.27.78 26 kB URL www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
IP 104.110.27.78:0
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 1f8dadb2c78b667abbb3e1869fb823fd
7ac507de2102b9198b6590d339ed4ebbe5a4db27
c19b0b9b383a1efa5a50fe1c6e48fa46e03512e47666e17cfab1c7bb77c182ef
GET /assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "62057fd1-14ef3"
last-modified: Thu, 20 Apr 2023 01:31:58 GMT
server: Akamai Image Manager
x-serial: 1294
x-check-cacheable: YES
content-length: 25648
content-type: image/avif
cache-control: private, no-transform, max-age=867180
expires: Fri, 16 Jun 2023 01:31:47 GMT
date: Tue, 06 Jun 2023 00:38:47 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
104.110.27.78 1.7 kB URL www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
IP 104.110.27.78:0
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash c939da49d435a33b6da79639dd7b449e
b5c908f157d240c4b78f1e7a6c0808aa898c9c23
60088561eb43fca42fc2f9c996af43347355642872eabfa97a943d2f28ee474d
GET /assets/images/rwd/wf_logo_220x23.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61bcfcce-10c2"
last-modified: Thu, 20 Apr 2023 01:30:26 GMT
server: Akamai Image Manager
x-serial: 853
x-check-cacheable: YES
content-length: 1712
content-type: image/webp
cache-control: private, no-transform, max-age=866993
expires: Fri, 16 Jun 2023 01:28:40 GMT
date: Tue, 06 Jun 2023 00:38:47 GMT
X-Firefox-Spdy: h2
static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
23.36.79.26200 OK 901 B URL GET HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
IP 23.36.79.26:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (1952), with no line terminators
Hash e7cf4c458b327ab7ed31e0936ccd404f
970bf05073f91ad6b8f21521f7c9886f71f2af1d
52b687a685d2239142be0db5335c5710951ba8c2b39a44431a40f156b4d9312d
GET /assets/js/wfui/appdynamics/appdEUMConfig.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 20 Jan 2022 02:38:25 GMT
Vary: Accept-Encoding
ETag: W/"61e8cb21-7a0"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 901
Date: Tue, 06 Jun 2023 00:38:47 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=W5werUgja%2ff%2fbFh%2fD0SI+Q%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
163.171.132.220200 OK 19 kB URL GET HTTP/1.1 www--wellsfargo--com--ye49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (33363), with NEL line terminators
Hash 1f9ca16f9fc2bfd6185aa57f8e9e1996
9a32e9cd41b9f7e4ebf0cb2364a333414f1f3e52
f1f5d2d31133a2c5bd964ef6422e45e1d1c5741d98b605d6a2cbf7257092d1ab
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /ui/javascript/homepage-ui/homepage_iaoffer.js HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:16eb86cb-df62-493f-9cc0-618ccbf6e140|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:86; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:47 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 19159
Connection: keep-alive
Expires: Tue, 06 Jun 2023 00:38:48 GMT
Last-Modified: Tue, 18 Apr 2023 15:19:30 GMT
ETag: "643eb502-e805"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01hzl162:0 (Cdn Cache Server V2.0), 1.1 kf175:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8017_kf175_11937-45600
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/ooE2ErVEFFlcXBal2eBrNKeBYrg/Okw3DbXzJtuiEb/ZVpVQG8PAg/b1x7JF/18CjU
163.171.132.220201 Created 76 kB URL POST HTTP/1.1 www--wellsfargo--com--ye49329d48d6c.wsipv6.com/ooE2ErVEFFlcXBal2eBrNKeBYrg/Okw3DbXzJtuiEb/ZVpVQG8PAg/b1x7JF/18CjU
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
Hash 0d61b4e4742d5251c44efcd5d8166a2c
04189d5a539c1cc84fee87994097919000f3434b
c394010c09ddb06f644c54c2cc3d1c8003f44f5668b7eb1e39f38e051ab7a5c6
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /ooE2ErVEFFlcXBal2eBrNKeBYrg/Okw3DbXzJtuiEb/ZVpVQG8PAg/b1x7JF/18CjU HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:16eb86cb-df62-493f-9cc0-618ccbf6e140|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:86; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:47 GMT
Content-Type: application/javascript
Content-Length: 76203
Connection: keep-alive
Stored-Attribute-Sha-Checksum: c394010c09ddb06f644c54c2cc3d1c8003f44f5668b7eb1e39f38e051ab7a5c6
Last-Modified: Wed, 26 Apr 2023 15:12:26 GMT
ETag: "5b60948dc39561fee36fa77d7eef5047a16cbdb8b05e43f4f2fbc918f19cea08"
Content-Encoding: gzip
Cache-Control: max-age=21600
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=bAMmodhEVOEh0N1INKpjZg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=CA31439999B3034B41C2C0030C54E522~-1~YAAQjtAXAjQBE4uIAQAASlskjgouupqD3Pyt1hcNXszWXbydQ6Qe0LpBsQAIhvlWD8TzuXS+Z5hVkFInDpd+YmUfZCsLWcmCUsT2Cc0TbxZfk46qMwJuoy+0iUDJ1hdR7euq6lZ5Upl8mXU0Vjz3eVWyLvCyxnCDBzxBJO+CInhyPE0IbTcwKitF+O5deYkEMuv0pcpVOT9YUbpmNu2PTptV4UDSpGsUy2MvC2NrC+ft6/t1hWoGM+KqP3SL2WI7agzTN3TsaLbfobmK9o4pdblqpRvacbqtv8uKobCd2OFrK/bD5gBKnYEG/EfN+9i/d3oiqSzoCA57MuM7DCwyhMx4GoJ/XwxhE90wRhDhC8mWN8aU5Usjgd5RW68GeuL+~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 05 Jun 2024 00:38:47 GMT; Max-Age=31536000; Secure
bm_sz=33D06604A127ACD7AEB413DD6E25C7A7~YAAQjtAXAjUBE4uIAQAASlskjhSECgk7OLnudvg3ZLSftg3iHyQZo7MQ3iQDJabpgjIdp0fcd2+19QyU6HNBhpyVroCW6OIEMGuFoFwfPscrB+32nsOfGqcgpNPCj0izATo9TsrRrQtry97LGD8UJhgVdwRScQCz6FqLjK7Ahk3M6eZUD16lq3isQjxAUsS2JLef95n9A9fLNkcx8vwt72RGDCw90x0NNQjGPTaWQxQOJJyQLzXYyfE2df9AfvEnMSyQwH2Sy6QMNGAg88rHNiTYkqysfWwj42RwaPHcRl1JChE1TzvY~3622453~4407864; Domain=.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 04:38:47 GMT; Max-Age=14400
X-Via: 1.1 kf175:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8017_kf175_11680-49696
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
163.171.132.220 24 kB URL www--wellsfargo--com--ye49329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (65536), with no line terminators
Hash faeacce8b6ad342cd86a6a8d5e4b52c7
818f0301128768ed137adc0a80759721b57027c8
befa04abc1ca69b01f6d8b97af7399611e49e69b541bf33554ab37f5b6b776c7
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /ui/css/homepage-ui/ps-homepage.css HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:16eb86cb-df62-493f-9cc0-618ccbf6e140|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:86; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:47 GMT
Content-Type: text/css
Content-Length: 23837
Connection: keep-alive
Expires: Tue, 06 Jun 2023 00:38:48 GMT
Last-Modified: Tue, 18 Apr 2023 15:19:30 GMT
ETag: "643eb502-2a973"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01hzl162:2 (Cdn Cache Server V2.0), 1.1 kf182:9 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8017_kf175_11950-1175
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
163.171.132.220 58 kB URL www--wellsfargo--com--ye49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type Unicode text, UTF-8 text, with very long lines (65500), with no line terminators
Hash 817137481b98432168705ff99aa7ca57
9049c9adaa1e735f5e8c1b17f72a88f8fad3994c
884b8a0cdadbb630b742a414622856e833532ecf5eb3ba87b6066bceb521f086
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /ui/javascript/homepage-ui/ps-homepage.js HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:16eb86cb-df62-493f-9cc0-618ccbf6e140|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:86; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:47 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 58231
Connection: keep-alive
Expires: Tue, 06 Jun 2023 00:38:48 GMT
Last-Modified: Tue, 18 Apr 2023 15:19:30 GMT
ETag: W/"643eb502-2c686"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01cV0174:4 (Cdn Cache Server V2.0), 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8017_kf175_11950-1172
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
163.171.132.220 4.3 kB URL www--wellsfargo--com--ye49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (9269)
Hash 7d93c5ed9e7da2bdbd82314fe428e673
1cf1d96fce5aae69bb89bd710d301076bebe8d36
3be558d112861b6318db7aa21dfeb71c4381b4d96951020e61eab21e8368d8f2
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /auth/login/static/js/general_alt.js?single HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:16eb86cb-df62-493f-9cc0-618ccbf6e140|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:86; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:47 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 4283
Connection: keep-alive
Content-Encoding: gzip
Expires: Tue, 06 Jun 2023 00:38:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=AyRbJI6IAQAAomN2vLyAbNOHPxPwfkrWW58xxg2Foz5ZjKSGHcyB0RfGAE75AaOrhK-cuNk0wH8AADQwAAAAAA|1|0|8be2c25f4d447b3c5cdd3bfb890609b32093d40d; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=hgjoUtiQEmTLdhcC6qCkxZ7sAHH9rAZMLAnAfN5XxBgfTOujy1Gz6e8yUahQxHiL; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:47 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8017_kf175_12005-18058
static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
23.36.79.26 16 kB URL static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
IP 23.36.79.26:0
ASN #20940 Akamai International B.V.
Certificate IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (45298)
Hash 308e427d5e59a148900bf524ecd5829a
73baa209d84f2d15c88606b28280d2121efd878c
c15cbdeb4d6f20c36afa165203fc74d9ee00c6d77954971b0e1ba2e5ec222b07
GET /assets/js/wfui/container/wfui-container-bottom.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 07 Mar 2023 21:05:06 GMT
Vary: Accept-Encoding
ETag: W/"6407a702-b125"
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15731
Date: Tue, 06 Jun 2023 00:38:47 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=j4duaS0g27l3R2owaS+kaA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
104.110.27.78200 OK 49 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type PNG image data, 1187 x 406, 8-bit colormap, non-interlaced\012- data
Hash 4576998e5446061faba47c4c609823e0
3beff60a8beab6ef65403e7bc02f996509c737a2
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39
GET /assets/images/sprite/responsive-sprite-v7.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 48569
last-modified: Thu, 21 Jul 2022 20:05:23 GMT
etag: "62d9b183-bdb9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=15475600
expires: Sat, 02 Dec 2023 03:25:27 GMT
date: Tue, 06 Jun 2023 00:38:47 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
104.110.27.78 22 kB URL www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP 104.110.27.78:0
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Hash 0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=15479482
expires: Sat, 02 Dec 2023 04:30:09 GMT
date: Tue, 06 Jun 2023 00:38:47 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
104.110.27.78200 OK 23 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Hash 83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
GET /assets/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5848"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=15371770
expires: Thu, 30 Nov 2023 22:34:57 GMT
date: Tue, 06 Jun 2023 00:38:47 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
104.110.27.78 22 kB URL www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP 104.110.27.78:0
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Hash f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704
GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=15480364
expires: Sat, 02 Dec 2023 04:44:51 GMT
date: Tue, 06 Jun 2023 00:38:47 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
104.110.27.78 22 kB URL www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
IP 104.110.27.78:0
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107\012- data
Hash 1a2740c8df445989e4ee5f5396b6474c
a3f8545619fdd5b2a481952cd9e2c7b169bb43a6
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc
GET /assets/fonts/wellsfargosans-lt.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 21636
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5484"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=15371774
expires: Thu, 30 Nov 2023 22:35:01 GMT
date: Tue, 06 Jun 2023 00:38:47 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AEBPHI6IAQAAGC1WE7ZXfYPIs3Tb3I_KdkVOvHF6E2Nfhf7cNT5e-itWep8W&X-G2Q3kxs3--z=q
163.171.132.220200 OK 149 kB URL GET HTTP/1.1 www--wellsfargo--com--ye49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AEBPHI6IAQAAGC1WE7ZXfYPIs3Tb3I_KdkVOvHF6E2Nfhf7cNT5e-itWep8W&X-G2Q3kxs3--z=q
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 149 kB (149095 bytes)
Hash bf202ecbee933457b412f6b879cdc8b4
8b526eceae2ec5e2405899008befdb613a6a96bc
d49fea6969c3bcd6909ab5303308e58907bf37c6fc15b502d2134be0cc87a1a5
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /auth/login/static/js/general_alt.js?async&seed=AEBPHI6IAQAAGC1WE7ZXfYPIs3Tb3I_KdkVOvHF6E2Nfhf7cNT5e-itWep8W&X-G2Q3kxs3--z=q HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:16eb86cb-df62-493f-9cc0-618ccbf6e140|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:86; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:47 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Tue, 06 Jun 2023 00:38:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A09cJI6IAQAACkm7497h3Z4REOY5WUnZSQi4hADbWqj9xySymi928T95p2PaAaOrhK-cuNk0wH8AADQwAAAAAA|1|0|385d4346ca0895eec17522083af39b377a2721f7; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=94CuDbgiiP5AU4IbugTGtfVIC02cwVUVQoLiS06AkI0zsZMmCzTSO56Y9cp4fxm4; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:47 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8017_kf175_11680-49703
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/ooE2ErVEFFlcXBal2eBrNKeBYrg/Okw3DbXzJtuiEb/ZVpVQG8PAg/b1x7JF/18CjU
163.171.132.220201 Created 18 B URL POST HTTP/1.1 www--wellsfargo--com--ye49329d48d6c.wsipv6.com/ooE2ErVEFFlcXBal2eBrNKeBYrg/Okw3DbXzJtuiEb/ZVpVQG8PAg/b1x7JF/18CjU
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
POST /ooE2ErVEFFlcXBal2eBrNKeBYrg/Okw3DbXzJtuiEb/ZVpVQG8PAg/b1x7JF/18CjU HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2055
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:16eb86cb-df62-493f-9cc0-618ccbf6e140|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:86; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 201 Created
