r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bea3185dd820a31c1981317f37c3456d
1a548a5d27270fc11df9011837a7149571cedd78
469b97bf9f57401b3c9571039483589f2815f4794212b75c7c85cfefe0ae71e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "469B97BF9F57401B3C9571039483589F2815F4794212B75C7C85CFEFE0AE71E9"
Last-Modified: Wed, 22 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13994
Expires: Thu, 23 Mar 2023 04:54:47 GMT
Date: Thu, 23 Mar 2023 01:01:33 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 65fc860bc043f3fb83bdc3debdcd322d
418010755deae099ef1284e402813c5837a10f42
d93d50c523c7f735987aba09db628259441eb75efe713a2df3c214e1fb8b5171
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D93D50C523C7F735987ABA09DB628259441EB75EFE713A2DF3C214E1FB8B5171"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11372
Expires: Thu, 23 Mar 2023 04:11:05 GMT
Date: Thu, 23 Mar 2023 01:01:33 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 51a5d4696a6090c295850554508b51ce
c44e143c2223546e64b19f543b8101aaf3b11e97
8794223d5e8d4d276c35e2fdcc24bf99694240634dd749cd9b5bf874dec055cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8794223D5E8D4D276C35E2FDCC24BF99694240634DD749CD9B5BF874DEC055CF"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7259
Expires: Thu, 23 Mar 2023 03:02:32 GMT
Date: Thu, 23 Mar 2023 01:01:33 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Alert, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 23 Mar 2023 00:27:30 GMT
content-type: application/json
age: 2043
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TTPMm4HJETG/DofBSvZ5rtW9LIZIEIYqpzdQyBqYN68IDui65znFko+ke/N/VB/qq7SuTCClUYg=
x-amz-request-id: HJWSA66B11WBV3DM
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 23 Mar 2023 00:53:51 GMT
age: 462
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 01:01:33 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Last-Modified, Content-Length, Pragma, Expires, ETag, Backoff, Alert, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 23 Mar 2023 00:14:33 GMT
age: 2821
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 18b877ebbad1529e4bd91e12220d91c4
a3d64fb3d9cc1fe3a29b261c4ec9acfe134dfedc
7001d3ef847c7002ac15155f0dfcc0a369f19860e85c8e90530f1e7b2dd88f09
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7001D3EF847C7002AC15155F0DFCC0A369F19860E85C8E90530F1E7B2DD88F09"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6468
Expires: Thu, 23 Mar 2023 02:49:22 GMT
Date: Thu, 23 Mar 2023 01:01:34 GMT
Connection: keep-alive
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: pX634VU5hmnGa2XZaBOvcA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: hcvoOcGFONgjTiL9JxKi+LucF4Y=
ocsp.dcocsp.cn/
200 OK 471 B IP
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash b83aa92e13d9206c00e58370ac2a17b8
a4365b7713990d26a29378e1d3bf5a58d0a0f74b
665cf4758c98de321322b9f9c4cb968543edb3fbb8cdcb913f8e8ef17b64839f
POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Thu, 23 Mar 2023 01:01:34 GMT
Last-Modified: Wed, 22 Mar 2023 13:24:57 GMT
ETag: "641b01a9-1d7"
Expires: Fri, 24 Mar 2023 13:24:57 GMT
Accept-Ranges: bytes
Ali-Swift-Global-Savetime: 1679533294
Via: cache21.l2de2[23,23,200-0,H], cache11.l2de2[24,0], cache2.se1[50,50,200-0,M], cache2.se1[52,0]
Age: 0
X-Cache: MISS TCP_REFRESH_MISS dirn:3:247463067
X-Swift-SaveTime: Thu, 23 Mar 2023 01:01:34 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: 2ff62c9616795332947691570e
www--wellsfargo--com--u949329d48d6c.wsipv6.com/
200 OK 19 kB URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/
IP
ASN #54994 QUANTILNETWORKS
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (731), with CRLF line terminators
Hash d5663449737cd8c094cc89d1ef81201d
3e1d63c03cc6ce0c3a600826efe879a22d69d13b
94f98d511c45fbb96f0a93752c42aadd41ea172c8466751fbba833327b539ded
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET / HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:34 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 18752
Connection: keep-alive
Content-Security-Policy: default-src 'none'; prefetch-src 'self' *.wellsfargo.com *.wellsfargomedia.com; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://resources.digital-cloud-prem.medallia.com https://www.knotch-cdn.com https://www.units.knotch.it https://*.knotch.it/; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.ads.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://www.linkedin.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://*.mworld.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://www.units.knotch.it; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-5061fb07-b6a0-4313-be65-8aaa067dc64f' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.ads.linkedin.com https://www.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Language: en-US
X-Akamai-Transformed: 9 18684 0 pmb=mTOE,1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:8fbcc309-f33b-4f35-837f-774baee41b13; Expires=Thu, 23-Mar-2023 01:02:04 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:0|g:8fbcc309-f33b-4f35-837f-774baee41b13|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 23-Mar-2023 01:02:04 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Thu, 23-Mar-2023 01:02:04 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894; Expires=Thu, 23-Mar-2023 01:02:04 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:87; Expires=Thu, 23-Mar-2023 01:02:04 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=1120230322180134869657814; domain=.wellsfargo.com; path=/; expires=20 Mar 2033 01:01:34 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=; path=/; Httponly; Secure
DCID=fIH83P1jBazBeiqn0oXl6eW6E1MV+QISKeYV8XPBdss%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:34 GMT;Httponly; Secure
_abck=C0D2FE9E017432F0F5190F3E3333B952~-1~YAAQjtAXApeIwOaGAQAAEEX8CwmVwWUG+LFJyWJ8AMaNMbQ7wq1L9O4oHSXA7KfDtuJiScZUVU7YNWrQUpHFQPAKtrX/76i8X2TljQ07P+hCLlG35T1EZPAHokZLeTdquiLSJdJDEX0+zFFjSn7jWueace5VW3b1sQATtLaTju2yWcrG9O44rnwH3oY8kNe+8DOTHBGutGISFRyH61PF7I818T0249bC86EkEewKQBPECY/cMmtGhOI0anMuHWxx4+P+mIhxFAjONPtgjPmvoATKE1ZA3kgoUlObAWq+85778JkWEmRizY4AMTHuuesPSdzBMcFjZAx2394vJjiD232QX6Wfb0Sa6cLIAdIdOY0T8qEEKwy/KyHnxuR5J1sFNw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 22 Mar 2024 01:01:34 GMT; Max-Age=31536000; Secure
bm_sz=4AB1823BFAB778747E8B6F9BE498E54D~YAAQjtAXApiIwOaGAQAAEEX8CxPJlsl3/8LLfmAdUA8AJpiP+TlqUOORi+Asbt7WpV/t2IHKML3m2SFrIe6/vfuNyFToD+Vpoqvx5A/lflrWO8fuhF+2qDeN8qYdPAuGxOvsCxYt2OKrrQKaN0K5wnE61pLizhqvztvL3cXA3QZ5EU2Kxhs/oHdZS3Vgmj5m8WvvpTHaYHFwxIMXf4LNFyHdI5CpaiEvOf6NbPUy/3oLMZM61bIl5Ba9SekDKYmQdaiA7aCk+JgAjgrNbWGp2t0BU8cB3PFhgopeLeW7nPvUE6vHWirc~3294261~3225907; Domain=.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 05:01:34 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4ee_kf173_5103-49340
www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
200 OK 1.7 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash c5f6eb132665afa77e8ac7a1a707e951
70d65ab0dcfaace4c1d8bbb772af4fd7c6f66c80
0d7727e08780a04f9c86fca16ed264664eea2b161744cfb70836880bf04fc1ac
GET /assets/images/rwd/wf_logo_220x23.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61bcfcce-10c2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 853
x-check-cacheable: YES
content-length: 1710
content-type: image/webp
cache-control: private, no-transform, max-age=1574575
expires: Mon, 10 Apr 2023 06:24:30 GMT
date: Thu, 23 Mar 2023 01:01:35 GMT
X-Firefox-Spdy: h2
www--wellsfargo--com--u949329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
200 OK 19 kB URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
IP
ASN #54994 QUANTILNETWORKS
File type Unicode text, UTF-8 text, with very long lines (33131), with NEL line terminators
Hash 3f9cbf08987857328ddeecd5c0841c98
6529bc4031ffe8c23feef79dcead7d3790c52b02
b6b40f8adb3910e658c5f61de4b636c0dbefafc4ce761e3544a9b38fb41cc7aa
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /ui/javascript/homepage-ui/homepage_iaoffer.js HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:8fbcc309-f33b-4f35-837f-774baee41b13|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:87; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:35 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 19118
Connection: keep-alive
Expires: Thu, 23 Mar 2023 00:06:14 GMT
Last-Modified: Fri, 24 Feb 2023 23:19:38 GMT
ETag: W/"63f9460a-e71d"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Age: 1
X-Via: 1.1 VM-CDG-01uY9168:5 (Cdn Cache Server V2.0), 1.1 kf175:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4ef_kf173_5203-59446
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
200 OK 35 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x423, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b4461eb744601a2ca1764ee8245185fe
8666c2c62e249f94da9721df78c7ce0cfbb587b5
e04eef1b087076cfd56ee5728e50ef2993dc739f5d1934c3196c7bf88019d386
GET /assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "62057fd1-14ef3"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 35078
content-type: image/webp
cache-control: private, no-transform, max-age=1574528
expires: Mon, 10 Apr 2023 06:23:43 GMT
date: Thu, 23 Mar 2023 01:01:35 GMT
X-Firefox-Spdy: h2
www--wellsfargo--com--u949329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
200 OK 24 kB URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
IP
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (65536), with no line terminators
Hash 54b9cb09a12ca550998d724cf1f9c352
e56c79cae2cdde87dab4e7db2692166fb8a24791
1438a78458affd5e7adf22ceeda674f752e7ddae0a1b24d248fd89ba043b44aa
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /ui/css/homepage-ui/ps-homepage.css HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:8fbcc309-f33b-4f35-837f-774baee41b13|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:87; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:35 GMT
Content-Type: text/css
Content-Length: 23675
Connection: keep-alive
Expires: Thu, 23 Mar 2023 00:15:05 GMT
Last-Modified: Fri, 24 Feb 2023 23:19:38 GMT
ETag: W/"63f9460a-2a25f"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Age: 1
X-Via: 1.1 VM-CDG-01nP5154:5 (Cdn Cache Server V2.0), 1.1 kf182:9 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4ef_kf173_5002-18348
www--wellsfargo--com--u949329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
200 OK 58 kB URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
IP
ASN #54994 QUANTILNETWORKS
File type Unicode text, UTF-8 text, with very long lines (65500), with no line terminators
Hash f6df70690f6b9bcff57603ca344468eb
4404009b69b7cadd1b753e360dfc46d3fb770f0e
07ad2c821ccd2067ec6de1e162f3749d7c5c5a65d8117e65bf8ea65a9d1c0446
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /ui/javascript/homepage-ui/ps-homepage.js HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:8fbcc309-f33b-4f35-837f-774baee41b13|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:87; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:35 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 58342
Connection: keep-alive
Expires: Thu, 23 Mar 2023 00:15:05 GMT
Last-Modified: Fri, 24 Feb 2023 23:19:38 GMT
ETag: W/"63f9460a-2c7e2"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Age: 1
X-Via: 1.1 VM-CDG-01cV0174:5 (Cdn Cache Server V2.0), 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4ef_kf173_4979-37173
ocsp.digicert.com/
200 OK 471 B IP
Hash ae4e9eff4647dbe4dc4f85f225f41def
a347cf4455c687e28bd91aaeb3b87105673955df
96bedb011a247068a707ac3636ea8d6c96c151dbb5f68b54d1a323733cf92ac9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2194
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 01:01:35 GMT
Last-Modified: Thu, 23 Mar 2023 00:25:01 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 471 B IP
Hash ae4e9eff4647dbe4dc4f85f225f41def
a347cf4455c687e28bd91aaeb3b87105673955df
96bedb011a247068a707ac3636ea8d6c96c151dbb5f68b54d1a323733cf92ac9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6054
Cache-Control: max-age=112618
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 01:01:35 GMT
Etag: "641aa233-1d7"
Expires: Fri, 24 Mar 2023 08:18:33 GMT
Last-Modified: Wed, 22 Mar 2023 06:37:39 GMT
Server: ECAcc (ska/F6D2)
X-Cache: HIT
Content-Length: 471
static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
200 OK 16 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
IP
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (45298)
Hash c5c30c6f4bfffa360cea9e4596911099
74fd08d2536e249015a63df76527663937211369
29279bc4b9c6fae6f797bec6ab1cbef61b08cfe23b27741175f546c1eaa8c9a5
GET /assets/js/wfui/container/wfui-container-bottom.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 07 Mar 2023 21:05:06 GMT
Vary: Accept-Encoding
ETag: W/"6407a702-b125"
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15731
Date: Thu, 23 Mar 2023 01:01:35 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=K0ZcoWVSnCkphqBMBFUN6Q%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
200 OK 901 B URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (1952), with no line terminators
Hash 5dcc7c101ced74367609685d577093f6
f0d8214335e3c33b634048b992afd536f5bd3e43
10aab16ccfb5374425dc6ee64453a7fe6d7b6dfa47ab65779f42c7db740da1ef
GET /assets/js/wfui/appdynamics/appdEUMConfig.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 20 Jan 2022 02:38:25 GMT
Vary: Accept-Encoding
ETag: W/"61e8cb21-7a0"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 901
Date: Thu, 23 Mar 2023 01:01:35 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=sCdysyCUzwx1G9T4vKY46g%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--u949329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
200 OK 4.3 kB URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
IP
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (9269)
Hash 3c3a13fd1a8ddbd14509a4bcb341ab23
eb2326f953b0623e9c7a00692f250e57aafd6e25
7a6177eb8cf85766cba199cff3c522151625fe1a639bdf549430e70b0a959b44
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /auth/login/static/js/general_alt.js?single HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:8fbcc309-f33b-4f35-837f-774baee41b13|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:87; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:35 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 4283
Connection: keep-alive
Content-Encoding: gzip
Expires: Thu, 23 Mar 2023 01:01:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=AwdG_AuHAQAAIXWLmKE_e7MqMgJxRermtJBBTn0S1XgG91MK5FLGxkXnQH2YAaOrhK-cuDv8wH8AAEB3AAAAAA|1|0|9480f84716e8fbb40e4360057bb5125b79c3965e; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=oreAArBe78bEFvzrBomqjBnpLP2mA2P2iRPSlT%2fANVRg4Gks9anexZeYhIlPkIL8; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:35 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4ee_kf173_5103-49347
www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
200 OK 49 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
IP
File type PNG image data, 1187 x 406, 8-bit colormap, non-interlaced\012- data
Hash 4576998e5446061faba47c4c609823e0
3beff60a8beab6ef65403e7bc02f996509c737a2
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39
GET /assets/images/sprite/responsive-sprite-v7.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 48569
last-modified: Thu, 21 Jul 2022 20:05:23 GMT
etag: "62d9b183-bdb9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=12627378
expires: Wed, 16 Aug 2023 04:37:53 GMT
date: Thu, 23 Mar 2023 01:01:35 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Hash 0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=6168047
expires: Fri, 02 Jun 2023 10:22:22 GMT
date: Thu, 23 Mar 2023 01:01:35 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
200 OK 23 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Hash 83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
GET /assets/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5848"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=6168051
expires: Fri, 02 Jun 2023 10:22:26 GMT
date: Thu, 23 Mar 2023 01:01:35 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Hash f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704
GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=6011224
expires: Wed, 31 May 2023 14:48:39 GMT
date: Thu, 23 Mar 2023 01:01:35 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107\012- data
Hash 1a2740c8df445989e4ee5f5396b6474c
a3f8545619fdd5b2a481952cd9e2c7b169bb43a6
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc
GET /assets/fonts/wellsfargosans-lt.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 21636
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5484"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=6168036
expires: Fri, 02 Jun 2023 10:22:11 GMT
date: Thu, 23 Mar 2023 01:01:35 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www--wellsfargo--com--u949329d48d6c.wsipv6.com/_bm/get_params?type=get-akid
200 OK 42 B URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/_bm/get_params?type=get-akid
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash a7fe54242293888d5429b7bc8d356044
1676d958e2ea275c7a0896062de5de54dfaf1966
7ac947f722383f21241495778fc5bef74a1af4040769924e18134bef9949f3cd
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /_bm/get_params?type=get-akid HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:8fbcc309-f33b-4f35-837f-774baee41b13|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:87; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:35 GMT
Content-Type: application/json
Content-Length: 42
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=s747ZZTO+VdDFQIPNn4Iyg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=03212B6AC1AA16B5675DB7E5072FEAAD~-1~YAAQlNAXAv+2cOOGAQAAlEf8Cwn1yh4zFmkzMPD74nLbTHWIF3CYxbHKBRFUDwmoviujliDnmA7f9fPssNy5rhNhgs6ilLvZqzRy3joeR371Be7/43t1dj2VWJ1Dqif75oJeoBzYpAiIBzEdBe43X3E2t43kzQi1Q+2+U6Exl6NO1MDMckfgS0qRwuSJo/vuDn8oL/tCl961vuS0+J+s2yA4n9BSxPJ7cIDdSOpXlh05ZfOikQ2ZuRLvGjFCZ6yQZUORUAAxDM9lRDlmhn6Paw44FBsnSUagP6UEC84fAMCl1xjQPeyh7CbAjmQ5qKVVSU+DymrjeAALvLDZF6t8jM5tnunFx+Ld7hNsX1yhZUp7As+sV1yqSzKsRt1HWIUBjQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 22 Mar 2024 01:01:35 GMT; Max-Age=31536000; Secure
bm_sz=E57A342BF849071B23DC193C25F379EE~YAAQlNAXAgC3cOOGAQAAlEf8CxNhT3bMQwPGZl8W+Gx5mZvFc94QzSDgGRGfTiYGv+1tNKXbZSOKju4J8N4CaJSTLcU9DKeeiBnMIgeV6urdFUfyVU98LBwlG8KH9UEaNZH6wmB53p0XXQG76QPSKF27gvFpdWs314BUQgAqOi4Kk9O0bgXtLYOmd/XQwGiW5NqhdnBjg54HLQlcW6AlJ4wABGuHLPd222fCxvLcFWJLIVSp1a9fH6CPq9INAMNeia3QdbJgDzWSCAYPxLHgVjRUtj6ae9xWaBgcUeXhtA+SznK3OFjd~3749174~3291449; Domain=.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 05:01:35 GMT; Max-Age=14400
X-Via: 1.1 kf182:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4ef_kf173_5203-59448
www--wellsfargo--com--u949329d48d6c.wsipv6.com/T74aG3/v/Z/0wqlYKpXVdy3/3JiOkQfLEuru3k/YXVAWAE/Pk/gzGlkBTVA
201 Created 18 B URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/T74aG3/v/Z/0wqlYKpXVdy3/3JiOkQfLEuru3k/YXVAWAE/Pk/gzGlkBTVA
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
POST /T74aG3/v/Z/0wqlYKpXVdy3/3JiOkQfLEuru3k/YXVAWAE/Pk/gzGlkBTVA HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2483
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:8fbcc309-f33b-4f35-837f-774baee41b13|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:87; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 201 Created
Date: Thu, 23 Mar 2023 01:01:35 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=pbjj3+Mb%2fLz%2frdTXkui7lw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=pbjj3+Mb%2fLz%2frdTXkui7lw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=8F6031A8C0362167CC4B975A65914701~-1~YAAQlNAXAgG3cOOGAQAAzEf8CwmZfPAZB4JYxD3k8n19n2Rh2LKDnNEIOuGV9DdCvebUKxYMVyqWlFU6Q2p4xFyCfZJNufShaZStot8xu3n5UMJ5+CPPnvrgw9GynZQBvrsCmc8tfaruSqP90Td/8b26089IE+SKYxP16RrR2MqDAqnnu/m+9Q26NQmdoLaHDMqboT6S96qkXoLGohQp7pymFYCW1qx0l8cI7FjDzOl5pNpbA+sB5YULy5GuQ9sge5k7CWh/Q1kp/wSetGcs/84+2h2T8Z7eeEd0VXPh3AcGy8oNh2fhXKiiADky7qK0ufQU1SSFKkJffuyLBgpICPtY75ZQCxM9skMLXs9YcGJQBk+bPkuk8QPuUKPIlcrolw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 22 Mar 2024 01:01:35 GMT; Max-Age=31536000; Secure
bm_sz=6AE20535EB6E15823B7B79D20F2FC458~YAAQlNAXAgK3cOOGAQAAzEf8CxOBDKvjCr+R5+WzCyoYuKXzmLXktsGVZGEipNxwLaBDNa9V+vMyNm+eHonYsAbYqXj1sVdYRAvJ9zu7mIKJXhj+zescsEwzwjpwiQBdkwEQevGjCgQ6cDjIsfVIpOOv1RxcE621vOB28vhmiKJS7gkCtaEilbII+8r0yubEc1N16zfqSRXkzevq+yzM7pzuMBhW/EGZHQIKwVveHJ+dryj6fID0kH75t6Ebjsw3nJo5jmtEAroJLYv23DFIa4pepcqwIjct17NL9hAu0lM/tisFr6F9~3749174~3291449; Domain=.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 05:01:35 GMT; Max-Age=14400
X-Via: 1.1 kf182:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4ef_kf173_5203-59449
c1.wfinterface.com/tracking/hp/utag.js
200 OK 55 kB URL HTTP/1.1 c1.wfinterface.com/tracking/hp/utag.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (14989)
Hash 325fd5c1e9f3b04b500aa0a5214d9219
8adc6878a065c03ca375c03e509b1124e2d737db
a55e9e2d4fd5dbf0eb3a9437ce9fc2bcdd94e12693be87fcc0546aff39c4be98
GET /tracking/hp/utag.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Mon, 13 Feb 2023 21:04:14 GMT
Vary: Accept-Encoding
ETag: W/"63eaa5ce-32385"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 54869
Date: Thu, 23 Mar 2023 01:01:35 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=VIu6LtNcPugoEz8qCQI9aA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--u949329d48d6c.wsipv6.com/target/offers/conversations
200 OK 2.2 kB URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/target/offers/conversations
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (10819), with no line terminators
Hash e029461776f864963d3fab89ca7cb5e4
61d4721ea97b0fbebb15ff750b260abe4d734042
1e9b1928969f79eac79d985a3d5e4787660a4a157e8d42b0949bda720944bc59
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /target/offers/conversations HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 105
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:8fbcc309-f33b-4f35-837f-774baee41b13|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:87; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:35 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 2196
Connection: keep-alive
Content-Security-Policy: default-src 'none'; prefetch-src 'self' *.wellsfargo.com *.wellsfargomedia.com; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://resources.digital-cloud-prem.medallia.com https://www.knotch-cdn.com https://www.units.knotch.it https://*.knotch.it/; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.ads.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://www.linkedin.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://*.mworld.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://www.units.knotch.it; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-5aa25113-daec-4fe4-88a3-e892122419a3' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.ads.linkedin.com https://www.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:8fbcc309-f33b-4f35-837f-774baee41b13|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:87; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:f9687a8c-dd67-40ad-ab36-cf408ddcb7da; Expires=Thu, 23-Mar-2023 01:02:05 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:f9687a8c-dd67-40ad-ab36-cf408ddcb7da|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 23-Mar-2023 01:02:05 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Thu, 23-Mar-2023 01:02:05 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893; Expires=Thu, 23-Mar-2023 01:02:05 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:125; Expires=Thu, 23-Mar-2023 01:02:05 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=11202303221801351645898122; domain=.wellsfargo.com; path=/; expires=20 Mar 2033 01:01:35 GMT; secure=true; SameSite=Lax; HttpOnly
wcmcookiehp=9FC38968A6509F8CDACC63796FD3420B; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
DCID=qgJNzohxEXUrlePQtMDGMQsn6Rw8vYauPnj9rLTz8pQ%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:35 GMT;Httponly; Secure
_abck=BE09E9936417E2AC229E2F77E7FCE09A~-1~YAAQlNAXAgO3cOOGAQAAMEj8Cwm7h4jeaL22lLEVS1MGpdCThSlcsRBZH1MGf7SRFrAMwosTsE/5s7/bgAQ+6sqHEO1cmReCRqW49GIGz7wHaxNhkxBXGuzm4c7v5KwzClkQDdnMoOaCKAmCgWTfvOPccJuu3L2uz/a1HtvQo/ApuUzVFdx7evwwB0SWEBiroQOu044rfqCXpoMs8Ke5cVMSElWF4iK/txYlu5S65e++RWmds+R+SWDW3Rj98+5ZLgzQgQnm0kOXPC5x0bK6Kif/dpKTXmPwRHoNUAKsrmrA5emjkAbtcwWLL6l14PQc/p5VDc/3gXLDRYVjuX2tBIkaV1CWWiXa0bWD6YSEFXPZChwSkwSwXorKKNBz/QVLOg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 22 Mar 2024 01:01:35 GMT; Max-Age=31536000; Secure
bm_sz=DE6942B3AC960645362F5309F90B324D~YAAQlNAXAgS3cOOGAQAAMEj8CxPwLErfghqBrTkjmuZtkwy/FgSQ5vVhWspzxwNkio0f3GhKGGqtfFHlkviUpX5f1nKgbxfkt9FeDylRg5bUYY37ik7TirQLNEs3mEwvK13cftrlA5FX297hyVtrU0POrSJXXtMldWMt2KTZd1poyS6/Gzj+bOAJDDkn+/H8A6vxYRqBMjkrV1/tB4d/7+4I1IywkzsbEzNGkOQ3p22o6/LRTyyegfm0ntG54pgxWp6Hw0Oywg5R2JDIRON4mHp1b0oZH1aGonBvkpuukZAZwUUxBwzJ~3749174~3291449; Domain=.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 05:01:35 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf173:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4ef_kf173_5002-18351
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7648
Expires: Thu, 23 Mar 2023 03:09:03 GMT
Date: Thu, 23 Mar 2023 01:01:35 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7648
Expires: Thu, 23 Mar 2023 03:09:03 GMT
Date: Thu, 23 Mar 2023 01:01:35 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7648
Expires: Thu, 23 Mar 2023 03:09:03 GMT
Date: Thu, 23 Mar 2023 01:01:35 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32536e34-d62f-40f1-b196-c4bbe784cca6.jpeg