Date: Tue, 06 Jun 2023 00:38:48 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=wLTkCL4PUj48cf2SQTgvkw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=wLTkCL4PUj48cf2SQTgvkw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=A101B62162A2AC7C954E037655516D82~-1~YAAQjtAXAlkBE4uIAQAAI14kjgpjtwHYVohcoN2OaimcBaggm1BmXK5agv/dGAAzcmE7jSgXWvmuXUi9PXpHAWMxYXBAZewmBbAZmvXCErZMyAEmkANsj0s0AmJ+hdrXwXLJaw4YvmnTAoyIFxBSnpGWIvM9C3TgCd6gbKzdORdgz7B2sY/QQzIGqhBRhsDn2g4YBongSUwlvJxSHsw7Plv/Fvi86n/EAGEsAKGt7TGLaGaFgY72W7CRl101Y5AIvq2szcTFWUaNktQGF7115np9e+3kao8wdrCqJfCm0mM50pUhGAcDddwc2KQdDYxNNzIM/XQtAkmng+y8C8XYV/eelorKYjrXcFdqvhDNa9RjAZ7GkCKmUqFoKFH5HdG3~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 05 Jun 2024 00:38:48 GMT; Max-Age=31536000; Secure
bm_sz=5BA37E07BC8D316FB56A39E0AD4C5D9F~YAAQjtAXAloBE4uIAQAAI14kjhTxQPIBgXvhFmEZ8hRAJUt/JMRR3T/apxF5SEFLNLJ+A4HeEO58aUB0oAoKSDJGnJtPMovco87HK1pMahiRegll6u+lCkwUExiUw9MAyuBSP9yOz/Ew9rVMPb1nrrDoCiYU2OgNZc6QKgMcYnXRh1gqAyx8xRH+s88c7mhy/mVtKcPXK7+zUkFFnfjD5zXPwkipZJgt2gatPTmEkJRR9UxKWS9f1jyJSKUhipkqH2Gl8SY86VlAdEI5fnZxmtzRhYBeNEpnGJSRGmyKHbFIpy9NJFRe~3622453~4407864; Domain=.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 04:38:47 GMT; Max-Age=14399
X-Via: 1.1 kf175:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8017_kf175_11937-45606
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/target/offers/conversations
163.171.132.220 2.0 kB URL www--wellsfargo--com--ye49329d48d6c.wsipv6.com/target/offers/conversations
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with very long lines (10429), with no line terminators
Hash e418d6981b2b7ef2dbb4d86aad519b6a
766d62155ef8808f0592acd3cfd626f8cf6a743c
5241f8253510d5c3647fb724dd83dc31bb0ea68a9b8412c860fdcfa8de5d6f4c
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /target/offers/conversations HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 105
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:16eb86cb-df62-493f-9cc0-618ccbf6e140|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:86; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:48 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 2020
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; prefetch-src 'self' *.wellsfargo.com *.wellsfargomedia.com; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://resources.digital-cloud-prem.medallia.com https://www.knotch-cdn.com https://www.units.knotch.it https://*.knotch.it/; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.ads.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://www.linkedin.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://*.mworld.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://www.units.knotch.it; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-053bc07f-48eb-4613-bb32-f78958934774' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.ads.linkedin.com https://www.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:16eb86cb-df62-493f-9cc0-618ccbf6e140|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:86; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:680871cc-985a-41e4-8f30-dd062d55ef04; Expires=Tue, 06 Jun 2023 00:39:17 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:680871cc-985a-41e4-8f30-dd062d55ef04|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Tue, 06 Jun 2023 00:39:17 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Tue, 06 Jun 2023 00:39:17 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893; Expires=Tue, 06 Jun 2023 00:39:17 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:177; Expires=Tue, 06 Jun 2023 00:39:17 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=11202306051738472020428115; domain=.wellsfargo.com; path=/; expires=3 Jun 2033 00:38:47 GMT; secure=true; SameSite=Lax; HttpOnly
wcmcookiehp=6BCD514FC6A6D2028C1D66ED74C7D8F1; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
DCID=eSZfe3bOcNMLPSnPv57HDJtjrPVZleG+3wjj8j7FA8QIGtROpxT+V32HnbIPKBQx; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:47 GMT;Httponly; Secure
_abck=AB55AADCBFDD7BABE0816E5CC677D129~-1~YAAQlNAXApyeXXeIAQAAKl4kjgpJgNKXZdd/hsx+Q79l12HaArVouTKugO+pcTICVryi3qwipvj5G+5fNhV46RUeHspT3C7F6NcA0gpj7aA8fA3RH87//WaC6s//A67xTjGberyq+jN5CDG5oq0WHQYsBMqD5u3ddYyqe5ZOVhT4i5SlJ9vSBMnVDtdmaeTgddpNyRGdi7IX7DPZfcbJDOkbcMPL7ExkUsNJ46pdMFI4OvCkHiYhJzKw9bjmR5TRtRNUUBgiDigvpzQmge/L7oalQplxtYd1UTRz+ecQ+qWQNH5DFa9gMl7J4jyUlXu1Kng3lC8zg8IVQ52loUmoxYMkmEFG/XjJd5olcNFGpyWuSwLaH8uaSYXuNTRqJvJ/~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 05 Jun 2024 00:38:48 GMT; Max-Age=31536000; Secure
bm_sz=6139A20B1E381162FBBD39889C95BACB~YAAQlNAXAp2eXXeIAQAAKl4kjhQGMV5QLUhHv70l96didhhQca/bGdz6MLQbDJ+oV5qrHxb7BN+kuJatkTioPgsdFurxBZyy2i8BvxOiS+SszZTOLP/ptyHfIJ0q0KN71W9ov+Vg8KOjB3LOfrdNLQGliL9m8pH8wfuqBgXfGsFuiuz9xftfBs59WTgEjCl4iIM97mGsthUGfw9o89PXiMGy6GhD0GIhqT0H+QZ7565BUJzSxWTVwdC6zb5f36zrdoUb6/3Q43z3OspwXtQ4cnPX/fH+15TYVcAXm7Ja2va/j0qQfgcZ~3622453~4407864; Domain=.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 04:38:47 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf173:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8017_kf175_11950-1181
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
163.171.132.220 313 kB URL www--wellsfargo--com--ye49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (65357)
Size 313 kB (313270 bytes)
Hash 86b0428bd52fbfeaf6fc736f21b79f1e
357a952f524df35ccf680ecc30ed8764444266bb
fe4623c9de643567800b8518f0a5163d4d6d634f87d93ab792b221834592d5ab
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /auth/login/static/js/general_alt.js?1js HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:16eb86cb-df62-493f-9cc0-618ccbf6e140|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:86; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:48 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Tue, 06 Jun 2023 00:38:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: DCID=pD1FTtER9%2fL6boc2H863uCCsgjZ5kEyayrcNVzNZwGlnWeZsSy7j2GQ8m%2fnJcX%2fQ; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:47 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8017_kf175_11950-1180
c1.wfinterface.com/tracking/hp/utag.js
23.36.79.9 55 kB URL c1.wfinterface.com/tracking/hp/utag.js
IP 23.36.79.9:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (14989)
Hash 9c21270445d8d24ac6f6cd64ba2d2b87
9b6efc3ccfdefe0993369d64c73d1adb15420700
d0a902bf3de91f273513b56ce62fff64de0a89e4c8e05446546c99ab4a1910b9
GET /tracking/hp/utag.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 28 Mar 2023 20:08:18 GMT
Vary: Accept-Encoding
ETag: W/"64234932-31f01"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 54703
Date: Tue, 06 Jun 2023 00:38:48 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=wvTJuii2jYyfI7e0BT0oLg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
104.110.27.78200 OK 9.2 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash cd112f1acb59ef6e59e09c0effd8ce2a
bc104cd92adc32a8f695300d2b0cc69c2776f6af
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c
GET /assets/images/icons/ico/favicon.ico HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/x-icon
content-length: 9198
last-modified: Fri, 17 Dec 2021 21:10:38 GMT
etag: "61bcfcce-23ee"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=13006
expires: Tue, 06 Jun 2023 04:15:34 GMT
date: Tue, 06 Jun 2023 00:38:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
104.110.27.78 964 B URL www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
IP 104.110.27.78:0
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 7f9f34586bf809f8eb21ceb6b46045d7
90691768aff809a00ce2b33df7e37e34dcdbcbe0
dca86ff9007564cbcb0515ec84dfc727fd8648005a8f12eb0bf5a3278431d6e0
GET /assets/images/icons/icon-hires_192x192.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6116f9a6-dcf"
last-modified: Thu, 20 Apr 2023 01:32:50 GMT
server: Akamai Image Manager
content-length: 964
content-type: image/avif
cache-control: private, no-transform, max-age=867166
expires: Fri, 16 Jun 2023 01:31:34 GMT
date: Tue, 06 Jun 2023 00:38:48 GMT
X-Firefox-Spdy: h2
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/ooE2ErVEFFlcXBal2eBrNKeBYrg/Okw3DbXzJtuiEb/ZVpVQG8PAg/b1x7JF/18CjU
163.171.132.220201 Created 18 B URL POST HTTP/1.1 www--wellsfargo--com--ye49329d48d6c.wsipv6.com/ooE2ErVEFFlcXBal2eBrNKeBYrg/Okw3DbXzJtuiEb/ZVpVQG8PAg/b1x7JF/18CjU
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
POST /ooE2ErVEFFlcXBal2eBrNKeBYrg/Okw3DbXzJtuiEb/ZVpVQG8PAg/b1x7JF/18CjU HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2715
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=; ADRUM_BTa=R:27|g:680871cc-985a-41e4-8f30-dd062d55ef04|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:177
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 201 Created
Date: Tue, 06 Jun 2023 00:38:48 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=h5U2c+LzeGzl1Lo86AEYyQ%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=h5U2c+LzeGzl1Lo86AEYyQ%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=B704CB4853E8DD1135D3FABE05EB85F8~-1~YAAQjtAXAmQBE4uIAQAAHV8kjgo+J+AICodVCOuIVFlzrk6peZ1bxvO3UXGaoruHHjvIlthpPlTlLOvEj5osbIsi1BU+KRXnmokg8U9wzXbw8RkKiW4FDHoEsecWuxznskvzQfQlHRXOyJIe3q+NlHMdFQn/IHVL8u3bUs+MVVLNwkC7vxkMcOM5qjd1S2smA6+EqsKRFpU3kTmUnGdZUNtJYkFSthA1Wf8B3onDz9q0wi33sAorVUVQ9jx3jy6pVmR03HbyQJrnks7VVLK483TIc3/fjqqCtL7hGkwBKm5BsJ+t9yIXO7r8zJ3+Vzc5U1UvZ3OpovyYIFdE89H2bo0xp4RWjN5Vjy5G503IATK9rVvHOIXNCyVwiVYnfyfJ~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 05 Jun 2024 00:38:48 GMT; Max-Age=31536000; Secure
bm_sz=D42BD6656425EE53104CA486DA56ACEB~YAAQjtAXAmUBE4uIAQAAHV8kjhTFsmplz0x+gavC1rABfQ/DYLG1KjScuIXVsSOZCfGiBJJ9W9paD732EaWOT26+02bA2bMkvQErgAJoLhKxWIlXWsD5YKLGBj+SHKbc0iLPtOuKXajliQUZ+HpykwD6I2hrCWBWg4uSWif/Mmh+dnbcZzsCre+tY1/wpOo2rD4FsWRg5gSVqyo36l3JzTT8FnVPJMkcZKXbYCptHkg1IdfJ8uuDtX8IzH7JeLbWnalYNzDVFniqghGm7vnUQymfm/ls9yLSZqawK8StkpzlsXCzf9Od~4274502~3289412; Domain=.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 04:38:48 GMT; Max-Age=14400
X-Via: 1.1 kf175:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8018_kf175_11950-1199
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_hppb_savings_1700x700.jpg
104.110.27.78200 OK 1.3 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_hppb_savings_1700x700.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 9a1eae7d2190524a3314d76363aaeeff
f3ac6dec3572f491f1d5b914974858bfe9751566
4774cc6c28fbd2c229c3460b3669b7348db73d3477407e4e82112ad3f037cb6f
GET /assets/images/contextual/responsive/hpprimary/wfi_ph_hppb_savings_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6453c9c0-5f1d"
last-modified: Tue, 16 May 2023 13:47:10 GMT
server: Akamai Image Manager
content-length: 1344
content-type: image/avif
cache-control: private, no-transform, max-age=824887
expires: Thu, 15 Jun 2023 13:46:55 GMT
date: Tue, 06 Jun 2023 00:38:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_111661701_616x353.jpg
104.110.27.78 44 kB URL www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_111661701_616x353.jpg
IP 104.110.27.78:0
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 9534a04615e76afcd0a4dda5cdf8dd7e
516d3a11907386abf70170a54409523592c068aa
d7579baa6c30dad3cc501d73364183349ac085fcfea7c2af16aaa11532bc5907
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_111661701_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63505837-def7"
last-modified: Thu, 20 Apr 2023 01:40:39 GMT
server: Akamai Image Manager
content-length: 43802
content-type: image/avif
cache-control: private, no-transform, max-age=867754
expires: Fri, 16 Jun 2023 01:41:22 GMT
date: Tue, 06 Jun 2023 00:38:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_482407060_616x353.jpg
104.110.27.78 27 kB URL www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_482407060_616x353.jpg
IP 104.110.27.78:0
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 45a212ca9acc61f0bb2570fad9b1ef6d
0766da6abe3d736412ceba81a699a55110feb6b5
99dade4264e8d662c215bf128f8911bf7e53123d661d9783c0a4260970fd51fb
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_482407060_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63505838-e489"
last-modified: Thu, 20 Apr 2023 01:30:25 GMT
server: Akamai Image Manager
content-length: 26587
content-type: image/avif
cache-control: private, no-transform, max-age=867073
expires: Fri, 16 Jun 2023 01:30:01 GMT
date: Tue, 06 Jun 2023 00:38:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
104.110.27.78 562 B URL www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
IP 104.110.27.78:0
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2bcde1c3190b4af34b91259d18dcc641
3e6b6735a8876b4a326648142fab032a8bc57999
de658330c0f53de61d10240f572508c31ee9db580f34b856430724f2e499104c
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63cb7c4d-769"
last-modified: Thu, 20 Apr 2023 01:30:29 GMT
server: Akamai Image Manager
content-length: 562
content-type: image/webp
cache-control: private, no-transform, max-age=867063
expires: Fri, 16 Jun 2023 01:29:51 GMT
date: Tue, 06 Jun 2023 00:38:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1345111232_616x353.jpg
104.110.27.78 13 kB URL www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1345111232_616x353.jpg
IP 104.110.27.78:0
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 7d601c2b059838fc333feb0e3e020fe1
f57bc430ce2a2b0c146e8d573569367c6bf75bc3
dd412907ae375cbc6e9882290356cf22bc0c669ae33f831039e3b22168117810
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1345111232_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63cb7c53-e73f"
last-modified: Thu, 20 Apr 2023 01:30:29 GMT
server: Akamai Image Manager
content-length: 13330
content-type: image/avif
cache-control: private, no-transform, max-age=867076
expires: Fri, 16 Jun 2023 01:30:04 GMT
date: Tue, 06 Jun 2023 00:38:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
104.110.27.78 1.1 kB URL www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
IP 104.110.27.78:0
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 89a0759ff4f79071f11a1f90bffd9337
2d734cb1eda293788a673c1fae36b2c1d7e92bae
2223c16db671322ea90112c50128563ee80413e33769d718bd92b99da094712c
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "633eedd3-e69"
last-modified: Thu, 20 Apr 2023 01:30:30 GMT
server: Akamai Image Manager
content-length: 1131
content-type: image/avif
cache-control: private, no-transform, max-age=867039
expires: Fri, 16 Jun 2023 01:29:27 GMT
date: Tue, 06 Jun 2023 00:38:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_cash-stack_color-gradient_64x64.png
104.110.27.78 1.1 kB URL www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_cash-stack_color-gradient_64x64.png
IP 104.110.27.78:0
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 1be95b0b232926a8f3015e422dc7d26a
9d9c8a27b6a0a5fceaf3a36da19296e9822b4b2f
8351da32a7b86365880337290fee8d5d3c3bf9f6b0bdc7ae8c8991930c63dbae
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_cash-stack_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63617b6e-da1"
last-modified: Thu, 20 Apr 2023 01:30:33 GMT
server: Akamai Image Manager
content-length: 1083
content-type: image/avif
cache-control: private, no-transform, max-age=867122
expires: Fri, 16 Jun 2023 01:30:50 GMT
date: Tue, 06 Jun 2023 00:38:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
104.110.27.78200 OK 840 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 6ec98f68003e2c6714282b232614e8d1
2e159a3a6e6796d1cc201770ac015f96f905ef56
f9c237c7739705ea404e9682f13e557a1d984f2493f6f619bdfce44c9a71445d
GET /assets/images/rwd/Active-Cash-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-1d25"
last-modified: Thu, 20 Apr 2023 01:31:18 GMT
server: Akamai Image Manager
x-serial: 1153
x-check-cacheable: YES
content-length: 840
content-type: image/webp
cache-control: private, no-transform, max-age=867134
expires: Fri, 16 Jun 2023 01:31:02 GMT
date: Tue, 06 Jun 2023 00:38:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
104.110.27.78 962 B URL www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
IP 104.110.27.78:0
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 699a91c4d536a60f1a4bd48622194f70
91b303fbf65778043ddd2fe6f39f4798f207f320
8c456a47b3f97fa54853761f544146ab5b5277a11603a18f080947d76e31d54a
GET /assets/images/rwd/wf_autograph_card_79x50.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-81c"
last-modified: Thu, 20 Apr 2023 01:32:43 GMT
server: Akamai Image Manager
content-length: 962
content-type: image/avif
cache-control: private, no-transform, max-age=761911
expires: Wed, 14 Jun 2023 20:17:19 GMT
date: Tue, 06 Jun 2023 00:38:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_o_enjoysp300_1600x700.jpg
104.110.27.78 2.3 kB URL www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_o_enjoysp300_1600x700.jpg
IP 104.110.27.78:0
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 3ce78d6dc48322da6961f79a42940dab
528dce02a84b67925d3e41632eaa418f0de7ad23
a137906477e02c4e3a756f805d90072a0c2e5c0d50290f0932de573ab29de76f
GET /assets/images/contextual/responsive/lpromo/wfi_ph_o_enjoysp300_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "641a0e62-1da30"
last-modified: Thu, 20 Apr 2023 01:31:14 GMT
server: Akamai Image Manager
content-length: 2317
content-type: image/avif
cache-control: private, no-transform, max-age=717680
expires: Wed, 14 Jun 2023 08:00:08 GMT
date: Tue, 06 Jun 2023 00:38:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
104.110.27.78 712 B URL www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
IP 104.110.27.78:0
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 89489c444f1ee92b133eb97304e31020
62ea0737595301aabcda8a6dbe95184ba9a75558
e06b14ec84ac8651fc009b444e0560a78c1919f45df8106a9c14cd708d5b804e
GET /assets/images/rwd/Reflect-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-1c20"
last-modified: Thu, 20 Apr 2023 01:30:55 GMT
server: Akamai Image Manager
x-serial: 1166
x-check-cacheable: YES
content-length: 712
content-type: image/webp
cache-control: private, no-transform, max-age=866996
expires: Fri, 16 Jun 2023 01:28:44 GMT
date: Tue, 06 Jun 2023 00:38:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
104.110.27.78200 OK 1.1 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 21385ee55bb1e5a680bb48257446fb86
9639eb9d1c5805fa350013eaa2f11c08835459e0
cfcc50571ad947e067c5a0853534d3016eaaef2fd98ffdb9b0d4d3c1bdda0273
GET /assets/images/rwd/bilt_card_79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fc445-1be6"
last-modified: Thu, 20 Apr 2023 01:31:08 GMT
server: Akamai Image Manager
content-length: 1083
content-type: image/avif
cache-control: private, no-transform, max-age=867122
expires: Fri, 16 Jun 2023 01:30:50 GMT
date: Tue, 06 Jun 2023 00:38:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
104.110.27.78200 OK 1.7 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash e218a28576f6620622d48155284b5551
d189e371b0ce3dac93f0b9e660c426d932da9274
f990b81e77666bac79e3f1f9399b7763ca7eb64b1d70acea21cbe954413cc0c3
GET /assets/images/rwd/first_time_experience-account_summary.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "618287e9-14da"
last-modified: Thu, 20 Apr 2023 01:30:31 GMT
server: Akamai Image Manager
content-length: 1662
content-type: image/avif
cache-control: private, no-transform, max-age=866998
expires: Fri, 16 Jun 2023 01:28:46 GMT
date: Tue, 06 Jun 2023 00:38:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
104.110.27.78200 OK 7.4 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash c885a0955f4f35b25bceca71830f266d
4bbdc15de0149dee5e6feae4fb32a520a983a1ca
5c18c7230c1e013e39d16af91a84fdedd4a6cb5874e26729f0883978c4ba229e
GET /assets/images/rwd/Native_App_Phone_Personal_v8.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6328cc17-9829"
last-modified: Thu, 20 Apr 2023 01:39:11 GMT
server: Akamai Image Manager
x-serial: 7
x-check-cacheable: YES
content-length: 7363
content-type: image/avif
cache-control: private, no-transform, max-age=867279
expires: Fri, 16 Jun 2023 01:33:27 GMT
date: Tue, 06 Jun 2023 00:38:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
104.110.27.78200 OK 20 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 87490ccdfd428eee95e906fbce88432a
e1c384061e5aaf77bcf202341510db8cdc2ae350
936c825f599809216670e9444d31e555e587b6f9943a89681cfef3621c5b0843
GET /assets/images/rwd/volunteers_cars_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "618017dd-cd21"
last-modified: Thu, 20 Apr 2023 01:30:41 GMT
server: Akamai Image Manager
content-length: 19628
content-type: image/avif
cache-control: private, no-transform, max-age=867016
expires: Fri, 16 Jun 2023 01:29:04 GMT
date: Tue, 06 Jun 2023 00:38:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/women-in-greenhouse_616x353.png
104.110.27.78 31 kB URL www17.wellsfargomedia.com/assets/images/rwd/women-in-greenhouse_616x353.png
IP 104.110.27.78:0
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 6e75964fb01ae452f65c9fa41cd3326e
1a0909cc3f5290bb291f4d35abdc4df63767ef9e
417df9b440b214aa81b429a205291afb424c1ae8a3c9143dd22e17befaada5e2
GET /assets/images/rwd/women-in-greenhouse_616x353.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6410d4f7-b51b"
last-modified: Thu, 20 Apr 2023 01:30:32 GMT
server: Akamai Image Manager
x-serial: 1698
x-check-cacheable: YES
content-length: 30860
content-type: image/avif
cache-control: private, no-transform, max-age=866964
expires: Fri, 16 Jun 2023 01:28:12 GMT
date: Tue, 06 Jun 2023 00:38:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
104.110.27.78200 OK 831 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 026f5e731899c436dbbec268e870905a
160ed7b7fe9a30e81aae6f1136db6ce939113a7e
2a242450947c5c9d9496cd2d4acb67d50b269f5ce36070c3b98c4f88db3307db
GET /assets/images/homepage/position-2-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-cf3e"
last-modified: Thu, 20 Apr 2023 01:33:02 GMT
server: Akamai Image Manager
x-serial: 1447
x-check-cacheable: YES
content-length: 831
content-type: image/avif
cache-control: private, no-transform, max-age=867306
expires: Fri, 16 Jun 2023 01:33:54 GMT
date: Tue, 06 Jun 2023 00:38:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
104.110.27.78200 OK 463 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 4ba6a57b8c9f52ede1b958bd4b63700b
22a693eb43a2a76ab994782bc50cc262f986a240
c13a85df86fed8e3d77b952a59a1736743127f1422873b47b4d0a59092c62de2
GET /assets/images/homepage/position-1-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-9f2c"
last-modified: Thu, 20 Apr 2023 01:30:38 GMT
server: Akamai Image Manager
content-length: 463
content-type: image/avif
cache-control: private, no-transform, max-age=867118
expires: Fri, 16 Jun 2023 01:30:46 GMT
date: Tue, 06 Jun 2023 00:38:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
104.110.27.78 405 B URL www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
IP 104.110.27.78:0
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 08e3eec615bb3f7d07a95e1e79f96189
c05ef7184eedcb31aee442ad8c474ff306b1d473
89026cd6ac7b7314c1a5b075471d09a9b672ac011254541c9d2b521b90c6cb3e
GET /assets/images/homepage/position-3-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-7b35"
last-modified: Thu, 20 Apr 2023 01:33:39 GMT
server: Akamai Image Manager
content-length: 405
content-type: image/avif
cache-control: private, no-transform, max-age=867421
expires: Fri, 16 Jun 2023 01:35:49 GMT
date: Tue, 06 Jun 2023 00:38:48 GMT
X-Firefox-Spdy: h2
c1.wfinterface.com/tracking/gb/detector-dom.min.js
23.36.79.9200 OK 138 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/gb/detector-dom.min.js
IP 23.36.79.9:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65434)
Size 138 kB (138549 bytes)
Hash c71e354b6a3fbb7e60e42b5cd392761e
b0abcc1cda4144fb29550225f7c3dd0342d11fbf
c5efd80b0945674f1ffbb895395fb45f44b6030a3d2c6380b03202e667c51923
GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 28 Mar 2023 20:08:12 GMT
Vary: Accept-Encoding
ETag: W/"6423492c-7049c"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 138549
Date: Tue, 06 Jun 2023 00:38:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=zqQazsGYuqUB2YBTZ87t0w%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
163.171.132.220200 OK 175 B URL POST HTTP/1.1 www--wellsfargo--com--ye49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 4498a743559c10572308cb1d61287e9d
eff03cc2e849c4f706e6347fff65f35daffcba2e
3fcd7c7fb621e2a639f86a15bcbbf4ec4fb9613d433a4d7928172ba6e161a6c0
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Content-Type: multipart/form-data; boundary=---------------------------10444020913078550933541226917
Content-Length: 169
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=; ADRUM_BTa=R:27|g:680871cc-985a-41e4-8f30-dd062d55ef04|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:177; utag_main=v_id:01888e245e74002728716953908405046003700900918$_sn:1$_se:1$_ss:1$_st:1686013728181$ses_id:1686011928181%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4sVYBGy03F8Cmqkze%2FkfURW63c0gKdzX05jQ2I1KA%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:49 GMT
Content-Type: application/json
Content-Length: 175
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
x-envoy-decorator-operation: ingress DeviceCategoryPost4
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=SKgG8mMsWFkITkorkdPIG3u+AniAzOs7JJu7m6vV4e0%3d; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:49 GMT;Httponly; Secure
_abck=74C6C5A8F16DD898AB6E8A2F16BDB219~-1~YAAQlNAXAseeXXeIAQAAFmIkjgq/IKfThLNLyNxk3f8D3rY4kijmBoY8S1t21mPNSTiLPzZPH/4ymyeMmpl3QGZi0TjyZVGtdfFPM45pgyoL7qeI7nb8yHM3QJa84l5VRJCjeUVyqoffSxQw+6dUP0nDzj8Svl+yrQY4bMv+gF02S6IBPP6b9BN7goV2ggrp+ShGG91hENedVEulW5lKzd4ImJ1IHfT+orpdi+Esq51v4yL/fHq6NkHOw5D+SgNLUGySq+ZcFHtuK518gcTEVNmR0f6TnuevZxeRjG0YWoUI//4wqKTrp1WnmnipZhflUxKPCF2Jybvzd8s5lQN9Fiy6T7MGRODEoijKoGKJu4pSk4Zy4uw87yNgMVmW2G3G~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 05 Jun 2024 00:38:49 GMT; Max-Age=31536000; Secure
bm_sz=674A1718080A8994E541023FC5B00274~YAAQlNAXAsieXXeIAQAAFmIkjhTYfwSdHfek/7zzpfpbItnpDwfmwBLyuqaZmfX+KpuHY966Vj61qp/8N065RZd14LDAZH8I+OjSp03dzaw82UDhUFI0jrBH/2WmAFYftaHEi+w40L/Jtt7o8nQmzX4Q6/T4HPFk+ST0VVFCNnofpOVHK5AXQ6Sv+se6BZOPUXppeM621axoHa+msdhYFJd6NxiMmdCuzPujJ8ISk76MkCw+aDOtbtyxEEUWf86wZ2OKepXIK3so3sX/VjqFiEi8iSP7mtBg6f7gVyX7S9/1Ub73yK0p~4274502~3289412; Domain=.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 04:38:48 GMT; Max-Age=14399
X-Via: 1.1 kf175:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8018_kf175_11950-1209
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
23.36.79.26 14 kB URL static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP 23.36.79.26:0
ASN #20940 Akamai International B.V.
Certificate IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (32088), with CRLF line terminators
Hash 5f310e2e2a558d76b916e137aee73462
c7ff0190c9c2c414321211f3863e9e27f32b713e
385196f0fce7cea80c2c99d971780ecb73df9dea6e5b2d95d19df3aa849c7b1f
GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 14304
Date: Tue, 06 Jun 2023 00:38:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=UOtwNZiLcQItufs7CMRGzA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
23.36.79.34 571 B URL connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
IP 23.36.79.34:0
ASN #20940 Akamai International B.V.
Hash 6497c4493a39dde646c25ba77769bdff
a274bf8eeb1162704dffb48a94fa7984257d5bb0
87539e9903c436b134e3eedeb2fba22286fbca83cfd766afd62e6de9d10167aa
GET /accounts/static/7M/accounts/short/accounts-cache.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: W/"645c0402-497"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 571
Date: Tue, 06 Jun 2023 00:38:49 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=d31jLbyIdxl2dcvXjjrTD2Xhqz31hM0OYA6uWnLf2JCDIGxjwu7eYk7cki8dxqzp; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
23.36.79.9200 OK 45 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
IP 23.36.79.9:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Tue, 06 Jun 2023 00:38:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=iy9s42kxXIe+Q0KN9Ez9sw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
23.36.79.26 16 kB URL static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
IP 23.36.79.26:0
ASN #20940 Akamai International B.V.