200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32536e34-d62f-40f1-b196-c4bbe784cca6.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f148d2e3cd5679fe5cb9cd58630517c7
b312f7c6526254709a0f7424502952e9eaff9c78
6e98a90935a53caa8871238088e77269e5d7215d16dccabe7e9e4af09f39f7b0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32536e34-d62f-40f1-b196-c4bbe784cca6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5356
x-amzn-requestid: a49dca74-54fa-457c-a5b6-e347fd139d1d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM8ovEgAIAMFcnA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b749e-673461e13b7d2f4e7ad66e7f;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:35:26 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: uuIP_yp-XnJjUMLZ5qCkwZhqhbAViZrp2J3GJEfFHr54ouK7s6gjlA==
via: 1.1 88a7ff956a5b49ec3a35abfc0027af12.cloudfront.net (CloudFront), 1.1 7514e5e25722778fd4b1744d4ecc67e0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:43:35 GMT
age: 11880
etag: "b312f7c6526254709a0f7424502952e9eaff9c78"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6cff797b-5560-422b-9907-7a2fbe8dd123.jpeg
200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6cff797b-5560-422b-9907-7a2fbe8dd123.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 05c7970e81559904d05b6e8cf693f085
709b01a360624eceafb1876f56378824aa4936b3
a4fd80c9bdce27961560d7c31e216706e9e32d42d1edd883e283c149505b3db0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6cff797b-5560-422b-9907-7a2fbe8dd123.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7424
x-amzn-requestid: 4d4097db-ae95-4a34-8f92-a56c29e836e2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CENb6FKDoAMF_cg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6417f5e5-772b562b3176f7ca0740db72;Sampled=0
x-amzn-remapped-date: Mon, 20 Mar 2023 05:57:57 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: d_lhTrmtXesTfnCpReJoiiv68EudX-RCSzr3fwqOe3ouJv-M0IOLtw==
via: 1.1 ef6538ee7be7b17c84d06edb0f4c0a1a.cloudfront.net (CloudFront), 1.1 efcf7b9d0f917f9ebf314db03e52d9b6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:43:22 GMT
age: 11893
etag: "709b01a360624eceafb1876f56378824aa4936b3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F772d9c75-9796-494f-9fc4-91d04e2bac53.jpeg
200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F772d9c75-9796-494f-9fc4-91d04e2bac53.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 90f64fe111aa6e90ebf52e0335d21b75
4f25bdbffca3803b02c196c38491223684d36b4d
37894e16112286470b7fd2e0bbd5ca74944e6cb5ca6e8aff189c4515122a0d40
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F772d9c75-9796-494f-9fc4-91d04e2bac53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4905
x-amzn-requestid: f2297c3e-1187-48f5-bffb-c5ea1a79a10b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CBFgcF4_oAMFd6A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6416b602-02696af01c0d586c631c5b45;Sampled=0
x-amzn-remapped-date: Sun, 19 Mar 2023 07:13:06 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: HAVaMp1A9tJn0tkglSbGAemjgFzfewcKrtrfk5-FoX1UZGaT4CsNbA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 f268a165a18929fd0a24a3189fbd16b2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 03:38:11 GMT
age: 77004
etag: "4f25bdbffca3803b02c196c38491223684d36b4d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg
200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c05bfdf1411a931d8ea9adc64b07bc74
156ef59e53564a4f2b27002b2695fafecd578d82
15d17c0df2d2b0625ecf5f576a7ff630ae8b923b28be354ad23aec6a284a801a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6692
x-amzn-requestid: 3a0f6a8d-89b1-43f4-8a15-8749bdbc047b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM9d9FcOoAMFaFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b75f2-3540256d6be3d4f85bba65ea;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:41:06 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: PNAVsyfdAHjn5F6Rt1uz1U46QCIGvTCqZatbAurr6Ilu0quHWExuSw==
via: 1.1 e92cc925fc8895560cd0628c67f58828.cloudfront.net (CloudFront), 1.1 aabd01c4a20dae837d162bd972422efc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:43:34 GMT
age: 11881
etag: "156ef59e53564a4f2b27002b2695fafecd578d82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcbdd70a4-b533-4e87-84d2-c2122ca1cdc5.jpeg
200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcbdd70a4-b533-4e87-84d2-c2122ca1cdc5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 31ad983ec21e3dee7b6083bc04742aee
a98933e2845c02158175a54d9648f12086a96569
8cb18730db03dd8727b2ff42ecfa7885b9e8dbe3c37c08b1ad0c67e629338b95
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcbdd70a4-b533-4e87-84d2-c2122ca1cdc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5915
x-amzn-requestid: 1c6acb42-48cc-4113-a8d0-6a811cd16613
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B9xXaGUVoAMFwIw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64156295-0edcaad90df031882fa7457c;Sampled=0
x-amzn-remapped-date: Sat, 18 Mar 2023 07:04:53 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 7adB6pgLZouHEUjlJ0bXM2XnYcNUS1yjIhz6bz2C0jkIb60sqqQS6w==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 aabd01c4a20dae837d162bd972422efc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:54:10 GMT
age: 11245
etag: "a98933e2845c02158175a54d9648f12086a96569"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae396653-384e-48e4-9824-4bf9d53f211b.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae396653-384e-48e4-9824-4bf9d53f211b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 90be67fd11de3a169f4de942f6418f3f
55bd99cc5490b60e7a653ffa5f2a8c288ef66e87
b07e34257bbaa41c941650a839adad82d4999d92ee62402dbec969d9464c89b0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae396653-384e-48e4-9824-4bf9d53f211b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10959
x-amzn-requestid: bd05c562-c0e1-4e24-979e-a6d491a3b146
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CGRq0HOBIAMF_pQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6418c978-0fc58a245c33de28765f2778;Sampled=0
x-amzn-remapped-date: Mon, 20 Mar 2023 21:00:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: dlFpac3yPwCDpgx2UdrOeNK5H1b3Rrn5Ri05py3WY-Z0-wsPBneBMg==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 f958a3846d80a3925f664b320dfad9c8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 13:45:26 GMT
etag: "55bd99cc5490b60e7a653ffa5f2a8c288ef66e87"
content-type: image/jpeg
age: 40569
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_active-cash-card_1700x700.jpg
200 OK 4.8 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_active-cash-card_1700x700.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x423, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 0867726241a09f5c4f8881c0b0a8bfc2
e0822cf1a6d39dbfac1c1d908a3fadf6f113554f
406498a4f546d06603699d7290a4b5c2492b7c8e7c949d16fd8e87f946aedac1
GET /assets/images/contextual/responsive/hpprimary/wfi_ph_active-cash-card_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61a7e46d-e1c7"
last-modified: Thu, 14 Jul 2022 02:10:45 GMT
server: Akamai Image Manager
content-length: 4750
content-type: image/webp
cache-control: private, no-transform, max-age=1703767
expires: Tue, 11 Apr 2023 18:17:42 GMT
date: Thu, 23 Mar 2023 01:01:35 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1345111232_616x353.jpg
200 OK 13 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1345111232_616x353.jpg
IP
File type ISO Media, AVIF Image\012- data
Hash 9546dd9c0fbb7de266a2fbe85e233840
c1d9c5b3b5fa7b3490d989bef5ebb6c9ed48d613
df56980fe7ba7e6ec928aea7ea45292c5e41eef8a0a2de9d0c0682f039a788a8
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1345111232_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63cb7c48-e73f"
last-modified: Wed, 15 Feb 2023 22:32:34 GMT
server: Akamai Image Manager
content-length: 13262
content-type: image/avif
cache-control: private, no-transform, max-age=1863597
expires: Thu, 13 Apr 2023 14:41:32 GMT
date: Thu, 23 Mar 2023 01:01:35 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_cash-stack_color-gradient_64x64.png
200 OK 1.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_cash-stack_color-gradient_64x64.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 14bdc46d81ae4b5283a8b12041900b3b
34ea3265a77e2cf08f22a15468b87480fac323b3
37527b7868fd7bd8b735222ca64276dd942ed8fab9a3c1d5a42383b22c6e2c04
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_cash-stack_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "63617b69-da1"
last-modified: Mon, 07 Nov 2022 20:42:41 GMT
server: Akamai Image Manager
x-serial: 553
x-check-cacheable: YES
content-length: 1264
content-type: image/webp
cache-control: private, no-transform, max-age=2545897
expires: Fri, 21 Apr 2023 12:13:12 GMT
date: Thu, 23 Mar 2023 01:01:35 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_111661701_616x353.jpg
200 OK 55 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_111661701_616x353.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f9ab0764029883a1b5fedf81e7a450a1
b1f3593d1bf562f06bff4d9175d7ce10aa294f4f
4d2bd105b932b41bcf770bccfa190341867c5680f95df56ebaf24f6e8d8aefcb
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_111661701_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "63505818-def7"
last-modified: Tue, 25 Oct 2022 21:17:29 GMT
server: Akamai Image Manager
x-serial: 1018
x-check-cacheable: YES
content-length: 55048
content-type: image/webp
cache-control: private, no-transform, max-age=1421927
expires: Sat, 08 Apr 2023 12:00:22 GMT
date: Thu, 23 Mar 2023 01:01:35 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_creditcard_color-gradient_64x64.png
200 OK 1.1 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_creditcard_color-gradient_64x64.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash f1bc1104011416dfe46e6a148f6f9515
574980010589cdf51f07081e6c7ee06de1e063f4
eda705920b82d0bef5bf2b041ee4e37537017cabac01cea7c7a3f89a40765e6a
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_creditcard_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6318b389-c10"
last-modified: Fri, 16 Sep 2022 20:24:35 GMT
server: Akamai Image Manager
x-serial: 806
x-check-cacheable: YES
content-length: 1118
content-type: image/webp
cache-control: private, no-transform, max-age=2570666
expires: Fri, 21 Apr 2023 19:06:01 GMT
date: Thu, 23 Mar 2023 01:01:35 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_135975483_616x353.jpg
200 OK 43 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_135975483_616x353.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 026d5377df107a52e76d366d238f2b10
241c742d79515854d2d0212672cc99d966bd6b62
3efec6556ec64ec913730c358c15d68a3a482eb0d07d88d6a05a0b00056256d2
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_135975483_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "63505829-e2ce"
last-modified: Tue, 01 Nov 2022 15:08:46 GMT
server: Akamai Image Manager
content-length: 42760
content-type: image/webp
cache-control: private, no-transform, max-age=2037910
expires: Sat, 15 Apr 2023 15:06:45 GMT
date: Thu, 23 Mar 2023 01:01:35 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi000_ph_bc_7207608_collegesponsorship_bball_1600x700.jpg
200 OK 79 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi000_ph_bc_7207608_collegesponsorship_bball_1600x700.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x502, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 82be2b11fdcc39bae1e7d693d2926416
c10db746a340ed7f6e42d82294b88bd1ca20beef
88ad8e333f6091df542578ae0055812bf8f36de2af076210ae42b771465dc458
GET /assets/images/contextual/responsive/lpromo/wfi000_ph_bc_7207608_collegesponsorship_bball_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6384dcc6-186a8"
last-modified: Wed, 07 Dec 2022 16:05:33 GMT
server: Akamai Image Manager
content-length: 79394
content-type: image/webp
cache-control: private, no-transform, max-age=476626
expires: Tue, 28 Mar 2023 13:25:21 GMT
date: Thu, 23 Mar 2023 01:01:35 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
200 OK 2.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash cd43a2d200f1b8eec84495408eb299f0
2eb173b0af9b49b634e0645a96931f5fdf6e3ab3
659ec8c02bafa9c286c39731fb1d2d382a7a8dd2ee8cc4132146558dbe27b6a8
GET /assets/images/homepage/position-1-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-9f2c"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 858
x-check-cacheable: YES
content-length: 2330
content-type: image/webp
cache-control: private, no-transform, max-age=1664350
expires: Tue, 11 Apr 2023 07:20:45 GMT
date: Thu, 23 Mar 2023 01:01:35 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
200 OK 2.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2f9e97870725142046712437d067b97f