Certificate IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (599)
Hash aeccb854b0a76aa9f478e466c8011b29
625d31cbeb8978cf2419f58d14bba92a42dbb45c
7f0d10bc282c3d7b0eb4d7527303490f8d3b86a1c65e293c2d9f0793006441e6
GET /assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 Mar 2021 23:46:24 GMT
Vary: Accept-Encoding
ETag: W/"60401fd0-bbed"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15970
Date: Tue, 06 Jun 2023 00:38:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=MPdj6j33foRnLP4qw52D5A%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/ooE2ErVEFFlcXBal2eBrNKeBYrg/Okw3DbXzJtuiEb/ZVpVQG8PAg/b1x7JF/18CjU
163.171.132.220201 Created 18 B URL POST HTTP/1.1 www--wellsfargo--com--ye49329d48d6c.wsipv6.com/ooE2ErVEFFlcXBal2eBrNKeBYrg/Okw3DbXzJtuiEb/ZVpVQG8PAg/b1x7JF/18CjU
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
POST /ooE2ErVEFFlcXBal2eBrNKeBYrg/Okw3DbXzJtuiEb/ZVpVQG8PAg/b1x7JF/18CjU HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2619
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=; ADRUM_BTa=R:27|g:680871cc-985a-41e4-8f30-dd062d55ef04|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:177; utag_main=v_id:01888e245e74002728716953908405046003700900918$_sn:1$_se:1$_ss:1$_st:1686013728181$ses_id:1686011928181%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4sVYBGy03F8Cmqkze%2FkfURW63c0gKdzX05jQ2I1KA%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C67978085572860839222969163420740134999%7CMCOPTOUT-1686019128s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 201 Created
Date: Tue, 06 Jun 2023 00:38:49 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=voLzwGF0UwvDIaSjavEXyg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=voLzwGF0UwvDIaSjavEXyg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=0F8FB69A08B2ECA768317C44732F5F96~-1~YAAQjtAXApEBE4uIAQAAS2MkjgqmJmIpvo2IpnFR9zHQMwuIHgB85/TjSsmvkjcO9CFUMJHKh2viUosoeeIg0KCxRzJva9IG0+KGvcrtV/n4w0bgputR9zkrMpS2WltVrPKnY9XBGHZTAW8zKXKC/fz25q4eCAJQ++gI0IxSGncrw2I4phcfjPnKNIO34RJYjfN5io6dvmuvbmmMkwYIKVg5jB5Yi9rRp9C+jOeM5a8ytB3oHpQt5Esc/Pgdgof13cSoQkl2azAd56keRj4CpBSV6XTD1Nz70174X1tyvCvpAUeMaJY8nBxEbViYAevJO1x+XNwCHopbddA84V1Gxn+zCNwwVWuD8rCYD1wI2gHN6NdoKDwPpwldgGNs0qFX~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 05 Jun 2024 00:38:49 GMT; Max-Age=31536000; Secure
bm_sz=608AA5AF27C07AF3872570BBF90FE13D~YAAQjtAXApIBE4uIAQAAS2MkjhSbYle2rbDBTsu3j222IfwIrHyCcZxZqzHM7p4HfiwAGnha7BbIQkLy4HC9V3nn6RcH5FK/tcT9JMjfSWBpPCXXVJEIDwt321qEhwXDMzYasACdGzrFTwZ8RgFcoxgK4QVwBBpVVx826+gUkAdAb6wkiHHRb8enRC/NDR0cnL6q/11R1Uucy2mnq739+6zYrv7g8L2u74+D1eGZypxBZRKXC+dYMBMGP/iTMyvBV1gurAZ0gkTh/bH3HgjagDEjR4dxWMVUByDzjc/CIvCXAvjxhApM~4474433~4403510; Domain=.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 04:38:49 GMT; Max-Age=14400
X-Via: 1.1 kf175:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8019_kf175_11950-1213
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.6f78b5133f378c92c1b9.chunk.css
23.36.79.34200 OK 24 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.6f78b5133f378c92c1b9.chunk.css
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 7761c210936c5ffbc16bf3a859c5c649
30b0294e872a612bbb44fef185397b20839a6a7f
5b306356aae0365e64f0f2aeb36e88aaebcfad3cede0791f87a2cd3d8fbbe9af
GET /accounts/static/7M/accounts/public/stylesheets/main.6f78b5133f378c92c1b9.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 23979
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-5dab"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Tue, 06 Jun 2023 00:38:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=ETv%2fjkWoPWulzDM%2f3jrbVg%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.df910294345cedd2922e.chunk.css
23.36.79.34200 OK 39 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.df910294345cedd2922e.chunk.css
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 1415f9572acbb3f9c9b735caa721379c
b028e1c6270ffbbeaaad4df08669a519dabef72c
38526f61faf9a7f3f0612e909fb6f786a7ffba9b899c4d37ee66a7f08dd8f69d
GET /accounts/static/7M/accounts/public/stylesheets/wfui.df910294345cedd2922e.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 39080
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-98a8"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Tue, 06 Jun 2023 00:38:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=6M7b81%2fopdlxlYift4nUCg%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928890&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
163.171.132.220 43 B URL www--wellsfargo--com--ye49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928890&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928890&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=; ADRUM_BTa=R:27|g:680871cc-985a-41e4-8f30-dd062d55ef04|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:177; utag_main=v_id:01888e245e74002728716953908405046003700900918$_sn:1$_se:2$_ss:0$_st:1686013728882$ses_id:1686011928181%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4sVYBGy03F8Cmqkze%2FkfURW63c0gKdzX05jQ2I1KA%3D%22%2C%22c%22%3A%22ZVJIRTRKTnZMcUZvZk1BQg%3D%3DgjftOmFwVy5zsrVU4ahxwy-lSkNpqHzhGMa-M5_RVHicxAr-R_TtcwyFxY7cgjfR2M2xjrTfIvbesWAoOWCaFifhKj4ZYMxg9Lw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2BSetG%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C67978085572860839222969163420740134999%7CMCOPTOUT-1686019128s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1; _cls_s=c68048ab-0183-420d-a156-d5abb177818b:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:49 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 05 Jun 2023 00:38:49 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=CjBd6avpOn92xQgeaeceTLSG%2fvPRNKm11ZCAZDT67KjQE6%2fEnEvUjROEge36fxVZ; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8019_kf175_11680-49736
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.132.220200 OK 967 B URL POST HTTP/1.1 www--wellsfargo--com--ye49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2437), with no line terminators
Hash cf96d4e7846890c02dede35125bc0fb7
d5681b8ed5cc8a49a6395a23dfe64adaf84f359d
4d502e3887679f057bc68053038f15b26560bdd496ef2911f76be642c6203bb7
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 264
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=; ADRUM_BTa=R:27|g:680871cc-985a-41e4-8f30-dd062d55ef04|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:177; utag_main=v_id:01888e245e74002728716953908405046003700900918$_sn:1$_se:2$_ss:0$_st:1686013728882$ses_id:1686011928181%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4sVYBGy03F8Cmqkze%2FkfURW63c0gKdzX05jQ2I1KA%3D%22%2C%22c%22%3A%22ZVJIRTRKTnZMcUZvZk1BQg%3D%3DgjftOmFwVy5zsrVU4ahxwy-lSkNpqHzhGMa-M5_RVHicxAr-R_TtcwyFxY7cgjfR2M2xjrTfIvbesWAoOWCaFifhKj4ZYMxg9Lw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2BSetG%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C67978085572860839222969163420740134999%7CMCOPTOUT-1686019128s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1; _cls_s=c68048ab-0183-420d-a156-d5abb177818b:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:49 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 967
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-7c992b2a-8907-4b30-b322-19bd19322593' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:680871cc-985a-41e4-8f30-dd062d55ef04|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:177; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:8201f301-5093-4883-b154-0f52d71e5b9c; Expires=Tue, 06 Jun 2023 00:39:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:8201f301-5093-4883-b154-0f52d71e5b9c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Tue, 06 Jun 2023 00:39:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Tue, 06 Jun 2023 00:39:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Tue, 06 Jun 2023 00:39:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:53; Expires=Tue, 06 Jun 2023 00:39:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=9001D2FC71389099015897039D8E3212; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Wed, 05 Jun 2024 00:38:49 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120230605173849937416493; domain=.wellsfargo.com; path=/; expires=3 Jun 2033 00:38:49 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!i3tpTTWzOdpQnqwMntjHYqEj2JIOPPYr7n5h9zWQ8v8Ejb5h50m8q18x3nzgvWnWrk1QYfHk7r97adQ=; path=/; Httponly; Secure
DCID=fYnHwMvvR3gnomCgQ75GHcG2ndDBxZ8rchfnj0yvNFqjMCNZ6+zPDb7cA6tp6y05; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:49 GMT;Httponly; Secure
_abck=65B0CD739F18F36EAC0FEFDE79D6D331~-1~YAAQlNAXAtWeXXeIAQAAQ2Qkjgrxgv12rLc6tEWLsc8qAoeslQm44fh/jYztW+TW9he6Ay73FDC8+6bAmsG8S14Xvjxvx/TbgCYGGcvS+rcajs4gwX/zaR7jRobdSHBNFTQ2WIsGTiETllhFWnykLkR6dIxjHzBop37HNQSjLxAz8qchFOE/lMSEnJYfy+7e4q5NdbVZia6G7sAS1afEAUJExD7azZD13F9oC6mPdb2xrSaA3KzDhxmluA1CyNmHsVKsmpDVBafZwKzgrW4DCHLvE2cvh9AAmtaFWLVnjcQQZLo7QdNYtSGuSxlrpAlfM5MAGdh6dn/7f/m+uKpNiKjnUEFsFrMDUzvnUunMZ1R/WXBgLWRZJR//IfMNSl0E~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 05 Jun 2024 00:38:49 GMT; Max-Age=31536000; Secure
bm_sz=580559422AF9C377BD756B9FB9D5AEA0~YAAQlNAXAtaeXXeIAQAAQ2QkjhS+A5AmWDwcztaptn1/3JszH3vyTSTQb3tAQd1M2+80GYyavfseqTschZFtHG7iYvoBTOoil3H6aGjxLwSjyvB8/ss2UYV7PRM7HM7gm3z83ItZgaO59JmMvAbosp2Wl108sMLq5KCsG/x9bxWTvNnJGwXja2/d8onX6Z/VW6e225WP1EKkfLySazSLqQhosrwMKyCouzL/Ng3+NZvYfwAYn0MJPBjZ8V52eLEdYhGI5qIaG1m9R13M3znEF2W7pWUU+7CkY8tme9YLReOa8gJ3wuvO~4474433~4403510; Domain=.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 04:38:49 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8019_kf175_11937-45659
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.0b407b6e491f76ce3813.js
23.36.79.34 3.8 kB URL connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.0b407b6e491f76ce3813.js
IP 23.36.79.34:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (7626), with no line terminators
Hash 376eecf5abc22210cbcec8dc18f21cf6
be2406fc2ef24c86c85eb04a9c36559ef1fa3d7b
a56f4f80c32f2fd3a8d47679dfd0456765d23a853a0f12c5bdf7e8bae4c65a20
GET /accounts/static/7M/accounts/public/js/runtime.0b407b6e491f76ce3813.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: W/"645c0402-1dca"
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Content-Encoding: gzip
Content-Length: 3788
Date: Tue, 06 Jun 2023 00:38:49 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=k%2ff8wh17xXK1%2f%2fQ8qlCK3x+xI2SuCGiRzPNL97ZhgYHU1cdmI%2f+g+l1W+FXWkevU; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
23.36.79.9200 OK 45 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
IP 23.36.79.9:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?t=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Tue, 06 Jun 2023 00:38:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=EoFN7cLOW4TxtLfRuEqfGg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
23.36.79.9 45 kB URL c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
IP 23.36.79.9:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Tue, 06 Jun 2023 00:38:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=dbQvNb+hYJOlUNbssKJ9Sw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928946&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--ye49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928946&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928946&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32 HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=; ADRUM_BTa=R:27|g:680871cc-985a-41e4-8f30-dd062d55ef04|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:177; utag_main=v_id:01888e245e74002728716953908405046003700900918$_sn:1$_se:2$_ss:0$_st:1686013728882$ses_id:1686011928181%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4sVYBGy03F8Cmqkze%2FkfURW63c0gKdzX05jQ2I1KA%3D%22%2C%22c%22%3A%22ZVJIRTRKTnZMcUZvZk1BQg%3D%3DgjftOmFwVy5zsrVU4ahxwy-lSkNpqHzhGMa-M5_RVHicxAr-R_TtcwyFxY7cgjfR2M2xjrTfIvbesWAoOWCaFifhKj4ZYMxg9Lw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2BSetG%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C67978085572860839222969163420740134999%7CMCOPTOUT-1686019128s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1; _cls_s=c68048ab-0183-420d-a156-d5abb177818b:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:49 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 05 Jun 2023 00:38:49 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=bhWCAId48cMmbGe6kFTJzt6OXuz74lGNIVuiRz9f3MjLQK9sDHVfrGfNXIW2bNaA; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8019_kf175_11727-60919
connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
23.36.79.34200 OK 150 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 150 kB (150351 bytes)
Hash f3736d1819d9aa501f188c6f416e02b5
4bd906a1ea9c8ba95e50b99fd9563bb3cf0ec4fd
492306e70a1116e7e3cc3611b409f76313ab0975a5e6c078227532817a284b07
GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Allow: GET, POST, OPTIONS
Access-Control-Allow-Methods: POST
X-Frame-Options: SAMEORIGIN
ETag: W/"645d3f60-1854"
Last-Modified: Thu, 11 May 2023 19:17:52 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Tue, 06 Jun 2023 00:38:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
WesdAksn=A_FhJI6IAQAApsg-kOdkdRArnXv3uh6oOAfIggb4D6UKyi-d4IETeCybFSpvAVtaKpqcuNk0wH8AADQwAAAAAA|1|0|0fa2f18577054fda250d6bd8d3b5be7f2a9abb74; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=MS88zgNHrTHn5BuEaiQOB9BK8WLtDBzAh9CkOXxaPuY%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928967&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
163.171.132.220 43 B URL www--wellsfargo--com--ye49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928967&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928967&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32 HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=; ADRUM_BTa=R:27|g:680871cc-985a-41e4-8f30-dd062d55ef04|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:177; utag_main=v_id:01888e245e74002728716953908405046003700900918$_sn:1$_se:2$_ss:0$_st:1686013728882$ses_id:1686011928181%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4sVYBGy03F8Cmqkze%2FkfURW63c0gKdzX05jQ2I1KA%3D%22%2C%22c%22%3A%22ZVJIRTRKTnZMcUZvZk1BQg%3D%3DgjftOmFwVy5zsrVU4ahxwy-lSkNpqHzhGMa-M5_RVHicxAr-R_TtcwyFxY7cgjfR2M2xjrTfIvbesWAoOWCaFifhKj4ZYMxg9Lw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2BSetG%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C67978085572860839222969163420740134999%7CMCOPTOUT-1686019128s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1; _cls_s=c68048ab-0183-420d-a156-d5abb177818b:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:49 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 05 Jun 2023 00:38:49 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=FiIP8+KZGJ1pA3j9ypGZv0o2FewwNLIcEnJi9tZ2sedSoYaKqw8PG8CceILQWFY7; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8019_kf175_11680-49740