bf8db685193835edea05ac95e5671b24e0f49467
50ce7b0d954443e5fd62e3cd003bc7124bda0b30dd58d6a66485c72be96959c0
GET /assets/images/homepage/position-2-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-cf3e"
last-modified: Thu, 14 Jul 2022 02:02:39 GMT
server: Akamai Image Manager
content-length: 2340
content-type: image/webp
cache-control: private, no-transform, max-age=1581363
expires: Mon, 10 Apr 2023 08:17:38 GMT
date: Thu, 23 Mar 2023 01:01:35 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
200 OK 2.1 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash bf02d082705f06162b2e73f68602e79e
219dbb45081fa5d8663bad2f96e9066e7f17aa6e
10c22e3b130204065c1a61e7995a9defe21f0408801e8b442035a03f8d16ad64
GET /assets/images/homepage/position-3-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-7b35"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
x-serial: 416
x-check-cacheable: YES
content-length: 2092
content-type: image/webp
cache-control: private, no-transform, max-age=1664936
expires: Tue, 11 Apr 2023 07:30:31 GMT
date: Thu, 23 Mar 2023 01:01:35 GMT
X-Firefox-Spdy: h2
www--wellsfargo--com--u949329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AIDS-guHAQAA5eyGIvZDO-31JBjNTiSe4M69iHFK-pUFOU8DpuRJJFi6AEB-&X-G2Q3kxs3--z=q
200 OK 150 kB URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AIDS-guHAQAA5eyGIvZDO-31JBjNTiSe4M69iHFK-pUFOU8DpuRJJFi6AEB-&X-G2Q3kxs3--z=q
IP
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (65536), with no line terminators
Size 150 kB (149702 bytes)
Hash 600eed0861cffefd54ffb3e8f21d249a
63819f12c4a6327104a46e7571fe56613089f6a9
9b9aebacdcfbab87263bad3b671fb5563cbe4315e9377f511096c08d0be29133
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /auth/login/static/js/general_alt.js?async&seed=AIDS-guHAQAA5eyGIvZDO-31JBjNTiSe4M69iHFK-pUFOU8DpuRJJFi6AEB-&X-G2Q3kxs3--z=q HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:8fbcc309-f33b-4f35-837f-774baee41b13|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:87; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Thu, 23 Mar 2023 01:01:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=AyhH_AuHAQAAQz1tYlEyCgxK41GmJpbXwWtZXBl5NmtAYNNeheRDlK67e-95AaOrhK-cuDv8wH8AAEB3AAAAAA|1|0|2256f6b4de81f1be9ac0bf625191f1837da8987b; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=F03n8f9Gx8T1OaHNREkujL6yWU7twmTyffpHV+tqldSzHybM6s0joV+GlJZHrPft; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:35 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4ef_kf173_5273-30729
www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
200 OK 9.2 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
IP
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash cd112f1acb59ef6e59e09c0effd8ce2a
bc104cd92adc32a8f695300d2b0cc69c2776f6af
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c
GET /assets/images/icons/ico/favicon.ico HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/x-icon
content-length: 9198
last-modified: Fri, 17 Dec 2021 21:10:38 GMT
etag: "61bcfcce-23ee"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=43196
expires: Thu, 23 Mar 2023 13:01:31 GMT
date: Thu, 23 Mar 2023 01:01:35 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
200 OK 1.0 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
IP
File type ISO Media, AVIF Image\012- data
Hash 4febe8c61db195a61e1bf6366a2dba1e
6b66fc1349bd2d08b0d9046a2f0c33d1b2925534
964596930b998b90463258b346ce36d991a0f28e7054770a1decfff35a9cda0c
GET /assets/images/icons/icon-hires_192x192.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6116f9a6-dcf"
last-modified: Tue, 17 Jan 2023 06:26:40 GMT
server: Akamai Image Manager
content-length: 1012
content-type: image/avif
cache-control: private, no-transform, max-age=1664328
expires: Tue, 11 Apr 2023 07:20:24 GMT
date: Thu, 23 Mar 2023 01:01:36 GMT
X-Firefox-Spdy: h2
www--wellsfargo--com--u949329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
200 OK 308 kB URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
IP
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (65357)
Size 308 kB (308145 bytes)
Hash 09692edc541783c3d9e1fffdd645c70e
a0dc9751050cc567a7f7f7732116e16a1117989f
1fded794298268e8997cff93efa597bb60d71528d3e8ca4af840a7dd38a64e11
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /auth/login/static/js/general_alt.js?1js HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:8fbcc309-f33b-4f35-837f-774baee41b13|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:87; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Thu, 23 Mar 2023 01:01:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: DCID=zArXm+iIvE9x4XNnVF5l6GRMev1gQSsV3JksKvItwmw%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:35 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4ef_kf173_4979-37176
www--wellsfargo--com--u949329d48d6c.wsipv6.com/T74aG3/v/Z/0wqlYKpXVdy3/3JiOkQfLEuru3k/YXVAWAE/Pk/gzGlkBTVA
201 Created 18 B URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/T74aG3/v/Z/0wqlYKpXVdy3/3JiOkQfLEuru3k/YXVAWAE/Pk/gzGlkBTVA
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
POST /T74aG3/v/Z/0wqlYKpXVdy3/3JiOkQfLEuru3k/YXVAWAE/Pk/gzGlkBTVA HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2210
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=; utag_main=v_id:01870bfc62a3000d6bc98d8d2f4200050003700900918$_sn:1$_se:1$_ss:1$_st:1679535102436$ses_id:1679533302436%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:f9687a8c-dd67-40ad-ab36-cf408ddcb7da|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:125
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 201 Created
Date: Thu, 23 Mar 2023 01:01:36 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=bDS%2fYUkfKJ%2f0DzsjwZTh8g%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=bDS%2fYUkfKJ%2f0DzsjwZTh8g%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=ACC3D30DC17DF72DD640F9EB581F5276~-1~YAAQlNAXAhq3cOOGAQAAe0r8Cwl+W4lIUma9QZtzVg9sAN/1r6kQfFSkdy9RwCnglza3HUIVgdDtgYuFd+m3vw8t7nPfMnl7Ri6UXA7YwG3kmwjVgHUDc97rp6u6gcp8nvKWSCNV7JoL0+xkaxbmhLTrbd/Zzsoddfl63UW7eijCFIut1uQ6lvMOVYG3/LUJTDH4K1giIuYs49pK+7qEU6yQIgmolV9XQ2wnSiSe9guSnEW7unBa0NTzoLBBmEz+evY/HDtAomvU2NhdItz1P7/0UdEY9EEDSNryVWib2KbWcfBjWL0+d4XBwZjQp9KtQoPkcsYiEMyjUnCUPVYJrdhtOHvFJbRRQbP9CaNvXqkujWPJl5Cu8aW8AIYRGMSi/w==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 22 Mar 2024 01:01:36 GMT; Max-Age=31536000; Secure
bm_sz=D870458F6EDF294004CBF2E1B119AA80~YAAQlNAXAhu3cOOGAQAAe0r8CxO32DqlWZigH88jk8AgVfCkFtbV37XykbLbzIQO+Jk+edNRg3Jk+eVvNQPXOc3vpa+wvNfzzHm9QZc3eoSb8SdY5p9rnuWw3x90EuRZs4zXnIJm8IPFApRF7vTFneqLg2hxnzoZgBfIeH3qHTRLeCP51XltgbaZ3Ts+yyYOph9WIH77fgyPlna+b3Lv5hYLkFNxNbwxOrFaNXBHqCmFZmmWYZTKxIZotEwa7vMhubpa2DB/pJcur1fw7YU4Y7uhZuAS87sLkbvv6cRtiSFUhbM0MR6q~3228226~3749426; Domain=.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 05:01:36 GMT; Max-Age=14400
X-Via: 1.1 kf182:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4f0_kf173_4979-37192
www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
200 OK 852 B URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 83d5bb1eeca48fd91b76ba78a6033079
795d21b0703fe9606406267cbb1740251f17949c
b5b73fb58b90213e3e94e8bb2f2821ae968e4a14c736940a2a80673c5039919b
GET /assets/images/rwd/Active-Cash-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6217f519-1d25"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 852
content-type: image/webp
cache-control: private, no-transform, max-age=1473422
expires: Sun, 09 Apr 2023 02:18:38 GMT
date: Thu, 23 Mar 2023 01:01:36 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
200 OK 951 B URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
IP
File type ISO Media, AVIF Image\012- data
Hash 83a33d51d4aa35f54f2f6c2199c150b2
07f73b41675e50d9966b314f2b80c0f19b72d87d
a85551eb8605dc8c8a4cfdbdecce7c9a91bfca0fe5b63d23d59aff1f1a96cf94
GET /assets/images/rwd/wf_autograph_card_79x50.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "636fb758-81c"
last-modified: Thu, 19 Jan 2023 19:32:59 GMT
server: Akamai Image Manager
x-serial: 2010
x-check-cacheable: YES
content-length: 951
content-type: image/avif
cache-control: private, no-transform, max-age=1698075
expires: Tue, 11 Apr 2023 16:42:51 GMT
date: Thu, 23 Mar 2023 01:01:36 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
200 OK 712 B URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 856ba11ad61b561850f726f3f9bd8c6b
b50337dec6ee97d505a21bdcaa15f4a0d2bb2571
7867b0f1e4d21ebd684268360f820149578a15141a9128b57a97843c0fcb3b72
GET /assets/images/rwd/Reflect-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6217f519-1c20"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 712
content-type: image/webp
cache-control: private, no-transform, max-age=1577775
expires: Mon, 10 Apr 2023 07:17:51 GMT
date: Thu, 23 Mar 2023 01:01:36 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
200 OK 1.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 20395535ccb9d64fc541151586d860d7
791003e66d20380a1925d19a9bb3c4cbaf451073
5220e2267bf1d52810fa37112ed26e7d0d6a6f8cfaaa7d36c032b68562030d05
GET /assets/images/rwd/bilt_card_79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6217f519-1be6"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 961
x-check-cacheable: YES
content-length: 1348
content-type: image/webp
cache-control: private, no-transform, max-age=1646145
expires: Tue, 11 Apr 2023 02:17:21 GMT
date: Thu, 23 Mar 2023 01:01:36 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
200 OK 2.5 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash e3dfb8e67322de6a7be8c293043e69e1
9c2339e0b48afdfdcd908f78777be88c133d2aef
ea103ea932d2ebdd8e57887e4beabb394c21b6f260f49adfa8be4772cb61faec
GET /assets/images/rwd/first_time_experience-account_summary.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "618287e9-14da"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 2496
content-type: image/webp
cache-control: private, no-transform, max-age=1679712
expires: Tue, 11 Apr 2023 11:36:48 GMT
date: Thu, 23 Mar 2023 01:01:36 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
200 OK 9.7 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 8b4c65145c9e79c9856c52e2ce603d3b
438a74f7b0422772484641c478e42249dfe67b02
768a1f0d67ab6d887d220ae8500265022bc019d8076b815c8ca7b009556be135
GET /assets/images/rwd/Native_App_Phone_Personal_v8.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6328cc17-9829"
last-modified: Tue, 11 Oct 2022 18:46:18 GMT
server: Akamai Image Manager
content-length: 9652
content-type: image/webp
cache-control: private, no-transform, max-age=2422879
expires: Thu, 20 Apr 2023 02:02:55 GMT
date: Thu, 23 Mar 2023 01:01:36 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
200 OK 29 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1368994cfb46c8ae169c749459365581
49af26a99885e645354f7b26e123655cdeee159b
a5bcbe6002a1fbae84d43160b1f45c3686d5c35e7fda458e9f4b3fd2dacfe3e5
GET /assets/images/rwd/volunteers_cars_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "618017dd-cd21"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 29240
content-type: image/webp
cache-control: private, no-transform, max-age=1658256
expires: Tue, 11 Apr 2023 05:39:12 GMT
date: Thu, 23 Mar 2023 01:01:36 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/woman_in_office_616x353.jpg
200 OK 32 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/woman_in_office_616x353.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7b5816c180aaf51a1142bd41e53a6ed3
f8dfd3ec8e0fb88ecef0a4b07acda06d280741ab
d7651b47c8d449b7311d15e9625df3514e7c0278ff059392189e608b5a9113a1
GET /assets/images/rwd/woman_in_office_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "618017dd-d06e"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 31450
content-type: image/webp
cache-control: private, no-transform, max-age=1664598
expires: Tue, 11 Apr 2023 07:24:54 GMT
date: Thu, 23 Mar 2023 01:01:36 GMT
X-Firefox-Spdy: h2
www--wellsfargo--com--u949329d48d6c.wsipv6.com/T74aG3/v/Z/0wqlYKpXVdy3/3JiOkQfLEuru3k/YXVAWAE/Pk/gzGlkBTVA
201 Created 18 B URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/T74aG3/v/Z/0wqlYKpXVdy3/3JiOkQfLEuru3k/YXVAWAE/Pk/gzGlkBTVA
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
POST /T74aG3/v/Z/0wqlYKpXVdy3/3JiOkQfLEuru3k/YXVAWAE/Pk/gzGlkBTVA HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3127
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=; utag_main=v_id:01870bfc62a3000d6bc98d8d2f4200050003700900918$_sn:1$_se:1$_ss:1$_st:1679535102436$ses_id:1679533302436%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:f9687a8c-dd67-40ad-ab36-cf408ddcb7da|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:125
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 201 Created
Date: Thu, 23 Mar 2023 01:01:36 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=SMNNbERbV%2f62dSFgJ5LtWg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=SMNNbERbV%2f62dSFgJ5LtWg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=811F80171165D893092C44968482C59E~-1~YAAQlNAXAii3cOOGAQAA3Uv8CwmQwY/88WJwKdhiy6ApXF236nAo5/FQhSanz6/C2t8k6aebjj0AIIqkxrklBgXH6xhDxZOmdigON8iZDE/ZG8l+LrxF/WnURH1Vw288SkfQjhc/sH6Ls4meP3AqA9QefPMrw4KOKWerSOBRpMw0Ps8le1MzOxR7t1Gj2rI3EJ8aHHDq3Y7/sERVZBubffVZf/m8lkkWLVpSBCowA37zmKtKkipfOQ7/8XQztpUDMZS2/cJVhnXC5fYrmu/PwNXskN4Sx0O6XHLZHth+Y0V2sr2HT1DQ8b0qzfDj8Pxj02IIvJdlE/NDavEM0KB1QUx7vInHdR++epNVfrKeVZGK8j69Ek/65I+3kTvUFu0JWQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 22 Mar 2024 01:01:36 GMT; Max-Age=31536000; Secure
bm_sz=36D16E59C3F0AF8798C858507C16533B~YAAQlNAXAim3cOOGAQAA3Uv8CxPYrrgDISHfG1eK1zlQ2y1k5fwNlQfX4FKCJ//b8r/1opXm32SJMvXt6mk0nCMF7OHjQp1Z0xf7Ndc/D/yE/cgLI6R5Gjcxkvk5YJgbyCucrXZT+h/YdKUYdj21nt+aVyscJVdTIBrcehSzjK65CAJMqO5AagsrQ9WbbhAF48mXZrJvOhQzZUN9bVHoAKE4abMv3cUZt3ONuGwDtlMYaUzicFRhrMXdWSXZ4tDZFUiyEecVdrbs8K3O+R39FDreiIN4gQBJ160rSoBsWOop2bwYAsM1~3228226~3749426; Domain=.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 05:01:36 GMT; Max-Age=14400
X-Via: 1.1 kf182:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4f0_kf173_4979-37197
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
200 OK 14 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (32088), with CRLF line terminators
Hash 3aebe41731e9656c48b87e8e8b2d1177
43369d1732f4ad8a5e7a1e9a3e133d96945afe02
6cf0cd136cefa8b4cce2da6ead22c33b83af4af3e87d7e4e9589b60f6ce4e395
GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 14304
Date: Thu, 23 Mar 2023 01:01:36 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=vBD1VhwCTfkSMhv1svWv3A%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
ocsp.digicert.com/
200 OK 471 B IP
Hash d4817249d967a77181b5665e8f809c29
d29cfa30c91f05345c31553d0a09e8e0c47ddc92
9bb5b9f3c0ed5e2cd4944b22cde00507b187de394796c2082b2fe5a805dc92f7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2365
Cache-Control: max-age=103502
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 01:01:36 GMT
Etag: "641a8d01-1d7"
Expires: Fri, 24 Mar 2023 05:46:38 GMT
Last-Modified: Wed, 22 Mar 2023 05:07:13 GMT
Server: ECAcc (ska/F6D2)
X-Cache: HIT
Content-Length: 471
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1679533303372
200 OK 319 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1679533303372
IP
File type JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Hash 91341ba943b86f74f3f2b196b5cbe095
d4650fa04f42dc9ccd93816745a808f55dbe9d50
90ae5c1faa1c55d02648b19873454aa66af4a7880f48a2dd82579f20d24024dc
GET /id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1679533303372 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v046-07254eae8.edge-irl1.demdex.com 1 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=58319851375155149812482897632240377111; Max-Age=15552000; Expires=Tue, 19 Sep 2023 01:01:36 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: U4ebx1cITsk=
Content-Length: 319
Connection: keep-alive
connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
200 OK 570 B URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
IP
ASN #20940 Akamai International B.V.
Hash 7af42886cbcf150f5f025fe73d898a46
9c1750811a061fb0b294bf2161fba564b3c536c7
1e06e8784cc014d631eb50c253ec3c6d7c1bdba9db7b91eb58cd693f4df65591
GET /accounts/static/7M/accounts/short/accounts-cache.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Fri, 17 Feb 2023 18:07:52 GMT
Vary: Accept-Encoding
ETag: W/"63efc278-497"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 570
Date: Thu, 23 Mar 2023 01:01:36 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=gxLeJ6eeHEuTPGmTxu1jJrEJfUNAj4yu1PYJkzwfDnFACUlQNIgWdg7EoZSHcKvg; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:36 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.sectigo.com/
200 OK 472 B IP
Hash aa0b02047e2d86281b8c23f18f0a997c
3eb38073a6d5150c27a96b705ce0210cd7e77620
62f454fe15e193a4be1c774f8e08c19fa46a160a905a7e1ebee6b1aacc6c05bf
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:36 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 19 Mar 2023 20:38:02 GMT
Expires: Sun, 26 Mar 2023 20:38:01 GMT
Etag: "3eb38073a6d5150c27a96b705ce0210cd7e77620"
Cache-Control: max-age=329184,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ac2be802cdcb527-OSL
www--wellsfargo--com--u949329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
200 OK 175 B URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash 0c29b6088512e80ed188046747647454
953312d4edc05712e6d1aa3e06b5f584b98e4414
49d3e946b3637621aaf8114b1cf803cb250e98e332bed8be64c98a1f2145fed7
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Content-Type: multipart/form-data; boundary=---------------------------398395221124037069952942904149
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Content-Length: 171
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=; utag_main=v_id:01870bfc62a3000d6bc98d8d2f4200050003700900918$_sn:1$_se:1$_ss:1$_st:1679535102436$ses_id:1679533302436%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:f9687a8c-dd67-40ad-ab36-cf408ddcb7da|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:125; dti_apg=%7B%22_rt%22%3A%22DQJbJu0rgA%2FE8CmqhQa%2FofYNdtq33R6myFo%2FvX6JhKY%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:36 GMT
Content-Type: application/json
Content-Length: 175
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
x-envoy-decorator-operation: ingress DeviceCategoryPost4
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=iXNdbSZ71IVh42qbPnX0yBZPFwniXCtfX0tKcLu8joU%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:36 GMT;Httponly; Secure
_abck=C28074FF2281748DA730FBE66E41D2E8~-1~YAAQjtAXAsyIwOaGAQAA0Uz8CwmQG9fpAeRqyxytDj3ZtF9kqzDE8TbUP1Id36BWYyTBofq2Ex4UqMjwzJWFu6hvXL6WJRZwEjNlxnalxuPVDp8aydxtrCQ9JrQPte/X63+UXFzmUbUblCYzfunGBAcQxUgDhwaOfUNyOt6jWz4Ye28YDycjNx3oncBjGZKfLn7MKje/0aVXlzYjLNwHO7xVBWgCYMV5/NBHpuptCsJamHZORXvnMRYO54xwCdjoqvJq+/rH2B8LqBXuSWMBisof6xr8XKwTZZVsaAOAdudbUDsa9SUYvnzi7lTpCCFFW3tEf0nrer7gldvXK8/Efkd4b6ncGvvQPWyEdEsGfDAI5UcX0F6zz+urA2jQ07PvdA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 22 Mar 2024 01:01:36 GMT; Max-Age=31536000; Secure
bm_sz=C66749DDFB30150F9C2BCC4985AD4623~YAAQjtAXAs2IwOaGAQAA0Uz8CxPLrifZzE95gYKQEQjnuS+u1i9tg7XOrgupALDCaDpEUfRAdMA9mD3ye6PVicoaUzcpqTa+PVHn2vn2vEb1bzdYqdb4HoI5q5lrX6EjaWcCE9DuIqa8Lxap7cIzXUQbyfFAkFJtDpT7P9sv8K+r2nO36vbEINIDs8Yc88NU9lJN2VgqjEQO6fOLfDtfKzi6PiGrqgv12Y18w59p8pvoGby1Ooki7JGXJAc8x/YoYGSGponlGXDDlGuvrbMxG24tK/ug7b9dLwlmkbgRtNDzSAWrelJ9~3228226~3749426; Domain=.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 05:01:36 GMT; Max-Age=14400
X-Via: 1.1 kf175:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4f0_kf173_4979-37198
connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
200 OK 151 kB URL HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Size 151 kB (150578 bytes)
Hash 2b8756e6036b2f50b74734213084dd9a
c58fe124d71cc5dbc5db66139f56b1545469208b
4cf94d458723038e9c80c9a5b984c077b1ae1a04ba2fd4e49a57767c997ee255
GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Allow: GET, POST, OPTIONS
Access-Control-Allow-Methods: POST
X-Frame-Options: SAMEORIGIN
ETag: W/"6410ff94-1854"
Last-Modified: Tue, 14 Mar 2023 23:13:24 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Thu, 23 Mar 2023 01:01:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
WesdAksn=A2FM_AuHAQAAsEgpW8FdzNqlczQyboKs2aCevgs7qj-R35f4yosCZkuMeD3NAVtaKpqcuDv8wH8AAEB3AAAAAA|1|0|6c64f2e41734eedb1ac7dd598c37fc5896fb96d2; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=oTzxzygj5WB4Irnoz649UpMlPt1ste2AEa3rD8qxvXKZb7ydd2nl39l22jCZaBOC; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:36 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
api.rlcdn.com/api/identity/idl?pid=1317
451 Unavailable For Legal Reasons 0 B URL HTTP/2 api.rlcdn.com/api/identity/idl?pid=1317
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/identity/idl?pid=1317 HTTP/1.1
Host: api.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 451 Unavailable For Legal Reasons
date: Thu, 23 Mar 2023 01:01:36 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
200 OK 45 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Thu, 23 Mar 2023 01:01:37 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=SmnrPnGMXYpZZ6reF9yP9Q%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.05a69a13044cc6fc4087.js
200 OK 3.8 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.05a69a13044cc6fc4087.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (7626), with no line terminators
Hash 07636f1f7a52879fd80a441998850183
b91dba2e5fcb00fdc9182c7d024a5e77af9c2c23
2a55e3bf41e5649d171e018cc6843d39e0926eba587dff857fc889c6929f1526
GET /accounts/static/7M/accounts/public/js/runtime.05a69a13044cc6fc4087.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Fri, 17 Feb 2023 18:07:52 GMT
Vary: Accept-Encoding
ETag: W/"63efc278-1dca"
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Content-Encoding: gzip
Content-Length: 3788
Date: Thu, 23 Mar 2023 01:01:37 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=aL4QzgujgOsKR8uzSuRbMVf%2f0LVetkew8VXIjj1ezBLsD1dSeyOASjEJDmURU71+; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:36 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
c1.wfinterface.com/tracking/gb/detector-dom.min.js
200 OK 132 kB URL HTTP/1.1 c1.wfinterface.com/tracking/gb/detector-dom.min.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65434)
Size 132 kB (131829 bytes)
Hash 73ad7a8f8ccda765b898b038f90d8274
756ac35ad2422d93a0b327dfeff7fe9200695883
60ccc38cf175aba7cbe63bf1ec6319b5c1648d9a52014dfefa6ec718476a17b7
GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:03:51 GMT
Vary: Accept-Encoding
ETag: W/"632cbfa7-6b8d3"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 131829
Date: Thu, 23 Mar 2023 01:01:36 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Ne0SoaM4wbwcDxn08irEFQ%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
200 OK 16 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (599)
Hash 18a9dcc7cee831010cf1647c8e39088a
731f39c30835414c6e165dd4687bf4071fe0eb10
1dc439a17ef08f995584c4869ccc397120b2502b57ba40240887df28e347be9b
GET /assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 Mar 2021 23:46:24 GMT
Vary: Accept-Encoding
ETag: W/"60401fd0-bbed"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15970
Date: Thu, 23 Mar 2023 01:01:37 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=7KN%2fWrbmqmLVZK%2fQfTvr1A%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--u949329d48d6c.wsipv6.com/as/jsLog
200 OK 0 B URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/as/jsLog
IP
ASN #54994 QUANTILNETWORKS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
POST /as/jsLog HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 166
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=; utag_main=v_id:01870bfc62a3000d6bc98d8d2f4200050003700900918$_sn:1$_se:2$_ss:0$_st:1679535103506$ses_id:1679533302436%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:f9687a8c-dd67-40ad-ab36-cf408ddcb7da|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:125; dti_apg=%7B%22_rt%22%3A%22DQJbJu0rgA%2FE8CmqhQa%2FofYNdtq33R6myFo%2FvX6JhKY%3D%22%2C%22_s%22%3A%22Rht6bNA8%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C58283159630398234782483752604549179140%7CMCAAMLH-1680138103%7C6%7CMCAAMB-1679533302%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C355126734%7CMCOPTOUT-1679540503s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:37 GMT
Content-Length: 0
Connection: keep-alive
Content-Security-Policy: default-src 'none'; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-c7dc8bf5-88bc-4e52-a2e6-bb61d4043b03' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Set-Cookie: ADRUM_BTa=R:27|g:f9687a8c-dd67-40ad-ab36-cf408ddcb7da|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:125; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:073d05d5-6cd5-4dda-9153-872c9efd2793; Expires=Thu, 23-Mar-2023 01:02:07 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:073d05d5-6cd5-4dda-9153-872c9efd2793|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 23-Mar-2023 01:02:07 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Thu, 23-Mar-2023 01:02:07 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=3D95CB92DD1907DDD68C7EE060985882; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Fri, 22-Mar-2024 01:01:37 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120230322180137900657422; domain=.wellsfargo.com; path=/; expires=20 Mar 2033 01:01:37 GMT; secure=true; SameSite=Lax; HttpOnly
ADRUM_BT1=R:27|i:206915; Expires=Thu, 23-Mar-2023 01:02:07 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206915|e:7; Expires=Thu, 23-Mar-2023 01:02:07 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206915|e:7|d:1; Expires=Thu, 23-Mar-2023 01:02:07 GMT; Path=/; Secure; SameSite=Lax; Httponly