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928972&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
163.171.132.220 43 B URL www--wellsfargo--com--ye49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928972&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928972&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8 HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=; ADRUM_BTa=R:27|g:680871cc-985a-41e4-8f30-dd062d55ef04|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:177; utag_main=v_id:01888e245e74002728716953908405046003700900918$_sn:1$_se:2$_ss:0$_st:1686013728882$ses_id:1686011928181%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4sVYBGy03F8Cmqkze%2FkfURW63c0gKdzX05jQ2I1KA%3D%22%2C%22c%22%3A%22ZVJIRTRKTnZMcUZvZk1BQg%3D%3DgjftOmFwVy5zsrVU4ahxwy-lSkNpqHzhGMa-M5_RVHicxAr-R_TtcwyFxY7cgjfR2M2xjrTfIvbesWAoOWCaFifhKj4ZYMxg9Lw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2BSetG%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C67978085572860839222969163420740134999%7CMCOPTOUT-1686019128s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1; _cls_s=c68048ab-0183-420d-a156-d5abb177818b:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:49 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 05 Jun 2023 00:38:49 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=DEXeVpGg4wMFqw+HdFfsIZxHDnW30EwIO4h7Boo+%2fp12DT8P%2fK4mvWLMcDxscscj; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8019_kf175_11937-45662
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.132.220200 OK 973 B URL POST HTTP/1.1 www--wellsfargo--com--ye49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2441), with no line terminators
Hash 2f95a6d8166721d9fdd412e14d2b55b9
20d9529bfc35f25e09918a0458b581d766a6f2a2
542097d6dfcb1cc9cf043291494c94eb4e62e3795f974ccb06ba035fe63d8c4e
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 266
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=; ADRUM_BTa=R:27|g:680871cc-985a-41e4-8f30-dd062d55ef04|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:177; utag_main=v_id:01888e245e74002728716953908405046003700900918$_sn:1$_se:2$_ss:0$_st:1686013728882$ses_id:1686011928181%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4sVYBGy03F8Cmqkze%2FkfURW63c0gKdzX05jQ2I1KA%3D%22%2C%22c%22%3A%22ZVJIRTRKTnZMcUZvZk1BQg%3D%3DgjftOmFwVy5zsrVU4ahxwy-lSkNpqHzhGMa-M5_RVHicxAr-R_TtcwyFxY7cgjfR2M2xjrTfIvbesWAoOWCaFifhKj4ZYMxg9Lw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2BSetG%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C67978085572860839222969163420740134999%7CMCOPTOUT-1686019128s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1; _cls_s=c68048ab-0183-420d-a156-d5abb177818b:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:49 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 973
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-4c703817-ddb4-458a-abe0-f908f7f2645c' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:680871cc-985a-41e4-8f30-dd062d55ef04|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:177; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:aa7a7eb7-c8a3-4611-b84c-91005baa3684; Expires=Tue, 06 Jun 2023 00:39:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:aa7a7eb7-c8a3-4611-b84c-91005baa3684|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Tue, 06 Jun 2023 00:39:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Tue, 06 Jun 2023 00:39:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Tue, 06 Jun 2023 00:39:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:61; Expires=Tue, 06 Jun 2023 00:39:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=C74727F87E5119DAE38C89633059A3B9; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Wed, 05 Jun 2024 00:38:49 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202306051738491978482408; domain=.wellsfargo.com; path=/; expires=3 Jun 2033 00:38:49 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!HTKvr9ARx0MLy5Hz2xKqB3cO2dndHuvnC8wj1i1OYC3Ep9mAOl6h4FHy+3zTNT9p0Bl3eaZ2fTqnXno=; path=/; Httponly; Secure
DCID=6cxCD+C0Ag0zorC8066BIekt83QCMsTQebrqmEEtB5USSwyYGq0Fm2VX+JMnOwz2; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:49 GMT;Httponly; Secure
_abck=E5D251B559374C69D672081C94DECB2A~-1~YAAQjtAXAqABE4uIAQAAVWUkjgpqbXsRVv4So+uIeZf5GspSjx2Lp75i8CDi1vadM4G4QVZyDvHFOUc+YdYC8pqD4h3Txfus+cJngtW3gl1LINVjjxOHsiA7C8ykwirG2AXx17Q2sbKaF9fXzWxRuG1+C/VqEcsct+EOQcRE7F6eGkEx+dEZwImITpSuMZTva5GC/IfBUvghRA2Khgr0Hn4oZEPrAPqEFJgrQmECaYqTPSIjNyGClZyxHvBcEkWLZyZfP1FjH7veBxQDZkjZ9V4HrgGl32k/nPeP8D04dJxPlm+w8Prf3z5VrdsYWwdM5KbZ4x/bXYd6J28HW2q9vK7e3LfuPVjKoyt+sq9+/KO2bUKGiU3hN1r/NISDOBF+~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 05 Jun 2024 00:38:49 GMT; Max-Age=31536000; Secure
bm_sz=EF98F8AA9F4DD4DACC4435B817E59350~YAAQjtAXAqEBE4uIAQAAVWUkjhRUY1tr5hrlQYSRl+4GdhOK3sKWtXoTXTf9AAU2AbCB/5MpFS178Qaqb9dzIUYzzBEm2x7llwoY1UPsHAFDb54toZyICLV1//bhL8iTZ9CTOBnTAbvP7yfi+2lu2cWB1tIp4fEbxcklp+CR6RFvsiSFN7y/Fj1vxRVocKEfnIJCgcjCp7WIe02BjbnWwzx5Mxkp7GJlEB4mR95otB9pKZh0xygcF5aRhTeG/oCT1hLImBBiEHZerpwEXLu1CDLLjF0gKtELFVBhit3WwHP0JFkW24qa~4474433~4403510; Domain=.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 04:38:49 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8019_kf175_11950-1217
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.132.220200 OK 967 B URL POST HTTP/1.1 www--wellsfargo--com--ye49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2436), with no line terminators
Hash 3bb3a83c5acbd7bb671d613cf433c59f
c1e55989786dd5970f829a4a8e98fd482dc1c2b2
5cd183a5633a3f7938d215492f5fc632a08b1536e08b84ef8cff538a03494853
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 262
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=; ADRUM_BTa=R:27|g:680871cc-985a-41e4-8f30-dd062d55ef04|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:177; utag_main=v_id:01888e245e74002728716953908405046003700900918$_sn:1$_se:2$_ss:0$_st:1686013728882$ses_id:1686011928181%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4sVYBGy03F8Cmqkze%2FkfURW63c0gKdzX05jQ2I1KA%3D%22%2C%22c%22%3A%22ZVJIRTRKTnZMcUZvZk1BQg%3D%3DgjftOmFwVy5zsrVU4ahxwy-lSkNpqHzhGMa-M5_RVHicxAr-R_TtcwyFxY7cgjfR2M2xjrTfIvbesWAoOWCaFifhKj4ZYMxg9Lw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2BSetG%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C67978085572860839222969163420740134999%7CMCOPTOUT-1686019128s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1; _cls_s=c68048ab-0183-420d-a156-d5abb177818b:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:49 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 967
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-f9a71bbd-c652-4852-a71c-29699b57ae51' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:680871cc-985a-41e4-8f30-dd062d55ef04|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:177; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:6554ac41-6463-4233-9933-6dd94c6a24eb; Expires=Tue, 06 Jun 2023 00:39:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:6554ac41-6463-4233-9933-6dd94c6a24eb|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Tue, 06 Jun 2023 00:39:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Tue, 06 Jun 2023 00:39:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Tue, 06 Jun 2023 00:39:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:20; Expires=Tue, 06 Jun 2023 00:39:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=1E80810B0B855521B02778F4A8D115FC; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Wed, 05 Jun 2024 00:38:49 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202306051738491439536142; domain=.wellsfargo.com; path=/; expires=3 Jun 2033 00:38:49 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!GpqXhcSTRHbp0DMGl7IZxfIs0wroUc4E5+TfAKV5qdFqBWpvmn7hfhCyrtXaphScD1aC04vFcq1cOS8=; path=/; Httponly; Secure
DCID=FXgEsWgH6M2AllGy2aE3zBP0rrlcHVxu%2fwtDK9vyVFU%3d; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:49 GMT;Httponly; Secure
_abck=F00F14D9A93E1F60BEE4AE040961E28F~-1~YAAQlNAXAuGeXXeIAQAAXGUkjgr4kOeKeSXj5tX7/HhE+v/SYTmPkI//l/IoE1WWAOP+fSOR6eDglH6iC3Ixm/gT0hnzUW4EqbJ4XY1rsvgJTGKjEBSDnWPLWkbjd9DsLy3rWirQ5gzrztj0UEd3pQGLJs7k4m/MqZVNgtFuEtCF5+zZZOK9T8ZFb6TwYMr/87gCMMWyPKeyecsVYgBxFh/NTzWO5C+By47vc839UdCzbUkmF0w36U/ykeMZhNcOxzD+uLGGJ/QTe3ae9ih57L/E6u2NTveIAC/1dRzaIVgBu8G4t33q9THdNHJA0AMeUYFKMO0qYa3Bk9nsoNX0Porsrgbq+4ZW2PYXHHb87j+37rIT/VP1XFTePpEigX7P~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 05 Jun 2024 00:38:49 GMT; Max-Age=31536000; Secure
bm_sz=C63BCB8350A0895EDF5503CB6EC83DBB~YAAQlNAXAuKeXXeIAQAAXGUkjhQ/pLv3dUh2MxVWaVmohcvjbX4EmaqDHCSr4XRpF+TP3b3507vyfkuXtJVz7PGfbGyPc90c6RMAx8NLs+X1G/BCTLI+M/M0p9gMF/oAsEjsTJhD1Bpni4QibhZRGEVgk62vs65NlEqq3uF7kYQN+J0sBnI689icJ/RF4hsJfd32ZjpA1IvFT1ygravBaWQi8LBphkcgujHQBzRapXRWM6MZU2lefubh44SPtJJ2hhAgNUJ4DTouEt8KEP4T9qUfGulS14vdfa3D3kpFJNPzwvhxfMIx~4474433~4403510; Domain=.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 04:38:49 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8019_kf175_12005-18116
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=c68048ab-0183-420d-a156-d5abb177818b%3A0&_cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1&pv=2&f_cls_s=true
23.36.79.9 1.1 kB URL rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=c68048ab-0183-420d-a156-d5abb177818b%3A0&_cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1&pv=2&f_cls_s=true
IP 23.36.79.9:0
ASN #20940 Akamai International B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (4589), with no line terminators
Hash 25c9eb7e7b7f8c67dee2bfd2a03069d1
0a2cb109f3c870b8f31dd77aea1da08113479fd0
8fd66f372c7695399ea9922f81c672cf88b8f6380ae3a474b92074bb4a8324e2
GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=c68048ab-0183-420d-a156-d5abb177818b%3A0&_cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1145
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Tue, 06 Jun 2023 00:38:49 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=32a3f9ce; Secure; SameSite=None;HttpOnly;Secure
_cls_s=c68048ab-0183-420d-a156-d5abb177818b:0; Secure; SameSite=None;HttpOnly;Secure
_cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!gT6F8RGZa24TJ/Mq/D2JHXmrrcNtC19yChu7166t3vgikehuksi54IeODsie/2FAAGKJxdDV8szWKg==; path=/; Httponly; Secure
DCID=SULjME9wicyEMJnFI8d6P6mvUgnE+CobGTbc5G1IK%2ftg1BWY8yYS0SyHsJIS%2fCsi; Domain=rubicon.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
23.36.79.9 45 kB URL c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
IP 23.36.79.9:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?t=AW-984436569 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Tue, 06 Jun 2023 00:38:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=yFJsW1lwl2nN4bIEgR4gIA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/ga.js
23.36.79.9 20 kB URL c1.wfinterface.com/tracking/ga/ga.js
IP 23.36.79.9:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (49163)
Hash 8402e9ebdf9290c018b0617018227681
2d840fcd6c3008d9aca747ba0ce056b496db8e1b
0b2af045acafbdf14516bf55f310568036ace959946d16edb1acebcd58029d22
GET /tracking/ga/ga.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-c025"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 19477
Date: Tue, 06 Jun 2023 00:38:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=6hyVHUDLCKKjS0SbzOE+zg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928977&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-264163-16%7Etcm%3A91-223657-32
163.171.132.220 43 B URL www--wellsfargo--com--ye49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928977&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-264163-16%7Etcm%3A91-223657-32
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928977&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-264163-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=; ADRUM_BTa=R:27|g:680871cc-985a-41e4-8f30-dd062d55ef04|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:177; utag_main=v_id:01888e245e74002728716953908405046003700900918$_sn:1$_se:2$_ss:0$_st:1686013728882$ses_id:1686011928181%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4sVYBGy03F8Cmqkze%2FkfURW63c0gKdzX05jQ2I1KA%3D%22%2C%22c%22%3A%22ZVJIRTRKTnZMcUZvZk1BQg%3D%3DgjftOmFwVy5zsrVU4ahxwy-lSkNpqHzhGMa-M5_RVHicxAr-R_TtcwyFxY7cgjfR2M2xjrTfIvbesWAoOWCaFifhKj4ZYMxg9Lw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2BSetG%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C67978085572860839222969163420740134999%7CMCOPTOUT-1686019128s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1; _cls_s=c68048ab-0183-420d-a156-d5abb177818b:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:49 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 05 Jun 2023 00:38:49 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=bfgqJOZxbjSV1UpEbKR+bdpZU6p1tk7Dh2EKMFaJ1%2fZzQnltLUSy7YU7wFJsIsvd; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8019_kf175_11727-60924
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.132.220200 OK 967 B URL POST HTTP/1.1 www--wellsfargo--com--ye49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2437), with no line terminators
Hash b8bcd39b318eacd3b3c70de2f3a54225
be7f38ccfec9c82846dd80606ebc106a7745f424
eeb5136463dca87b03934cae1dc923644a1a1bb7115d1204f96d1ec93f646928
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 264
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=; ADRUM_BTa=R:27|g:680871cc-985a-41e4-8f30-dd062d55ef04|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:177; utag_main=v_id:01888e245e74002728716953908405046003700900918$_sn:1$_se:2$_ss:0$_st:1686013728882$ses_id:1686011928181%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4sVYBGy03F8Cmqkze%2FkfURW63c0gKdzX05jQ2I1KA%3D%22%2C%22c%22%3A%22ZVJIRTRKTnZMcUZvZk1BQg%3D%3DgjftOmFwVy5zsrVU4ahxwy-lSkNpqHzhGMa-M5_RVHicxAr-R_TtcwyFxY7cgjfR2M2xjrTfIvbesWAoOWCaFifhKj4ZYMxg9Lw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2BSetG%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C67978085572860839222969163420740134999%7CMCOPTOUT-1686019128s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1; _cls_s=c68048ab-0183-420d-a156-d5abb177818b:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:50 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 967