ISD_WCM_COOKIE=!S5IPGNP7v6n7Z23z2xKqB3cO2dndHsy8Bsob2DzFYmo/dNGy7n7D7KleDF8GiCnPn76fO8sD9xn9ik0=; path=/; Httponly; Secure
DCID=QMD8I64EnQmUexkAHTpwINpZ%2fvchILwsvpl2pS99THbdAqzD0kztDKJp8qvfoeAK; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:36 GMT;Httponly; Secure
_abck=C55769FF54627C11B14C4ACF66FA3B3E~-1~YAAQjtAXAtuIwOaGAQAAB078CwkRaMe8NCjMxmWKLMoVjFwNWQoeOnnK8ZvCYjZQjgtiicKyTFiGWvcnuqhKsPi3FbHcwDGiqYOeFwC5YrSqNPQN9KipiotSyHlG85062BxilKi5NQqUsU2sja5ZR1zpuTsnuU4dtISsOqq1dTCvsrmMUBqwan64vlngBJl7cMZEwD5jXegn7GxWOgEkL60f0nKUVHfFtC1A1XejIaeQBUk34PRN5TBTgFcNAph50Lwkj8GgfkhoJr3zABSLtG1pvBRJ1F+jftBn2M0SeMC4+Uek0EmMu7+TySk9/1Rj1EYboSTtbJkN/UwLNhGWz+tHC8tLtDzVXicextssEOz5vKV4hPhngUXARQQZKwMiDQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 22 Mar 2024 01:01:37 GMT; Max-Age=31536000; Secure
bm_sz=F46CADC232CD8F693CEF826DD6C7EDBF~YAAQjtAXAtyIwOaGAQAAB078CxMXlu9loZd2UozoNtmQuX2/Heu/7j64rwy8tMXs5ConS6z7eZBCihVBr/E0X1hvHq6N4MdC8gzxTUNSHobOa+KHu5G7OBjQpmLrNGXb17icthz1GIFGDIYvp5sXrgElLY8dcOEcWg/tD/tfB3xhdVbqumi7pGjL+ekvTw9XeICYpm/bIJy3xuaev2SwinrlkRnNlAThvUud1V9YdGTeSTVtReZtBsxIUqvPZMlnx+WRkXhr8wRa+JnMZZp4u+wyLiMfMNrglUz/Y9psjWiBlPvVAuVr~3228226~3749426; Domain=.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 05:01:36 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:7 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4f0_kf173_4979-37203
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.18915ef50d53df2cce93.chunk.css
200 OK 37 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.18915ef50d53df2cce93.chunk.css
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash c3c017b87a0650cce9b3ba14ebe9fe26
6a8c971574ee34c91ad388f8469cfc4619560cb6
2d541428fa8686262d64321e29e5961d5cd0be372b3d3274e5affdabf113b9ae
GET /accounts/static/7M/accounts/public/stylesheets/wfui.18915ef50d53df2cce93.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 37149
Last-Modified: Fri, 17 Feb 2023 18:07:52 GMT
Vary: Accept-Encoding
ETag: "63efc278-911d"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Thu, 23 Mar 2023 01:01:37 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=ss51LObMuKrqc++%2fl0+cOA%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.1c37f30deebd44acd482.chunk.css
200 OK 24 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.1c37f30deebd44acd482.chunk.css
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 3c846ba351b441f348c13882fd36e641
01fb30d1626af65789aabbd40e4a9c1ed2f1445f
7a1706de813aa470a5acb83fa389523a1a1c44c2c3135e3e38396d69c58cd780
GET /accounts/static/7M/accounts/public/stylesheets/main.1c37f30deebd44acd482.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 23480
Last-Modified: Fri, 17 Feb 2023 18:07:52 GMT
Vary: Accept-Encoding
ETag: "63efc278-5bb8"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Thu, 23 Mar 2023 01:01:37 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=s1vDM3t7jecdQPDTTCgPKA%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1679533303379
200 OK 319 B URL HTTP/1.1 wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1679533303379
IP
File type JSON data\012- , ASCII text, with very long lines (587), with no line terminators
Hash 8bd88e05daedcc7c1111197e28c0752d
04a1b854f50b85c49205e9397bd1f9161338784a
0143ba599c3ef0849cb2dee33bbfe5dd3bdab013e2f1c96659adb5e1e1a5b2e0
POST /event?d_dil_ver=9.5&_ts=1679533303379 HTTP/1.1
Host: wellsfargobankna.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 428
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v046-0d7e6a16f.edge-irl1.demdex.com 3 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=58319851375155149812482897632240377111; Max-Age=15552000; Expires=Tue, 19 Sep 2023 01:01:37 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: FkHPrDQOTik=
Content-Length: 319
Connection: keep-alive
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.ecd53189d0b6bf69e8f7.chunk.js
200 OK 318 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.ecd53189d0b6bf69e8f7.chunk.js
IP
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (65446)
Size 318 kB (318080 bytes)
Hash da13582eb56afe6446a3e64922693295
6ef132579de3a0502934d713ae5216bef23951aa
9fbe0f1450ae8e4498ed19969d4a7573b638a66a25c498b5c8ad01817f481bd8
GET /accounts/static/7M/accounts/public/js/wfui.ecd53189d0b6bf69e8f7.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 318080
Last-Modified: Fri, 17 Feb 2023 18:07:52 GMT
Vary: Accept-Encoding
ETag: "63efc278-4da80"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Thu, 23 Mar 2023 01:01:37 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=rj+s9y54d+l7nxMMZKSUW8xNyNYdNRytXBledpz399zSM0%2fsqt1SvUZuTMiBimzY; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:37 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.sectigo.com/
200 OK 472 B IP
Hash aa0b02047e2d86281b8c23f18f0a997c
3eb38073a6d5150c27a96b705ce0210cd7e77620
62f454fe15e193a4be1c774f8e08c19fa46a160a905a7e1ebee6b1aacc6c05bf
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:37 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 19 Mar 2023 20:38:02 GMT
Expires: Sun, 26 Mar 2023 20:38:01 GMT
Etag: "3eb38073a6d5150c27a96b705ce0210cd7e77620"
Cache-Control: max-age=329183,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ac2be833e7db527-OSL
www--wellsfargo--com--u949329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304079&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304079&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304079&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=; utag_main=v_id:01870bfc62a3000d6bc98d8d2f4200050003700900918$_sn:1$_se:2$_ss:0$_st:1679535103506$ses_id:1679533302436%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQJbJu0rgA%2FE8CmqhQa%2FofYNdtq33R6myFo%2FvX6JhKY%3D%22%2C%22_s%22%3A%22Rht6bNA8%22%2C%22c%22%3A%22elBTM3dLY2FHVEp2YjVtOQ%3D%3Dzn28gX-f42CMpBOxjDP7JGohCskFwh1DfAdYgpRybimiA6t55G6ZSa3lltplcCyyzu8-VN3AV3wJm8ks1mu1dGkl8mmP8FNVsno%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C58283159630398234782483752604549179140%7CMCAAMLH-1680138103%7C6%7CMCAAMB-1680138103%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C355126734%7CMCOPTOUT-1679540503s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ISD_WCM_COOKIE=!S5IPGNP7v6n7Z23z2xKqB3cO2dndHsy8Bsob2DzFYmo/dNGy7n7D7KleDF8GiCnPn76fO8sD9xn9ik0=; ADRUM_BTa=R:27|g:073d05d5-6cd5-4dda-9153-872c9efd2793|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206915|e:7|d:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:37 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 22 Mar 2023 01:01:37 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=SRCqO9BYEUMe47C5vi%2f3O8r4JCERB5jT5ANVWEoDYCkDC0xr8bsDluUD4VFdvbda; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:37 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4f1_kf173_4979-37209
ocsp.digicert.com/
200 OK 471 B IP
Hash 3cb14840890029c2fd56a9e544e702ca
c5cb746086b962570961308c45efde3de7f3ae2d
02c798e54a7fb58dde2e7ea5481e4657d50bacac1647411fca967968337d058e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2441
Cache-Control: max-age=140635
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 01:01:37 GMT
Etag: "641b1dc3-1d7"
Expires: Fri, 24 Mar 2023 16:05:32 GMT
Last-Modified: Wed, 22 Mar 2023 15:24:51 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 471 B IP
Hash 3cb14840890029c2fd56a9e544e702ca
c5cb746086b962570961308c45efde3de7f3ae2d
02c798e54a7fb58dde2e7ea5481e4657d50bacac1647411fca967968337d058e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2441
Cache-Control: max-age=140635
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 01:01:37 GMT
Etag: "641b1dc3-1d7"
Expires: Fri, 24 Mar 2023 16:05:32 GMT
Last-Modified: Wed, 22 Mar 2023 15:24:51 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 471
www--wellsfargo--com--u949329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304186&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-227175-16%7Etcm%3A91-223657-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304186&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-227175-16%7Etcm%3A91-223657-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304186&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-227175-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=; utag_main=v_id:01870bfc62a3000d6bc98d8d2f4200050003700900918$_sn:1$_se:2$_ss:0$_st:1679535103506$ses_id:1679533302436%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQJbJu0rgA%2FE8CmqhQa%2FofYNdtq33R6myFo%2FvX6JhKY%3D%22%2C%22_s%22%3A%22Rht6bNA8%22%2C%22c%22%3A%22elBTM3dLY2FHVEp2YjVtOQ%3D%3Dzn28gX-f42CMpBOxjDP7JGohCskFwh1DfAdYgpRybimiA6t55G6ZSa3lltplcCyyzu8-VN3AV3wJm8ks1mu1dGkl8mmP8FNVsno%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C58283159630398234782483752604549179140%7CMCAAMLH-1680138103%7C6%7CMCAAMB-1680138103%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C355126734%7CMCOPTOUT-1679540503s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ISD_WCM_COOKIE=!S5IPGNP7v6n7Z23z2xKqB3cO2dndHsy8Bsob2DzFYmo/dNGy7n7D7KleDF8GiCnPn76fO8sD9xn9ik0=; ADRUM_BTa=R:27|g:073d05d5-6cd5-4dda-9153-872c9efd2793|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206915|e:7|d:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:37 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 22 Mar 2023 01:01:37 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=X%2fkjQrm7omepw5Opp5DYcs%2fO0Q7ATs5AI+Tn1zvSYZ2q2TcKMjS6hRkatJh%2fZIUJ; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:37 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4f1_kf173_5103-49383
connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
200 OK 607 B URL HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with CRLF line terminators
Hash 00c66df208db2e1ba86a1bf44853001c
703b030e21167b9bbb52ae54bca96921a886c2dc
ab1989dd07ba1ed256db9131647ea9cb1b3735fac736fd27fb73b4b44c6e45b9
GET /auth/static/prefs/atadun.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 15 Dec 2022 17:56:35 GMT
Vary: Accept-Encoding
ETag: W/"639b5fd3-4a0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Content-Encoding: gzip
Content-Length: 607
Date: Thu, 23 Mar 2023 01:01:37 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=LJ+B%2fZ6Ypn6Z4BZLzDhxHak+DUaQPvplnCMWAHSMZwp+HIJSkx8MTebb0XkjdfIt; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:37 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--u949329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304172&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304172&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304172&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32 HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=; utag_main=v_id:01870bfc62a3000d6bc98d8d2f4200050003700900918$_sn:1$_se:2$_ss:0$_st:1679535103506$ses_id:1679533302436%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQJbJu0rgA%2FE8CmqhQa%2FofYNdtq33R6myFo%2FvX6JhKY%3D%22%2C%22_s%22%3A%22Rht6bNA8%22%2C%22c%22%3A%22elBTM3dLY2FHVEp2YjVtOQ%3D%3Dzn28gX-f42CMpBOxjDP7JGohCskFwh1DfAdYgpRybimiA6t55G6ZSa3lltplcCyyzu8-VN3AV3wJm8ks1mu1dGkl8mmP8FNVsno%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C58283159630398234782483752604549179140%7CMCAAMLH-1680138103%7C6%7CMCAAMB-1680138103%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C355126734%7CMCOPTOUT-1679540503s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ISD_WCM_COOKIE=!S5IPGNP7v6n7Z23z2xKqB3cO2dndHsy8Bsob2DzFYmo/dNGy7n7D7KleDF8GiCnPn76fO8sD9xn9ik0=; ADRUM_BTa=R:27|g:073d05d5-6cd5-4dda-9153-872c9efd2793|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206915|e:7|d:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:37 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 22 Mar 2023 01:01:37 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=kuVmHnbhthA6RLNIuOp%2fpebhUeX0otaewPQuEiYY97o%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:37 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4f1_kf173_5273-30744