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-d3c12852-3503-4228-9798-9b260a932e1d' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:680871cc-985a-41e4-8f30-dd062d55ef04|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:177; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:5fb22f49-b972-41ba-9c96-199acd10e72e; Expires=Tue, 06 Jun 2023 00:39:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:5fb22f49-b972-41ba-9c96-199acd10e72e|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Tue, 06 Jun 2023 00:39:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Tue, 06 Jun 2023 00:39:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Tue, 06 Jun 2023 00:39:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:62; Expires=Tue, 06 Jun 2023 00:39:19 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=8DA6639617FD2795702EACCAA7A07008; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Wed, 05 Jun 2024 00:38:49 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120230605173849104323360; domain=.wellsfargo.com; path=/; expires=3 Jun 2033 00:38:49 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!2Co9BgWE7T7WLeDz2xKqB3cO2dndHr+MnH3DF8Jlli9J+6GuiGmOJqO16tdSbBMZOmE+G/0AxnKIQt8=; path=/; Httponly; Secure
DCID=k23Hf7fGHUMx9aAQX09f7a2oTOrol2vdGtzkjUe55ZMFLIbiy7qy1aNX7VYuI%2f0s; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:49 GMT;Httponly; Secure
_abck=C1D591BF51064AB7957E886DF4B78727~-1~YAAQjtAXAqkBE4uIAQAAoGUkjgrZhxqW1/n0nBKUMTCxLNBo96Kqdg8a2WqBDins2Fbg14KLvERiBgvMF5UKnBX2lnEzjqg6+pHvCHguWxsK2DAGqb8PvcCbKGlxw+ZMrmoGTsISGnDhpVLFamtj4/Gx9719boZgDfQETFScHMOquVT/dQLctwgXalQPNAY+PI5HwQuaC8+Pt5pGIddve3yu5BwqTfim/NOoankV3Kl8i45gdjfWlFeF+EWtLCEqo6Frt/rgcqIwMYOqyv5sAJD7gehTL4RwUE2xzs/1yL3zV7nkmaU26NaLOmf5PVs/Qn9mdIfxVH/OuFf8gIsc/jTzN0XEPeELi60hOJ/PLhhbGuO8VfNJ6++HRq1fqQYf~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 05 Jun 2024 00:38:50 GMT; Max-Age=31536000; Secure
bm_sz=FA26EB0D8A8AB6A6F9024C8058C46061~YAAQjtAXAqoBE4uIAQAAoGUkjhTWEe18Ig5703cnjUAaIu1SWjTdhRiViwSVK60xWaikxvHGPRk8hDIN1PNCX4QniXO9b1FUl/tMlwBhiPEEnXte4RmYQIfX139YxqKI5UtDVtomgfWoVenl1hX7mARIPeD2aYz+Jfaawj9vF6qSfVxXqLHWbuGUTzPBSBHEKkNBdgTvxYZAMz20RUmp9oCk/7dnPlR9Ket/RKuXuy4OByCJukP8ZQ1x1UIxTYEVAi3jYse2gsEqApTZWlgnN9DDcYwq05HEAhwgnzBhwRVfplaq1+hA~4474433~4403510; Domain=.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 04:38:49 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8019_kf175_11950-1215
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928982&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_sav_savingsprospectrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-264163-16%7Etcm%3A91-223657-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--ye49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928982&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_sav_savingsprospectrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-264163-16%7Etcm%3A91-223657-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928982&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_sav_savingsprospectrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-264163-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=; ADRUM_BTa=R:27|g:680871cc-985a-41e4-8f30-dd062d55ef04|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:177; utag_main=v_id:01888e245e74002728716953908405046003700900918$_sn:1$_se:2$_ss:0$_st:1686013728882$ses_id:1686011928181%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4sVYBGy03F8Cmqkze%2FkfURW63c0gKdzX05jQ2I1KA%3D%22%2C%22c%22%3A%22ZVJIRTRKTnZMcUZvZk1BQg%3D%3DgjftOmFwVy5zsrVU4ahxwy-lSkNpqHzhGMa-M5_RVHicxAr-R_TtcwyFxY7cgjfR2M2xjrTfIvbesWAoOWCaFifhKj4ZYMxg9Lw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2BSetG%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C67978085572860839222969163420740134999%7CMCOPTOUT-1686019128s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1; _cls_s=c68048ab-0183-420d-a156-d5abb177818b:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 05 Jun 2023 00:38:49 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=rXOOp19LTqHVDUVtYNQcAWOEFy5M59Ld0b%2fAdvzcuRG9ddqCdVZn93gKHdXVlmPo; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8019_kf175_11680-49741
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928986&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32
163.171.132.220 43 B URL www--wellsfargo--com--ye49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928986&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928986&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=; ADRUM_BTa=R:27|g:680871cc-985a-41e4-8f30-dd062d55ef04|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:177; utag_main=v_id:01888e245e74002728716953908405046003700900918$_sn:1$_se:2$_ss:0$_st:1686013728882$ses_id:1686011928181%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4sVYBGy03F8Cmqkze%2FkfURW63c0gKdzX05jQ2I1KA%3D%22%2C%22c%22%3A%22ZVJIRTRKTnZMcUZvZk1BQg%3D%3DgjftOmFwVy5zsrVU4ahxwy-lSkNpqHzhGMa-M5_RVHicxAr-R_TtcwyFxY7cgjfR2M2xjrTfIvbesWAoOWCaFifhKj4ZYMxg9Lw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2BSetG%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C67978085572860839222969163420740134999%7CMCOPTOUT-1686019128s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1; _cls_s=c68048ab-0183-420d-a156-d5abb177818b:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 05 Jun 2023 00:38:50 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=qRb0%2ff9M4zMWyAhePJCVuNFIpwahvTfC04PHdLoX67VJo3feWQI6o6XbQaztc9pX; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8019_kf175_11937-45666
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011929002&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_chk_digitalcashbonusrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32&promoSlot=2
163.171.132.220 43 B URL www--wellsfargo--com--ye49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011929002&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_chk_digitalcashbonusrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32&promoSlot=2
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011929002&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_chk_digitalcashbonusrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32&promoSlot=2 HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=; ADRUM_BTa=R:27|g:680871cc-985a-41e4-8f30-dd062d55ef04|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:177; utag_main=v_id:01888e245e74002728716953908405046003700900918$_sn:1$_se:2$_ss:0$_st:1686013728882$ses_id:1686011928181%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4sVYBGy03F8Cmqkze%2FkfURW63c0gKdzX05jQ2I1KA%3D%22%2C%22c%22%3A%22ZVJIRTRKTnZMcUZvZk1BQg%3D%3DgjftOmFwVy5zsrVU4ahxwy-lSkNpqHzhGMa-M5_RVHicxAr-R_TtcwyFxY7cgjfR2M2xjrTfIvbesWAoOWCaFifhKj4ZYMxg9Lw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2BSetG%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C67978085572860839222969163420740134999%7CMCOPTOUT-1686019128s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1; _cls_s=c68048ab-0183-420d-a156-d5abb177818b:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 05 Jun 2023 00:38:50 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=v3ioDj5qmfdTMiL9ZI8eBhuv0iUxpw2ABFqt3u7kslaGZ7PAVjQ2M9jUsTIJ9nfs; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e801a_kf175_11727-60928
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928995&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--ye49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928995&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928995&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=; ADRUM_BTa=R:27|g:680871cc-985a-41e4-8f30-dd062d55ef04|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:177; utag_main=v_id:01888e245e74002728716953908405046003700900918$_sn:1$_se:2$_ss:0$_st:1686013728882$ses_id:1686011928181%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4sVYBGy03F8Cmqkze%2FkfURW63c0gKdzX05jQ2I1KA%3D%22%2C%22c%22%3A%22ZVJIRTRKTnZMcUZvZk1BQg%3D%3DgjftOmFwVy5zsrVU4ahxwy-lSkNpqHzhGMa-M5_RVHicxAr-R_TtcwyFxY7cgjfR2M2xjrTfIvbesWAoOWCaFifhKj4ZYMxg9Lw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2BSetG%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C67978085572860839222969163420740134999%7CMCOPTOUT-1686019128s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1; _cls_s=c68048ab-0183-420d-a156-d5abb177818b:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 05 Jun 2023 00:38:50 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=Er%2fQk1VSHHpfsl1umedhWEEmoE2FS++apvULX3lrYsBAY4UD70yCreOqftHoxHao; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8019_kf175_12005-18125
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011929006&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--ye49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011929006&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011929006&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=; ADRUM_BTa=R:27|g:680871cc-985a-41e4-8f30-dd062d55ef04|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:177; utag_main=v_id:01888e245e74002728716953908405046003700900918$_sn:1$_se:2$_ss:0$_st:1686013728882$ses_id:1686011928181%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4sVYBGy03F8Cmqkze%2FkfURW63c0gKdzX05jQ2I1KA%3D%22%2C%22c%22%3A%22ZVJIRTRKTnZMcUZvZk1BQg%3D%3DgjftOmFwVy5zsrVU4ahxwy-lSkNpqHzhGMa-M5_RVHicxAr-R_TtcwyFxY7cgjfR2M2xjrTfIvbesWAoOWCaFifhKj4ZYMxg9Lw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2BSetG%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C67978085572860839222969163420740134999%7CMCOPTOUT-1686019128s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1; _cls_s=c68048ab-0183-420d-a156-d5abb177818b:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 05 Jun 2023 00:38:50 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=X1FAf2hLl9B43UPk1jF5w5I5wT+H+LhbNvGN5D2bmjFNQIhewoQuGIvJHPKOBITq; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e801a_kf175_11950-1226
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011929009&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3
163.171.132.220 43 B URL www--wellsfargo--com--ye49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011929009&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011929009&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3 HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=; ADRUM_BTa=R:27|g:680871cc-985a-41e4-8f30-dd062d55ef04|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:177; utag_main=v_id:01888e245e74002728716953908405046003700900918$_sn:1$_se:2$_ss:0$_st:1686013728882$ses_id:1686011928181%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4sVYBGy03F8Cmqkze%2FkfURW63c0gKdzX05jQ2I1KA%3D%22%2C%22c%22%3A%22ZVJIRTRKTnZMcUZvZk1BQg%3D%3DgjftOmFwVy5zsrVU4ahxwy-lSkNpqHzhGMa-M5_RVHicxAr-R_TtcwyFxY7cgjfR2M2xjrTfIvbesWAoOWCaFifhKj4ZYMxg9Lw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2BSetG%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C67978085572860839222969163420740134999%7CMCOPTOUT-1686019128s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1; _cls_s=c68048ab-0183-420d-a156-d5abb177818b:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 05 Jun 2023 00:38:50 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=EmOs4OEkYsOtPXMABYpTnwWk9CRNouEh2Qx3COkdlQAOgSS3ABxA49FUefAFxALk; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e801a_kf175_11680-49746
connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
23.36.79.34200 OK 607 B URL GET HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with CRLF line terminators
Hash 566dda94252f1860a7a28665c715b530
6aa0455dc8ea41441b1f3a733985758dc40af736
43dd833f33570535401d009e6b6f9cde54bdac4e210fc6c89cfdcfcbaa9fc903
GET /auth/static/prefs/atadun.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 11 May 2023 19:12:37 GMT
Vary: Accept-Encoding
ETag: W/"645d3e25-4a0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Content-Encoding: gzip
Content-Length: 607
Date: Tue, 06 Jun 2023 00:38:50 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=oCf3599HW71Ml+Umt8k8BOxV+GzGDVAA+YAjxRYXMHlW5lxtskxpsV2QoYG%2fa%2fgR; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928991&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=1
163.171.132.220 43 B URL www--wellsfargo--com--ye49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928991&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=1
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011928991&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=1 HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=; ADRUM_BTa=R:27|g:680871cc-985a-41e4-8f30-dd062d55ef04|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:177; utag_main=v_id:01888e245e74002728716953908405046003700900918$_sn:1$_se:2$_ss:0$_st:1686013728882$ses_id:1686011928181%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4sVYBGy03F8Cmqkze%2FkfURW63c0gKdzX05jQ2I1KA%3D%22%2C%22c%22%3A%22ZVJIRTRKTnZMcUZvZk1BQg%3D%3DgjftOmFwVy5zsrVU4ahxwy-lSkNpqHzhGMa-M5_RVHicxAr-R_TtcwyFxY7cgjfR2M2xjrTfIvbesWAoOWCaFifhKj4ZYMxg9Lw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2BSetG%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C67978085572860839222969163420740134999%7CMCOPTOUT-1686019128s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1; _cls_s=c68048ab-0183-420d-a156-d5abb177818b:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 05 Jun 2023 00:38:50 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=OviAYXax08grGSYKFaEtn3ctDLxtuTJw3P%2ftpWSIJ0vbUgwp+t8mrdna71Rsl+uc; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8019_kf175_11950-1224
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011929013&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
163.171.132.220 43 B URL www--wellsfargo--com--ye49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011929013&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
IP 163.171.132.220:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F&cb=1686011929013&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32 HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=; ADRUM_BTa=R:27|g:680871cc-985a-41e4-8f30-dd062d55ef04|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:177; utag_main=v_id:01888e245e74002728716953908405046003700900918$_sn:1$_se:2$_ss:0$_st:1686013728882$ses_id:1686011928181%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4sVYBGy03F8Cmqkze%2FkfURW63c0gKdzX05jQ2I1KA%3D%22%2C%22c%22%3A%22ZVJIRTRKTnZMcUZvZk1BQg%3D%3DgjftOmFwVy5zsrVU4ahxwy-lSkNpqHzhGMa-M5_RVHicxAr-R_TtcwyFxY7cgjfR2M2xjrTfIvbesWAoOWCaFifhKj4ZYMxg9Lw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2BSetG%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C67978085572860839222969163420740134999%7CMCOPTOUT-1686019128s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1; _cls_s=c68048ab-0183-420d-a156-d5abb177818b:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Mon, 05 Jun 2023 00:38:50 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=NyK9Hxd8hufit3dsbYZCZo7ug41B9w64M1B3oip1N1FnNgdahaP6xplVFsPiEYVt; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e801a_kf175_11937-45672
c1.wfinterface.com/tracking/ga/ga_conversion_async.js
23.36.79.9 14 kB URL c1.wfinterface.com/tracking/ga/ga_conversion_async.js
IP 23.36.79.9:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (35846)
Hash 0a40602db7616a31c9da4548ee920190
878e01cb0c90cb247aabc137327655a6fcffcbd5
6c771bd1c269646a76015f2f6410a40c031e5adea88f665bfe9ae15a972ab6ab
GET /tracking/ga/ga_conversion_async.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-8c31"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 13593
Date: Tue, 06 Jun 2023 00:38:50 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=RRAdGn1kkhltJQNZvu8g6A%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/ec.js
23.36.79.9200 OK 1.3 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/ec.js
IP 23.36.79.9:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (2771)
Hash 0ae62a83927125e9b9dfa97f89af9d3f
efb68f49f2b9b6b5567bf26a17015ede289e429d
618688d9849fef712931832c71e01be145d1791d6da917a702ab86a74ce66089
GET /tracking/ga/ec.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-aed"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1313
Date: Tue, 06 Jun 2023 00:38:50 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=4xfIq2TjkV+j03KXIesxLQ%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=c68048ab-0183-420d-a156-d5abb177818b:0&_cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1&pid=bb70ad73-ed6a-482a-a524-51472c088985&sn=1&cfg&pv=2&aid=
23.36.79.9200 OK 1.1 kB URL POST HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=c68048ab-0183-420d-a156-d5abb177818b:0&_cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1&pid=bb70ad73-ed6a-482a-a524-51472c088985&sn=1&cfg&pv=2&aid=
IP 23.36.79.9:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (4589), with no line terminators
Hash 25c9eb7e7b7f8c67dee2bfd2a03069d1
0a2cb109f3c870b8f31dd77aea1da08113479fd0
8fd66f372c7695399ea9922f81c672cf88b8f6380ae3a474b92074bb4a8324e2
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=c68048ab-0183-420d-a156-d5abb177818b:0&_cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1&pid=bb70ad73-ed6a-482a-a524-51472c088985&sn=1&cfg&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 12301
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=32a3f9ce; _cls_s=c68048ab-0183-420d-a156-d5abb177818b:0; _cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1145
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Tue, 06 Jun 2023 00:38:50 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=32a3f9ce; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!Z5vJqL6x8d5eO/Iq/D2JHXmrrcNtCw0LPeUOe9xKeTVidNcOYWpOl1DlsuFD7JU7EG3sbTBioCMN/g==; path=/; Httponly; Secure
DCID=SW+mnkloFHoJ6U51mbZyAAbxSIipmj+AMtUcOF55OP8wC8gSTPJi%2fgqPkLulgKBS; Domain=rubicon.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ort.wellsfargo.com/securereporting/reporting/v1/csp
23.36.79.25 0 B URL ort.wellsfargo.com/securereporting/reporting/v1/csp
IP 23.36.79.25:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /securereporting/reporting/v1/csp HTTP/1.1
Host: ort.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 3398
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Length: 0
X-Vcap-Request-Id: a612f935-5fc4-4124-776a-2b564316c1e3
X-Xss-Protection: 1; mode=block
Date: Tue, 06 Jun 2023 00:38:50 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:0|g:ca4c2368-a7bf-4967-bb12-a720e137f24c; Max-Age=30; Expires=Tue, 06 Jun 2023 00:39:20 GMT; Path=/; Secure
ADRUM_BTa=R:0|g:ca4c2368-a7bf-4967-bb12-a720e137f24c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Max-Age=30; Expires=Tue, 06 Jun 2023 00:39:20 GMT; Path=/; Secure
SameSite=None; Max-Age=30; Expires=Tue, 06 Jun 2023 00:39:20 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766; Max-Age=30; Expires=Tue, 06 Jun 2023 00:39:20 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:2; Max-Age=30; Expires=Tue, 06 Jun 2023 00:39:20 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:2|d:4; Max-Age=30; Expires=Tue, 06 Jun 2023 00:39:20 GMT; Path=/; Secure
DCID=rav7xS2GkBAGsdoeEx0jNXQVr%2fX47itbkNEzU02VTDs%3d; Domain=ort.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:50 GMT;Httponly; Secure
_abck=21CC4AE1562D4AB402192FA8B194A4A9~-1~YAAQFU8kFxmIXUeIAQAAt2gkjgomCSCWosMz5Elb+vshYaZ9OA5zLx7VE8XHt/v3z/v7fnWoZOT7mK/12gBP4G10cWwyDQciWsN871R+WU+E482rx3ycu1zS5pfkaEs41BrgP1PxWfosGfiF2YZKPOLMbwgE4JLxK0y58vneiPgtUVYDjl3gUYAhZRI1USM82yhLt9vozpn8hf9PfUnqYuZSm9lDwJnEqAQNG3RwsIdZ+91PeCdF5GjhTS12FC70jOGVJw1it0IrtOpMHQoYnydUoZBPNKLHAqbClUvZMMFzw3A2DFSPSqBMb28mscUoSAiKoXsHUc7NRSo3TwF53ggvfznQaKFbriXpHsgjr++57mUOYlCAAel4WpzK6bhd~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 05 Jun 2024 00:38:50 GMT; Max-Age=31536000; Secure
bm_sz=3A7FFF6D2535A5880867789054A6922A~YAAQFU8kFxqIXUeIAQAAt2gkjhRuVeBDzxYF43xTxFC/6jOf+CfRXm7haRSZWEyK3nXhdTDPfsQXDcVnDXKuGzKSO5YD38C82zmwnzf9Jx6R2oO6rg+N/fzdO9Ng1dm6U+6KlnLbOH/NI145MnGZ1CXmqIL0DZWu+aJdO74LsuMKGS0MsWWs7UZvrva/qzTopuvxZbfL+zeTekqxNuphMHKTTblQnVmq75qf3bkaJo9u+5ppURBqsOhZaXWyBjRNn9DkoCBAOdD+CYeeeVaMabX6yFDRdELM9OYF45wTf7BK7TNcxnf2~3158086~4605490; Domain=.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 04:38:50 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/jenny/nd
23.36.79.34 18 kB URL connect.secure.wellsfargo.com/jenny/nd
IP 23.36.79.34:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2293)
Hash e6cdf554d0e16255266a73fc4cb7b599
0d1cea514338faa6e83a85653059b33a479456c7
52a72afb911bd768c6a4b5376ed2f06c6980135047853ec287930b468a4f2410
GET /jenny/nd HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/javascript;charset=ISO-8859-1
Content-Length: 17971
Date: Tue, 06 Jun 2023 00:38:51 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:55|g:704998d9-9867-4fca-897c-3366095afffa; Expires=Tue, 06 Jun 2023 00:39:20 GMT; Path=/; Secure
ADRUM_BTa=R:55|g:704998d9-9867-4fca-897c-3366095afffa|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Tue, 06 Jun 2023 00:39:20 GMT; Path=/; Secure
SameSite=None; Expires=Tue, 06 Jun 2023 00:39:20 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812; Expires=Tue, 06 Jun 2023 00:39:20 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812|e:3; Expires=Tue, 06 Jun 2023 00:39:20 GMT; Path=/; Secure
ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=bDaUBPrPHpNMzU%2fM1Afbq%2fUz+c31mMlXD+mjzjeycjYXfCpQFfGYluyrCik5yt+2; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:50 GMT;Httponly; Secure
_abck=B11E72B492C7526E9F6DF9C7975D5F43~-1~YAAQHk8kF8ZVdW2IAQAAz2kkjgpmLowCtTAs2Uf7IcRe1m05TXU462zHhBFYLYfuMTQCKt3lHndbwMY912iYwQHXuTO/aAfRE03LlwtFj1ZLW29Qytf8Xi8ry/jwEUmUsITVf1TgoUckBMIjL8iABXJpyDEN93G26FFMKGilPuMPBkUpjBDmBSIpHKXZldqiM5Upd9aH6XHNR/0myHO3xEMAWaIrnFilDHJMdCNvzh+bqjMxO8oT9vGxN6WV2GJ+LHWaMJYXaHgGDENrAK25B6g863xI6Fy1PEyhdOsyG3xAKSMVD6LFB0f5JDMbXrZEjYjuj2+uCXj1QeX/AfTfTrM/GwFzDRNFxx0kI6vPvCSK1GmkPgQRWlG43vYr/CM3~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 05 Jun 2024 00:38:51 GMT; Max-Age=31536000; Secure
bm_sz=9241CCEFA1D3E029F1985A4709C85539~YAAQHk8kF8dVdW2IAQAAz2kkjhSwGzNi15Ym0Iv3UfCi83eK94b+M7OHlV9PO0eD/c6Hi6q/88PLfFyTMcXV6e+ZCd6gud149UuUb+JaiYVOUkweZZr+zDoCCTtVkjzMt6qIgc6VDJLXMi3qGL+jFuxdPJyukGEkXy7xMKhXdDo3CS/Slo8g4E7enz5ITQKcQJnxNMpHQgSPYt41qAP7tf5WYgycE/jZpJ//s+vsb1tBDQ39Xj4NofsTea7hg3jVlSx0/VlBZfUJgwPPD9CIRBmfAF2s8TB3hAv+zKYBrzX/oW48SYDI~4536643~3425586; Domain=.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 04:38:50 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
163.171.132.220200 OK 134 B URL POST HTTP/1.1 www--wellsfargo--com--ye49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 87f6a9dd93f58496c5c3ee2fee9dec4e
4272d2f931b7e1cbd2cd3b99d3e254fea45a227b
5778c34cabfc380f6ab40e8f4e53bcfa993d194621a7ef376355102e8d6f0626
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/dip/v1/dip HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
ADRUM: isAjax:true
Content-Length: 2048
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=; utag_main=v_id:01888e245e74002728716953908405046003700900918$_sn:1$_se:2$_ss:0$_st:1686013728882$ses_id:1686011928181%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4sVYBGy03F8Cmqkze%2FkfURW63c0gKdzX05jQ2I1KA%3D%22%2C%22c%22%3A%22ZVJIRTRKTnZMcUZvZk1BQg%3D%3DgjftOmFwVy5zsrVU4ahxwy-lSkNpqHzhGMa-M5_RVHicxAr-R_TtcwyFxY7cgjfR2M2xjrTfIvbesWAoOWCaFifhKj4ZYMxg9Lw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2BSetG%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C67978085572860839222969163420740134999%7CMCOPTOUT-1686019128s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1; _cls_s=c68048ab-0183-420d-a156-d5abb177818b:0; ISD_WCM_COOKIE=!2Co9BgWE7T7WLeDz2xKqB3cO2dndHr+MnH3DF8Jlli9J+6GuiGmOJqO16tdSbBMZOmE+G/0AxnKIQt8=; ADRUM_BTa=R:27|g:5fb22f49-b972-41ba-9c96-199acd10e72e|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:62; _gcl_au=1.1.625782089.1686011930; _ga=GA1.2.359928255.1686011930; _gid=GA1.2.1586418031.1686011930; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:51 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 134
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
X-Akamai-Transformed: 9 206 0 pmb=mTOE,1
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=UkIs7q0%2fTAsqK2PXgspZ8IinIWUYgMkhE6pYtOfBA7z5dOcpShoMWjr5ccdA5XmN; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:50 GMT;Httponly; Secure
_abck=AC22C978992501EADD4E3A5E8E35FC6A~-1~YAAQjtAXAtkBE4uIAQAA9WkkjgptTuD1zhej7eMAoxr4Te2B5CVe2PtMClJuQyUzmb5Y+1//Okdy7MMGTKxvnMVfFAlQhNNn8FrqwRW2KqWphj5cu/o6papgbZ00Y14DIIqp4iXQ+5+9AbOPWJ/5YQ86mFkljoui4PHaxMj4E/fhHnOm5tePN50ygIzAx7aiunM8Fnj9iVpSOZkgZXpsDCHrvBB/ZKorC8yjRUhn5tlWv6JHo6JxcGzEqVX3hoA6N2nwJ4u+z2ge/bIxKbyX0QZSLWkrqWzF7dyjkLsgH5dIZ0FYPpwOr5zoJZuzjHP/KA2trO9IOmadLgo7p08GzmwgyW8i5lfcSn6rKpq50UI0249o50UEC/xnToxSs5Lh~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 05 Jun 2024 00:38:51 GMT; Max-Age=31536000; Secure
bm_sz=391D3F0F5DE2FFA814485CFD745A0E22~YAAQjtAXAtoBE4uIAQAA9WkkjhQazMLvwLLm8urKSNY1Sduapwk9AmodxwJkb8B9GV6z/2zS3WBOAHqC5Lv7BbLXQsU8uuQqfmT4odP4vbIg8tktM4iim7Bjy0f1Qqh0Dbms82fT4KCvvj1YoI5mXpesXlT1aSTT99jl4GKjSJ9qME+U/PnKIf9FVYLxWnVC26mwmA9Pg9bvGQlm4zjrF5X0AOvU2INbP+ajP215up1kJbzFcQp0vNk3fSGo/AyJYNCmWbVraM+6yEtjNeinK2dpQJO/6clknsJGayay8VZpi/1hkRC9~3224388~3753284; Domain=.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 04:38:50 GMT; Max-Age=14399
X-Via: 1.1 kf175:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e801a_kf175_11950-1239
connect.secure.wellsfargo.com/AIDO/glu.js
23.36.79.34200 OK 37 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/AIDO/glu.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash eecb405facf6cbf64666cfd77713c209
c9b90a268bb8ec6595a2eeec353a7a4d791944c6
15c29e02096cfed303c8241bcec319b1bd0abb354e91885319d32ff71cf753d6
GET /AIDO/glu.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 37200
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, OPTIONS
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Encoding: gzip
Date: Tue, 06 Jun 2023 00:38:51 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=dKH%2fe6xXdhuIeAdGHRvB5pA0UYKax%2fiQrOL10V8l2+%2ft6ZJt4VjC+4n0AC94cSgu; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBWbDZQaEZqSTU3Y1BOMjhzNTI0QUNTblpqcVlRSXBMS2dObjQrUjlsYy8wV0pjcWszYmdwa3FNRmZHRXBaTnc0R24xRGh6TjJtUXRBenFSc1RVaFhCenVVSDFNZmZnNmFPVGx4Ny9FNUFFWitONmU1S01DdE0rclAyanFkeHZ4WFZSYS9iK2cvR0NjL0VhNENzdjlNcEJTcWo2aEZpS2pyZFZsdGJMRlZJV2hHVjNBaG5oWWFCNDZGckcvNlQ0S3pxYjNTYytLUmdseHJIMGpxbVo5aGprVzAwTE5EM2pkR05tUG9BWlFaQlAzengvd2V6aHhMVHVERDl6VmdUYU1CNzh5eVF2cFk4VGlZRHZYQmtFdVFPTHZTaHdSbnJsMmQ4Uk1vZ3FnPXxhN2M3YjRmMjBjNTJkYjE3YzE2MjQxYjE4ZWI2Njg2NTFjOWNkYjQ4ZWZkMDdmZGY1YWE3OTRlNTk1MjNhMGEzNTc0YTcxN2ZjZTdmN2U0ZTQ3MTU0ODlhNGY3MzYxOGQ5M2YxNjA0NWU1YzFhYWJhNjViNmFlMDAyMTcxM2YzZTUxN2I2ZTBhMzU5OTZhMjk0ZGY5M2JhNjdjMzIxZjAzODIwYjQ0Y2U5NTA0M2IwNzQwMGYzZWQwYjk0MWRmMDNjYmRjMDZkYjVlZTgzOTA5YTVhZTE5NjkzMGY2ZWRjN2MxZTkxZWIyYjRiMDFiMGE0ZWYzNjc5MWEwYWRiZDVjM2YyZjA1MWMwNWFkZDE1MDQ0OGNhMzQ4MjI1OTU3ZWNhNzA3ZGMxZDdlMWE2MWFlZTQ4ODZkMTA0N2Y5NjdiODBkOTI0ZGE4ZmU4ZGQ3NjA1NjY2Mzc5NWE5NDI4ZDRmNGRiZjUzNzIzZWEyNDlkYjQzYTcyMTE4NjYwZjAwOTJhN2FiZTEyZDM0M2MxNmM5ZjFkYjFjYTlhNjE2N2YyOTE1OTZmZjJkYWQ4ZjliYWE5NjY5ZDEwNmE1MTFiODllNmNlOGYzODY5MTM3NDQ4OTM3YWQ4YjNlNjcxYjlmZWRkZjZkMDYyZWMzYjYwNTgzNGNjZDM1OTM3N2UwMjRiMXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com&t=jsonp&c=edvdpdm_rmnyaf_q&eu=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F
23.36.79.34 90 B URL connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBWbDZQaEZqSTU3Y1BOMjhzNTI0QUNTblpqcVlRSXBMS2dObjQrUjlsYy8wV0pjcWszYmdwa3FNRmZHRXBaTnc0R24xRGh6TjJtUXRBenFSc1RVaFhCenVVSDFNZmZnNmFPVGx4Ny9FNUFFWitONmU1S01DdE0rclAyanFkeHZ4WFZSYS9iK2cvR0NjL0VhNENzdjlNcEJTcWo2aEZpS2pyZFZsdGJMRlZJV2hHVjNBaG5oWWFCNDZGckcvNlQ0S3pxYjNTYytLUmdseHJIMGpxbVo5aGprVzAwTE5EM2pkR05tUG9BWlFaQlAzengvd2V6aHhMVHVERDl6VmdUYU1CNzh5eVF2cFk4VGlZRHZYQmtFdVFPTHZTaHdSbnJsMmQ4Uk1vZ3FnPXxhN2M3YjRmMjBjNTJkYjE3YzE2MjQxYjE4ZWI2Njg2NTFjOWNkYjQ4ZWZkMDdmZGY1YWE3OTRlNTk1MjNhMGEzNTc0YTcxN2ZjZTdmN2U0ZTQ3MTU0ODlhNGY3MzYxOGQ5M2YxNjA0NWU1YzFhYWJhNjViNmFlMDAyMTcxM2YzZTUxN2I2ZTBhMzU5OTZhMjk0ZGY5M2JhNjdjMzIxZjAzODIwYjQ0Y2U5NTA0M2IwNzQwMGYzZWQwYjk0MWRmMDNjYmRjMDZkYjVlZTgzOTA5YTVhZTE5NjkzMGY2ZWRjN2MxZTkxZWIyYjRiMDFiMGE0ZWYzNjc5MWEwYWRiZDVjM2YyZjA1MWMwNWFkZDE1MDQ0OGNhMzQ4MjI1OTU3ZWNhNzA3ZGMxZDdlMWE2MWFlZTQ4ODZkMTA0N2Y5NjdiODBkOTI0ZGE4ZmU4ZGQ3NjA1NjY2Mzc5NWE5NDI4ZDRmNGRiZjUzNzIzZWEyNDlkYjQzYTcyMTE4NjYwZjAwOTJhN2FiZTEyZDM0M2MxNmM5ZjFkYjFjYTlhNjE2N2YyOTE1OTZmZjJkYWQ4ZjliYWE5NjY5ZDEwNmE1MTFiODllNmNlOGYzODY5MTM3NDQ4OTM3YWQ4YjNlNjcxYjlmZWRkZjZkMDYyZWMzYjYwNTgzNGNjZDM1OTM3N2UwMjRiMXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com&t=jsonp&c=edvdpdm_rmnyaf_q&eu=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F
IP 23.36.79.34:0
ASN #20940 Akamai International B.V.