www--wellsfargo--com--u949329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304176&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304176&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304176&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32 HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=; utag_main=v_id:01870bfc62a3000d6bc98d8d2f4200050003700900918$_sn:1$_se:2$_ss:0$_st:1679535103506$ses_id:1679533302436%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQJbJu0rgA%2FE8CmqhQa%2FofYNdtq33R6myFo%2FvX6JhKY%3D%22%2C%22_s%22%3A%22Rht6bNA8%22%2C%22c%22%3A%22elBTM3dLY2FHVEp2YjVtOQ%3D%3Dzn28gX-f42CMpBOxjDP7JGohCskFwh1DfAdYgpRybimiA6t55G6ZSa3lltplcCyyzu8-VN3AV3wJm8ks1mu1dGkl8mmP8FNVsno%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C58283159630398234782483752604549179140%7CMCAAMLH-1680138103%7C6%7CMCAAMB-1680138103%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C355126734%7CMCOPTOUT-1679540503s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ISD_WCM_COOKIE=!S5IPGNP7v6n7Z23z2xKqB3cO2dndHsy8Bsob2DzFYmo/dNGy7n7D7KleDF8GiCnPn76fO8sD9xn9ik0=; ADRUM_BTa=R:27|g:073d05d5-6cd5-4dda-9153-872c9efd2793|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206915|e:7|d:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:37 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 22 Mar 2023 01:01:37 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=QRQsdyIhMPgNPX9YYEWG2fePPoF2l1Fl31Hgqig7ZkY%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:37 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4f1_kf173_5002-18368
c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
200 OK 45 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Thu, 23 Mar 2023 01:01:37 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=vHoxAqotgCed2xmin3XojA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
200 OK 45 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Thu, 23 Mar 2023 01:01:37 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=FhXTp9Wu5oCxKY5qog0Qlw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--u949329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304189&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_ccd_tk1activecashtestarspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-227175-16%7Etcm%3A91-223657-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304189&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_ccd_tk1activecashtestarspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-227175-16%7Etcm%3A91-223657-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304189&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_ccd_tk1activecashtestarspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-227175-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=; utag_main=v_id:01870bfc62a3000d6bc98d8d2f4200050003700900918$_sn:1$_se:2$_ss:0$_st:1679535103506$ses_id:1679533302436%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQJbJu0rgA%2FE8CmqhQa%2FofYNdtq33R6myFo%2FvX6JhKY%3D%22%2C%22_s%22%3A%22Rht6bNA8%22%2C%22c%22%3A%22elBTM3dLY2FHVEp2YjVtOQ%3D%3Dzn28gX-f42CMpBOxjDP7JGohCskFwh1DfAdYgpRybimiA6t55G6ZSa3lltplcCyyzu8-VN3AV3wJm8ks1mu1dGkl8mmP8FNVsno%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C58283159630398234782483752604549179140%7CMCAAMLH-1680138103%7C6%7CMCAAMB-1680138103%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C355126734%7CMCOPTOUT-1679540503s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ISD_WCM_COOKIE=!S5IPGNP7v6n7Z23z2xKqB3cO2dndHsy8Bsob2DzFYmo/dNGy7n7D7KleDF8GiCnPn76fO8sD9xn9ik0=; ADRUM_BTa=R:27|g:073d05d5-6cd5-4dda-9153-872c9efd2793|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206915|e:7|d:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:37 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 22 Mar 2023 01:01:37 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=qte63xEQu0JsFscqSVUET5yNfAbzOeLQDYGIsdgTm0c%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:37 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4f1_kf173_5162-57672
www--wellsfargo--com--u949329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304181&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304181&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304181&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8 HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=; utag_main=v_id:01870bfc62a3000d6bc98d8d2f4200050003700900918$_sn:1$_se:2$_ss:0$_st:1679535103506$ses_id:1679533302436%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQJbJu0rgA%2FE8CmqhQa%2FofYNdtq33R6myFo%2FvX6JhKY%3D%22%2C%22_s%22%3A%22Rht6bNA8%22%2C%22c%22%3A%22elBTM3dLY2FHVEp2YjVtOQ%3D%3Dzn28gX-f42CMpBOxjDP7JGohCskFwh1DfAdYgpRybimiA6t55G6ZSa3lltplcCyyzu8-VN3AV3wJm8ks1mu1dGkl8mmP8FNVsno%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C58283159630398234782483752604549179140%7CMCAAMLH-1680138103%7C6%7CMCAAMB-1680138103%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C355126734%7CMCOPTOUT-1679540503s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ISD_WCM_COOKIE=!S5IPGNP7v6n7Z23z2xKqB3cO2dndHsy8Bsob2DzFYmo/dNGy7n7D7KleDF8GiCnPn76fO8sD9xn9ik0=; ADRUM_BTa=R:27|g:073d05d5-6cd5-4dda-9153-872c9efd2793|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206915|e:7|d:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:37 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 22 Mar 2023 01:01:37 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=02wLspKbVrWi10i2YfSylQ6O6tTDCJCq9xcPya3mtho5vCNZD5OBWFSYX4MiLK+L; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:37 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4f1_kf173_5203-59464
www--wellsfargo--com--u949329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304193&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304193&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304193&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=; utag_main=v_id:01870bfc62a3000d6bc98d8d2f4200050003700900918$_sn:1$_se:2$_ss:0$_st:1679535103506$ses_id:1679533302436%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQJbJu0rgA%2FE8CmqhQa%2FofYNdtq33R6myFo%2FvX6JhKY%3D%22%2C%22_s%22%3A%22Rht6bNA8%22%2C%22c%22%3A%22elBTM3dLY2FHVEp2YjVtOQ%3D%3Dzn28gX-f42CMpBOxjDP7JGohCskFwh1DfAdYgpRybimiA6t55G6ZSa3lltplcCyyzu8-VN3AV3wJm8ks1mu1dGkl8mmP8FNVsno%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C58283159630398234782483752604549179140%7CMCAAMLH-1680138103%7C6%7CMCAAMB-1680138103%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C355126734%7CMCOPTOUT-1679540503s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ISD_WCM_COOKIE=!S5IPGNP7v6n7Z23z2xKqB3cO2dndHsy8Bsob2DzFYmo/dNGy7n7D7KleDF8GiCnPn76fO8sD9xn9ik0=; ADRUM_BTa=R:27|g:073d05d5-6cd5-4dda-9153-872c9efd2793|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206915|e:7|d:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:37 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 22 Mar 2023 01:01:37 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=zXvybrQ32%2fjHAwBRw7UeIRVvQQceEHV8uKxPW9%2fcJ0smfdnR8g%2f9+1jpaQKgW5Z%2f; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:37 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4f1_kf173_4979-37212
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=09dce672-2ab1-4602-969f-9af1b8fcf05c%3A0&_cls_v=e6d01060-32ae-4590-8c67-79f137c4f807&pv=2&f_cls_s=true
200 OK 1.2 kB URL HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=09dce672-2ab1-4602-969f-9af1b8fcf05c%3A0&_cls_v=e6d01060-32ae-4590-8c67-79f137c4f807&pv=2&f_cls_s=true
IP
ASN #20940 Akamai International B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (5109), with no line terminators
Hash 7123a5855f43430350228394bcb1f72c
8f7f721abf0adae7ecb962c0035720725992e544
e75d333c3ac300b6b13e3033906875089f0e949467176e57e2e1333d54005d31
GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=09dce672-2ab1-4602-969f-9af1b8fcf05c%3A0&_cls_v=e6d01060-32ae-4590-8c67-79f137c4f807&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1189
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Thu, 23 Mar 2023 01:01:37 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=de760e43; Secure; SameSite=None;HttpOnly;Secure
_cls_v=e6d01060-32ae-4590-8c67-79f137c4f807; Secure; SameSite=None;HttpOnly;Secure
_cls_s=09dce672-2ab1-4602-969f-9af1b8fcf05c:0; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!lxlAjLpm7zq0+joq/D2JHXmrrcNtCwyBCb28Yv6J/MlwGKie0wDUR2pNtCmxB4J16oV1jOD+oBy93A==; path=/; Httponly; Secure
DCID=xbNF8ZOcEXeEKEgshxBJWBETWGixs%2fwO4xmkZz748H1nj5Wy0swGZMVqnKpkoWjw; Domain=rubicon.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:37 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--u949329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304199&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_chk_digitalcashbonusrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32&promoSlot=1
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304199&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_chk_digitalcashbonusrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32&promoSlot=1
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304199&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_chk_digitalcashbonusrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251513-16%7Etcm%3A91-228643-32&promoSlot=1 HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=; utag_main=v_id:01870bfc62a3000d6bc98d8d2f4200050003700900918$_sn:1$_se:2$_ss:0$_st:1679535103506$ses_id:1679533302436%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQJbJu0rgA%2FE8CmqhQa%2FofYNdtq33R6myFo%2FvX6JhKY%3D%22%2C%22_s%22%3A%22Rht6bNA8%22%2C%22c%22%3A%22elBTM3dLY2FHVEp2YjVtOQ%3D%3Dzn28gX-f42CMpBOxjDP7JGohCskFwh1DfAdYgpRybimiA6t55G6ZSa3lltplcCyyzu8-VN3AV3wJm8ks1mu1dGkl8mmP8FNVsno%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C58283159630398234782483752604549179140%7CMCAAMLH-1680138103%7C6%7CMCAAMB-1680138103%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C355126734%7CMCOPTOUT-1679540503s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ISD_WCM_COOKIE=!S5IPGNP7v6n7Z23z2xKqB3cO2dndHsy8Bsob2DzFYmo/dNGy7n7D7KleDF8GiCnPn76fO8sD9xn9ik0=; ADRUM_BTa=R:27|g:073d05d5-6cd5-4dda-9153-872c9efd2793|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206915|e:7|d:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:37 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 22 Mar 2023 01:01:37 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=Ig29qnsyoVTtnighxwYEtmAf%2f7NEFTNGtVphkbCf40k%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:37 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4f1_kf173_5103-49387
www--wellsfargo--com--u949329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304203&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304203&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304203&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=; utag_main=v_id:01870bfc62a3000d6bc98d8d2f4200050003700900918$_sn:1$_se:2$_ss:0$_st:1679535103506$ses_id:1679533302436%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQJbJu0rgA%2FE8CmqhQa%2FofYNdtq33R6myFo%2FvX6JhKY%3D%22%2C%22_s%22%3A%22Rht6bNA8%22%2C%22c%22%3A%22elBTM3dLY2FHVEp2YjVtOQ%3D%3Dzn28gX-f42CMpBOxjDP7JGohCskFwh1DfAdYgpRybimiA6t55G6ZSa3lltplcCyyzu8-VN3AV3wJm8ks1mu1dGkl8mmP8FNVsno%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C58283159630398234782483752604549179140%7CMCAAMLH-1680138103%7C6%7CMCAAMB-1680138103%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C355126734%7CMCOPTOUT-1679540503s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ISD_WCM_COOKIE=!S5IPGNP7v6n7Z23z2xKqB3cO2dndHsy8Bsob2DzFYmo/dNGy7n7D7KleDF8GiCnPn76fO8sD9xn9ik0=; ADRUM_BTa=R:27|g:073d05d5-6cd5-4dda-9153-872c9efd2793|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206915|e:7|d:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:37 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 22 Mar 2023 01:01:37 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=qlQa1YDsOYLpjxxmunMgB87QaKRnnmdjyV5qbkIeBYHFuFUtPpbh19C7ntJ8bhvu; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:37 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4f1_kf173_5273-30746
www--wellsfargo--com--u949329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304212&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-251698-16%7Etcm%3A91-228643-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304212&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-251698-16%7Etcm%3A91-228643-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304212&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-251698-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=; utag_main=v_id:01870bfc62a3000d6bc98d8d2f4200050003700900918$_sn:1$_se:2$_ss:0$_st:1679535103506$ses_id:1679533302436%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQJbJu0rgA%2FE8CmqhQa%2FofYNdtq33R6myFo%2FvX6JhKY%3D%22%2C%22_s%22%3A%22Rht6bNA8%22%2C%22c%22%3A%22elBTM3dLY2FHVEp2YjVtOQ%3D%3Dzn28gX-f42CMpBOxjDP7JGohCskFwh1DfAdYgpRybimiA6t55G6ZSa3lltplcCyyzu8-VN3AV3wJm8ks1mu1dGkl8mmP8FNVsno%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C58283159630398234782483752604549179140%7CMCAAMLH-1680138103%7C6%7CMCAAMB-1680138103%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C355126734%7CMCOPTOUT-1679540503s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ISD_WCM_COOKIE=!S5IPGNP7v6n7Z23z2xKqB3cO2dndHsy8Bsob2DzFYmo/dNGy7n7D7KleDF8GiCnPn76fO8sD9xn9ik0=; ADRUM_BTa=R:27|g:073d05d5-6cd5-4dda-9153-872c9efd2793|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206915|e:7|d:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:37 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 22 Mar 2023 01:01:37 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=I+B6PFr7UslfyYPg1D8vXlJNQME0e%2fjmC5tlyeak22s%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:37 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4f1_kf173_5162-57673