File type ASCII text, with no line terminators
Hash 26fbfb3a6c23322e5c3163a2fac5fa63
30bb0836dee718c4e8999a57d8dbe5897fc0457c
5c287dbe2c8eb06fd6f9732350f0c4c130e5898b63bca19bd46d8b63d876818b
GET /AIDO/vyHb?d=ZW5jZEBWbDZQaEZqSTU3Y1BOMjhzNTI0QUNTblpqcVlRSXBMS2dObjQrUjlsYy8wV0pjcWszYmdwa3FNRmZHRXBaTnc0R24xRGh6TjJtUXRBenFSc1RVaFhCenVVSDFNZmZnNmFPVGx4Ny9FNUFFWitONmU1S01DdE0rclAyanFkeHZ4WFZSYS9iK2cvR0NjL0VhNENzdjlNcEJTcWo2aEZpS2pyZFZsdGJMRlZJV2hHVjNBaG5oWWFCNDZGckcvNlQ0S3pxYjNTYytLUmdseHJIMGpxbVo5aGprVzAwTE5EM2pkR05tUG9BWlFaQlAzengvd2V6aHhMVHVERDl6VmdUYU1CNzh5eVF2cFk4VGlZRHZYQmtFdVFPTHZTaHdSbnJsMmQ4Uk1vZ3FnPXxhN2M3YjRmMjBjNTJkYjE3YzE2MjQxYjE4ZWI2Njg2NTFjOWNkYjQ4ZWZkMDdmZGY1YWE3OTRlNTk1MjNhMGEzNTc0YTcxN2ZjZTdmN2U0ZTQ3MTU0ODlhNGY3MzYxOGQ5M2YxNjA0NWU1YzFhYWJhNjViNmFlMDAyMTcxM2YzZTUxN2I2ZTBhMzU5OTZhMjk0ZGY5M2JhNjdjMzIxZjAzODIwYjQ0Y2U5NTA0M2IwNzQwMGYzZWQwYjk0MWRmMDNjYmRjMDZkYjVlZTgzOTA5YTVhZTE5NjkzMGY2ZWRjN2MxZTkxZWIyYjRiMDFiMGE0ZWYzNjc5MWEwYWRiZDVjM2YyZjA1MWMwNWFkZDE1MDQ0OGNhMzQ4MjI1OTU3ZWNhNzA3ZGMxZDdlMWE2MWFlZTQ4ODZkMTA0N2Y5NjdiODBkOTI0ZGE4ZmU4ZGQ3NjA1NjY2Mzc5NWE5NDI4ZDRmNGRiZjUzNzIzZWEyNDlkYjQzYTcyMTE4NjYwZjAwOTJhN2FiZTEyZDM0M2MxNmM5ZjFkYjFjYTlhNjE2N2YyOTE1OTZmZjJkYWQ4ZjliYWE5NjY5ZDEwNmE1MTFiODllNmNlOGYzODY5MTM3NDQ4OTM3YWQ4YjNlNjcxYjlmZWRkZjZkMDYyZWMzYjYwNTgzNGNjZDM1OTM3N2UwMjRiMXwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com&t=jsonp&c=edvdpdm_rmnyaf_q&eu=https%3A%2F%2Fwww--wellsfargo--com--ye49329d48d6c.wsipv6.com%2F HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 90
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Tue, 06 Jun 2023 00:38:51 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=9kjGGmuOdwi1vXnn%2fWrDTHSvNduKjTL6YFQ4rNSFB8cCn3BjWJUlWlk%2fyrjZ1iwl; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:51 GMT;Httponly; Secure
_abck=3E6A423B7B54870547E6A3414DCCC09C~-1~YAAQHk8kF8pVdW2IAQAAd2skjgqbzJWygOyo2pK/Wshmvj+Xpq84/4IkDU7hPlEJWjZAaSszYrSu7SIlRTku3AksgRYOumyQZvEEQv9LKLymeO9Hzn/d5sErCNE3N6ujubD6pNYB5+/bKK9KDosj0uRID2hr9Fefbcelh00xv8OETIu8x3BJMNs2jMzhxBomqlBKA0fTRLjj2sqx8ioQkNriAfs1QoWMQAIvnSxLJMXOfl2rG2HqFNOiLscFrRmATMi8/yxpNTQe0nb7cyl+I1EMO1lKnCc7Cpyfbpp2BJecQCUGykLMVI69nEEoCOLFas8AplonLT1KA/uthYhqAVxRC1rC6n7/1W3o+tz0zQkFNTuiRL0xxJeEYVz12u3x~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 05 Jun 2024 00:38:51 GMT; Max-Age=31536000; Secure
bm_sz=4068F0A6EF3084F3B926B6EDFC870BDB~YAAQHk8kF8tVdW2IAQAAd2skjhR09xgdRv1+ALvHglHvgmmYej/X+yXHAjnQRj4xDTNfuRTOTgfzlo0xcbHmigvvSxhnJTSIZz0DVKt06esREeaPke8wgeT1ktqvivbwkPkgKYGEs0lKoivLmhtElnKv7EgUbdt3dox/yLCQL2amvMthLAfw+e8p/aNF6a+boewdhrg67JJ7qmhuCcgrreWLnY3PZa0OjBx2avz0ZDVzQ05WDTwtpn8u9eL0f77KqTNgR2kFjYmxgw4tuSMyhxXQhcg2Ckve3Nsit67gK8tlG/EiWGl9~3355973~3356486; Domain=.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 04:38:51 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.e50d6f2958b549874d2c.chunk.js
23.36.79.34200 OK 389 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.e50d6f2958b549874d2c.chunk.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type gzip compressed data, max compression, from Unix\012- data
Size 389 kB (389020 bytes)
Hash 7e6c3fee01ce782cd64a40e04e4b14e3
05150c4bf85be27cc5006d6e1a1d83ba570ac9b0
46f5e341d25b2c5d1722df05d2e62374e3c747e6ab9906e8680d67ca96ab640c
GET /accounts/static/7M/accounts/public/js/vendor.e50d6f2958b549874d2c.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 366646
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-59836"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Tue, 06 Jun 2023 00:38:49 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=Z6YzZVQdRAtUGRmAeIlMD86fPZ5xXzQ31FTcKkJrnddOFBMiqVXWugkKOplHx6xM; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.42110855862430463
23.36.79.34200 OK 136 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.42110855862430463
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 136 kB (136490 bytes)
Hash 8e97963d4707c87ac0511d88b9e93bbb
a912e0f885a65e8d84525dff54fb1587379257b6
2e42e32ba81ada5a46db600df4985cd01d618945c8da39c969bd2bcd6cbe62ea
GET /AIDO/mint.js?dt=login&r=0.42110855862430463 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 136490
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Tue, 06 Jun 2023 00:38:52 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=YNwi%2f8KsLgrihNt9VzOc46LzFlpZWkAEY8%2ffMXBY2SkyogJnYDtiBC+q2fHqeQJO; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
100.21.123.45 265 B URL pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP 100.21.123.45:0
File type JSON data\012- , ASCII text, with no line terminators
Hash b2db6ca3bb866e253972b2ef074183c4
e2d5d2a9d2c048b93b941f5574749fd5e8c78d7e
5639e33b3e2decfd9f17b5f8072a8e57ff9c399f1f645064bb220421749ed416
POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 11552
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 06 Jun 2023 00:38:51 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:55|g:bff969d8-b85f-4b9c-aff5-52adfeba0010; Path=/; Expires=Tue, 06-Jun-2023 00:39:21 GMT; Max-Age=30
ADRUM_BTa=R:55|g:bff969d8-b85f-4b9c-aff5-52adfeba0010|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e; Path=/; Expires=Tue, 06-Jun-2023 00:39:21 GMT; Max-Age=30
SameSite=None; Path=/; Expires=Tue, 06-Jun-2023 00:39:21 GMT; Max-Age=30; Secure
ADRUM_BT1=R:55|i:559461; Path=/; Expires=Tue, 06-Jun-2023 00:39:21 GMT; Max-Age=30
ADRUM_BT1=R:55|i:559461|e:5; Path=/; Expires=Tue, 06-Jun-2023 00:39:21 GMT; Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.a939a86ee26c77766c4a.chunk.js
23.36.79.34200 OK 154 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.a939a86ee26c77766c4a.chunk.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type gzip compressed data, max compression, from Unix\012- data
Size 154 kB (153997 bytes)
Hash 5817f161965ee437bc355e2a791170bc
ed74f8d153fe9bc43f61f24439f3640d26d9be24
1d91a40db9b0b3e4123c290b86be6ff5aafaacb6b758ba25493f67e938e53601
GET /accounts/static/7M/accounts/public/js/main.a939a86ee26c77766c4a.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 307653
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-4b1c5"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Tue, 06 Jun 2023 00:38:50 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=GH+dl13p8Bno8%2fLxBu%2f%2fF5jk6IqrTgUJm+q8pcBeDHBqncYpT6FcnR%2fX55K6TV+C; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=c68048ab-0183-420d-a156-d5abb177818b:0&_cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1&pid=bb70ad73-ed6a-482a-a524-51472c088985&sn=2&cfg=32a3f9ce&pv=2&aid=
23.36.79.9 164 B URL rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=c68048ab-0183-420d-a156-d5abb177818b:0&_cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1&pid=bb70ad73-ed6a-482a-a524-51472c088985&sn=2&cfg=32a3f9ce&pv=2&aid=
IP 23.36.79.9:0
ASN #20940 Akamai International B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash 43d351df59f8d27e92bfbf1ff0a77aa4
d53722817c789c1056259f80b37352937d5757a1
df49bc76cd26311539e96cd5343e2f78b9429fe5263c6253d5e7dd57264d72a2
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=c68048ab-0183-420d-a156-d5abb177818b:0&_cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1&pid=bb70ad73-ed6a-482a-a524-51472c088985&sn=2&cfg=32a3f9ce&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 34121
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=32a3f9ce; _cls_s=c68048ab-0183-420d-a156-d5abb177818b:0; _cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 164
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Tue, 06 Jun 2023 00:39:00 GMT
Connection: keep-alive
Set-Cookie: ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!/zPfcQu1nnHu7+8q/D2JHXmrrcNtC0PPdj9KNcYNSFTICHBPptDBI47h5YeFYGz4SBG6yILgWdOSYg==; path=/; Httponly; Secure
DCID=wQvh%2fXn%2f7ZethLBwxdR3gPCW1bmGeNk7LvPaXwURNXMLVecNdidRhdzWw4grxg%2fA; Domain=rubicon.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:54:00 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=c68048ab-0183-420d-a156-d5abb177818b:0&_cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1&pid=bb70ad73-ed6a-482a-a524-51472c088985&sn=3&cfg=32a3f9ce&pv=2&aid=
23.36.79.9 164 B URL rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=c68048ab-0183-420d-a156-d5abb177818b:0&_cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1&pid=bb70ad73-ed6a-482a-a524-51472c088985&sn=3&cfg=32a3f9ce&pv=2&aid=
IP 23.36.79.9:0
ASN #20940 Akamai International B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash 43d351df59f8d27e92bfbf1ff0a77aa4
d53722817c789c1056259f80b37352937d5757a1
df49bc76cd26311539e96cd5343e2f78b9429fe5263c6253d5e7dd57264d72a2
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=c68048ab-0183-420d-a156-d5abb177818b:0&_cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1&pid=bb70ad73-ed6a-482a-a524-51472c088985&sn=3&cfg=32a3f9ce&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 44691
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=32a3f9ce; _cls_s=c68048ab-0183-420d-a156-d5abb177818b:0; _cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 164
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Tue, 06 Jun 2023 00:39:01 GMT
Connection: keep-alive
Set-Cookie: ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!gvX442/13pmtjSgq/D2JHXmrrcNtCxX+onP+pCthKNJedkUcf9Vz4YngEpKgwuleialNNKsPcOGfrQ==; path=/; Httponly; Secure
DCID=HfXYLsWdEq87us5dUlDRBNgSPqKFjUFWjV9UsmBvHkt8+OgUYDa+lHI%2f5nfxyaM3; Domain=rubicon.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:54:00 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.77e559b79db575fffbe9.chunk.js
23.36.79.34200 OK 824 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.77e559b79db575fffbe9.chunk.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
Size 824 kB (824342 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /accounts/static/7M/accounts/public/js/wfui.77e559b79db575fffbe9.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 331228
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-50ddc"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Tue, 06 Jun 2023 00:38:50 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=C3NxqL2aBxyoFO2s3ggewESrndEgWs6Q8DsM4OueDJ8%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--ye49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?x
163.171.132.220200 OK 0 B URL POST HTTP/1.1 www--wellsfargo--com--ye49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?x
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/imp/v1.0/report/?x HTTP/1.1
Host: www--wellsfargo--com--ye49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
content-type: text/plain;charset=UTF-8
Content-Length: 296
Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!hFDdBTe8JD9FPZYv/BdPMOHVwv+ySSKexWs3Tckt7vPdVUDT+vcXjZbMIRaeyOpArvRwGbGZT7k3FJs=; utag_main=v_id:01888e245e74002728716953908405046003700900918$_sn:1$_se:2$_ss:0$_st:1686013728882$ses_id:1686011928181%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ4sVYBGy03F8Cmqkze%2FkfURW63c0gKdzX05jQ2I1KA%3D%22%2C%22c%22%3A%22ZVJIRTRKTnZMcUZvZk1BQg%3D%3DgjftOmFwVy5zsrVU4ahxwy-lSkNpqHzhGMa-M5_RVHicxAr-R_TtcwyFxY7cgjfR2M2xjrTfIvbesWAoOWCaFifhKj4ZYMxg9Lw%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22Rht%2BSetGlCrPEhjg0UgFmX7%2B%22%2C%22diA%22%3A%22ARqAfmQAAAAAG57bbuj48OwcJdJxfuph%22%2C%22diB%22%3A%22AcqJRvpzfD724TiLeTUSJCk5Kh9nDZLN%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%221avFNAzrbQCzzBD1vnIWNw%3D%3DX0CCx9RQI6F--nYjtEls8WLvaQJN4hahbvURO1xrozRpMf5V5lCUuopCrVg7tzRxSxTpMI5mqseSCKcRq6oxuIRelsFOQoeJTJlgXNAUVvpdt7Vs2oMM29dlqsTiJ15LIdPc9U1XUaCCdZURAXLxVQ1bNPWvHyUkLnRjG7Fu0GwUTXRPB4xlSxLL%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VeAfKZ7BSu1X4C800%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C67978085572860839222969163420740134999%7CMCOPTOUT-1686019128s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=9a612958-7f06-4818-b85a-d9379b37dbe1; _cls_s=c68048ab-0183-420d-a156-d5abb177818b:0; ISD_WCM_COOKIE=!2Co9BgWE7T7WLeDz2xKqB3cO2dndHr+MnH3DF8Jlli9J+6GuiGmOJqO16tdSbBMZOmE+G/0AxnKIQt8=; ADRUM_BTa=R:27|g:5fb22f49-b972-41ba-9c96-199acd10e72e|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:62; _gcl_au=1.1.625782089.1686011930; _ga=GA1.2.359928255.1686011930; _gid=GA1.2.1586418031.1686011930; _gat_gtag_UA_107148943_1=1; ndsid=ndsa0o0x6umef7ulijjyzp2; _imp_di_pc_=ARqAfmQAAAAAG57bbuj48OwcJdJxfuph; LSESSIONID=eyJpIjoieU16VzlGa0pKYzM1T2dYWFBxdVhxQT09IiwiZSI6IlNJa3JpcmlcL2VodkY4S2lvYzI2WVJaK003MDh4TXN3QlwvQ0tJV3cweDNpdXdWT200bFViU1htMmV6MERLeDVwSHFXMnorbHlTVE9CcTcyT0ZialBzMTdiU1Q3eFFhZ3hvcXFYejFjNUI2bGRXWk01cU5JK3V0emV3Y1dNbmlkd0dWNTZSdzVwRWY2NFp5NnArSU5cL2Z2UT09In0%3D.ee24d8941844a38e.NDVmYTFhNGRkMDZiNGU3MTM1MDlkZTRiNzBiYTM4NGM1NTBmOGYwMTdhODRiMDkxYTM5NWI3OGFhMzM0OTJkYg%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Jun 2023 00:38:58 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=94j2RBhawZBs+QiRqyZyciS%2fJGzjQSOdIW29LXEHW6zLxtYM9KMHpzJHMaEZqBha; Domain=www.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 00:53:58 GMT;Httponly; Secure
_abck=216269AFB02E96A217C9215A9F8515E6~-1~YAAQjtAXAkEDE4uIAQAAjIgkjgoDVHRKUCmciiZpuesRW3WTgrJbIkUpC39/0Gxx5dV5zpiCoQInAQdfSk04f9abR+pVwEe0iXRodHKoBLVba6mCRDXP6Qg2ZhPWpJVFME9rwOcAxn6h05tub6nIaTmeoZKx4a+wd4X97xtWT4nbM0CsbUO8uofTrltnp7X/T27Z2oekX8Qn1j2X+aU06YGxm/njVIMFE/mVPWV7rwA7tL1q4S11loXuKGnuPne+9O+ldVjyoFRzuiB48FP9qPEaq91VCuKcBLuUTPjQmtC8pOkyrACvoq+ZvRDY1tW51xBHjCZv2QbV7IhZ39YaS+ZUfWcgncAuv9MYkiAPUoo6S12NDro+FgnaE8ci9/m8~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Wed, 05 Jun 2024 00:38:58 GMT; Max-Age=31536000; Secure
bm_sz=C84D4363379EF228D8A882F1EB48BE6F~YAAQjtAXAkIDE4uIAQAAjIgkjhQRh8dqsgL5D0pSkMXEbkomAFh70HRf3hp/80vefHlfcYcf4atjy9fKHZikOvcoEnH3/6LJPHqxla7J5TEz6cAkxo0XoPpWuTHg6yVzbXgZdZen498X7hhXOyYdAKMzZqttdni62oVY43HslLsPYL9v8Z8WSAamkpMRN1FeoF4z02WQwRiEcD3gX88GZUjuChSOKg/G0cdiYOgy+ZCgcgM83OgHus6bOtBO/gB0uizp0TbFvjR/1jnzmdVZDrmA8fVfl9SPuyF7nCM7sUNIz/XEjuvI~3753285~4338754; Domain=.wellsfargo.com; Path=/; Expires=Tue, 06 Jun 2023 04:38:58 GMT; Max-Age=14400
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 647e8022_kf175_11950-1354
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
100.21.123.45200 OK 26 B URL GET HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
IP 100.21.123.45:443
Requested by https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.eum-appdynamics.com
FingerprintFC:48:9F:81:33:3D:2B:6F:D9:CA:C8:3B:5F:11:C2:DC:DE:71:48:F5
ValidityTue, 14 Jun 2022 00:00:00 GMT - Sat, 15 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6a43099d5c8fe991a7aa7ebaca53069d
5bce2f0d57305c58c7b05bfce29ebb39a18f5570
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--ye49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 06 Jun 2023 00:38:50 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2