c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
200 OK 45 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=AW-984436569 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Thu, 23 Mar 2023 01:01:37 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=GtfF+tjJT9m%2f+tWPBgnGYQ%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 3926268b239c5722f27fa96c1571da86
4e6460348f009035cd79f8e9b9edb2713f039542
2a08d4274e6c475d136a81181ea141eac4e12c69777e0883fd6e7cafc0174dfd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 01:01:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www--wellsfargo--com--u949329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304216&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ent_collegeaffinityrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251698-16%7Etcm%3A91-228643-32&promoSlot=3
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304216&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ent_collegeaffinityrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251698-16%7Etcm%3A91-228643-32&promoSlot=3
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304216&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ent_collegeaffinityrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251698-16%7Etcm%3A91-228643-32&promoSlot=3 HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=; utag_main=v_id:01870bfc62a3000d6bc98d8d2f4200050003700900918$_sn:1$_se:2$_ss:0$_st:1679535103506$ses_id:1679533302436%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQJbJu0rgA%2FE8CmqhQa%2FofYNdtq33R6myFo%2FvX6JhKY%3D%22%2C%22_s%22%3A%22Rht6bNA8%22%2C%22c%22%3A%22elBTM3dLY2FHVEp2YjVtOQ%3D%3Dzn28gX-f42CMpBOxjDP7JGohCskFwh1DfAdYgpRybimiA6t55G6ZSa3lltplcCyyzu8-VN3AV3wJm8ks1mu1dGkl8mmP8FNVsno%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C58283159630398234782483752604549179140%7CMCAAMLH-1680138103%7C6%7CMCAAMB-1680138103%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C355126734%7CMCOPTOUT-1679540503s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ISD_WCM_COOKIE=!S5IPGNP7v6n7Z23z2xKqB3cO2dndHsy8Bsob2DzFYmo/dNGy7n7D7KleDF8GiCnPn76fO8sD9xn9ik0=; ADRUM_BTa=R:27|g:073d05d5-6cd5-4dda-9153-872c9efd2793|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206915|e:7|d:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:37 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 22 Mar 2023 01:01:37 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=LIQ0dbF5DkWLA6tkG6EFhtexu71N2n4byp%2fxjUw1LGUbv6VkHjFpFJBYYwUHF7y8; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:37 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4f1_kf173_5203-59466
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.3950f3b92beb9b7e513c.chunk.js
200 OK 178 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.3950f3b92beb9b7e513c.chunk.js
IP
ASN #20940 Akamai International B.V.
Size 178 kB (178440 bytes)
Hash fdd82fc50d30312c86cf4c838b3ca1b4
49ffe44e04d54ebcc25c824b67fc5bd617beffc1
253117fc6b0babf782e145105db068d5a901a98a1808093c23a90c324b6865eb
GET /accounts/static/7M/accounts/public/js/vendor.3950f3b92beb9b7e513c.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 366396
Last-Modified: Fri, 17 Feb 2023 18:07:52 GMT
Vary: Accept-Encoding
ETag: "63efc278-5973c"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Thu, 23 Mar 2023 01:01:37 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=PCoFuGbiBOTaESTEDxEhIQNQQBn9OaaIwtwLoBlmXZfhvGrHcwFAaY+OCOUL0NBp; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:37 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--u949329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304207&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_sav_savingsprospectrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32&promoSlot=2
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304207&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_sav_savingsprospectrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32&promoSlot=2
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304207&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_sav_savingsprospectrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32&promoSlot=2 HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=; utag_main=v_id:01870bfc62a3000d6bc98d8d2f4200050003700900918$_sn:1$_se:2$_ss:0$_st:1679535103506$ses_id:1679533302436%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQJbJu0rgA%2FE8CmqhQa%2FofYNdtq33R6myFo%2FvX6JhKY%3D%22%2C%22_s%22%3A%22Rht6bNA8%22%2C%22c%22%3A%22elBTM3dLY2FHVEp2YjVtOQ%3D%3Dzn28gX-f42CMpBOxjDP7JGohCskFwh1DfAdYgpRybimiA6t55G6ZSa3lltplcCyyzu8-VN3AV3wJm8ks1mu1dGkl8mmP8FNVsno%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C58283159630398234782483752604549179140%7CMCAAMLH-1680138103%7C6%7CMCAAMB-1680138103%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C355126734%7CMCOPTOUT-1679540503s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ISD_WCM_COOKIE=!S5IPGNP7v6n7Z23z2xKqB3cO2dndHsy8Bsob2DzFYmo/dNGy7n7D7KleDF8GiCnPn76fO8sD9xn9ik0=; ADRUM_BTa=R:27|g:073d05d5-6cd5-4dda-9153-872c9efd2793|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206915|e:7|d:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:37 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 22 Mar 2023 01:01:37 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=SDJBJsmUhbW9C%2fX0jDVQn1OOsRBomOGUHuCe5HurtH8%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:37 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4f1_kf173_5002-18374
2549153.fls.doubleclick.net/activityi;src=2549153;type=allv40;cat=all_a00;ord=5483543089525;gtm=2od8g0;auiddc=112035001.1679533305;u1=1120230322180134869657814;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F?
200 OK 309 B URL HTTP/2 2549153.fls.doubleclick.net/activityi;src=2549153;type=allv40;cat=all_a00;ord=5483543089525;gtm=2od8g0;auiddc=112035001.1679533305;u1=1120230322180134869657814;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F?
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (545), with no line terminators
Hash df917137070690ca2b3780bba8c925da
81e7e24e313797dcf98436267ceb45c1910a872b
610f7fd42adcb8c70e5f74d4825af78e3584b6c132c40a0275d8795bb85f023d
GET /activityi;src=2549153;type=allv40;cat=all_a00;ord=5483543089525;gtm=2od8g0;auiddc=112035001.1679533305;u1=1120230322180134869657814;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F? HTTP/1.1
Host: 2549153.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 23 Mar 2023 01:01:37 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 309
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 23-Mar-2023 01:16:37 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 3926268b239c5722f27fa96c1571da86
4e6460348f009035cd79f8e9b9edb2713f039542
2a08d4274e6c475d136a81181ea141eac4e12c69777e0883fd6e7cafc0174dfd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 01:01:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.secure.wellsfargo.com/AIDO/glu.js
200 OK 37 kB URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/glu.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash ec3935f0270000772445bc7663899951
4eee6465a0c3e5f2fd6bb5258107a6ee209549b2
694961f1eaa64376afc1e3ce886351c1401fc90f342b1b8d6cf8f1f93d73e8ad
GET /AIDO/glu.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 37252
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, OPTIONS
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Encoding: gzip
Date: Thu, 23 Mar 2023 01:01:38 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=9jdkQtepbwMNp6JkEu40OMlzEEAdI5OzDulffw20mQZLDlKS0B8d3h%2fLKIwhZGlW; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:37 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--u949329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304220&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304220&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&cb=1679533304220&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32 HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=; utag_main=v_id:01870bfc62a3000d6bc98d8d2f4200050003700900918$_sn:1$_se:2$_ss:0$_st:1679535103506$ses_id:1679533302436%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQJbJu0rgA%2FE8CmqhQa%2FofYNdtq33R6myFo%2FvX6JhKY%3D%22%2C%22_s%22%3A%22Rht6bNA8%22%2C%22c%22%3A%22elBTM3dLY2FHVEp2YjVtOQ%3D%3Dzn28gX-f42CMpBOxjDP7JGohCskFwh1DfAdYgpRybimiA6t55G6ZSa3lltplcCyyzu8-VN3AV3wJm8ks1mu1dGkl8mmP8FNVsno%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C58283159630398234782483752604549179140%7CMCAAMLH-1680138103%7C6%7CMCAAMB-1680138103%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C355126734%7CMCOPTOUT-1679540503s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ISD_WCM_COOKIE=!S5IPGNP7v6n7Z23z2xKqB3cO2dndHsy8Bsob2DzFYmo/dNGy7n7D7KleDF8GiCnPn76fO8sD9xn9ik0=; ADRUM_BTa=R:27|g:073d05d5-6cd5-4dda-9153-872c9efd2793|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206915|e:7|d:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:38 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Wed, 22 Mar 2023 01:01:37 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=hLpk%2fi%2flKjsq%2fFpZwFM3NNcudwVaPxZgjcxjvhIgv7QZWoXSHL2kc6jJUZuLus5T; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:37 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4f1_kf173_4979-37215
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.3194ee7aa65e829eeddb.chunk.js
200 OK 168 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.3194ee7aa65e829eeddb.chunk.js
IP
ASN #20940 Akamai International B.V.
Size 168 kB (167627 bytes)
Hash bdca33a0bda717577a36998c37dc6e48
f053147a24afdc45c8242213c64e29d8e7253c78
88aaa679fc52c8a68d82d6ee3687571555b1e3377fd40ecf7c81c4c43c0041fd
GET /accounts/static/7M/accounts/public/js/main.3194ee7aa65e829eeddb.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 303303
Last-Modified: Fri, 17 Feb 2023 18:07:52 GMT
Vary: Accept-Encoding
ETag: "63efc278-4a0c7"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Thu, 23 Mar 2023 01:01:37 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=C+6DiBLmLkRPhuLfKUgqPuHmjL9XwnZgROkXffJQIaPJiU4EQI4ZychqXuHqyAqr; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:37 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=1872051533&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUABBAAAAC~&jid=546019001&gjid=1244149420&cid=400773354.1679533305&tid=UA-107148943-1&_gid=1708435637.1679533305&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120230322180134869657814&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=400773354.1679533305&z=1089760278
200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=1872051533&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUABBAAAAC~&jid=546019001&gjid=1244149420&cid=400773354.1679533305&tid=UA-107148943-1&_gid=1708435637.1679533305&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120230322180134869657814&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=400773354.1679533305&z=1089760278
IP
File type ASCII text, with no line terminators
Hash cc7a1e792bca8ccb1946b7a07f6dbc03
11a2757082428311f587b7664fa9840376137f80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
POST /j/collect?v=1&_v=j92&aip=1&a=1872051533&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUABBAAAAC~&jid=546019001&gjid=1244149420&cid=400773354.1679533305&tid=UA-107148943-1&_gid=1708435637.1679533305&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=1120230322180134869657814&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=400773354.1679533305&z=1089760278 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
date: Thu, 23 Mar 2023 01:01:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=09dce672-2ab1-4602-969f-9af1b8fcf05c:0&_cls_v=e6d01060-32ae-4590-8c67-79f137c4f807&pid=156a0571-ded3-4418-8799-fd0006345d24&sn=1&cfg&pv=2&aid=
200 OK 1.2 kB URL HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=09dce672-2ab1-4602-969f-9af1b8fcf05c:0&_cls_v=e6d01060-32ae-4590-8c67-79f137c4f807&pid=156a0571-ded3-4418-8799-fd0006345d24&sn=1&cfg&pv=2&aid=
IP
ASN #20940 Akamai International B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (5109), with no line terminators
Hash 7123a5855f43430350228394bcb1f72c
8f7f721abf0adae7ecb962c0035720725992e544
e75d333c3ac300b6b13e3033906875089f0e949467176e57e2e1333d54005d31
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=09dce672-2ab1-4602-969f-9af1b8fcf05c:0&_cls_v=e6d01060-32ae-4590-8c67-79f137c4f807&pid=156a0571-ded3-4418-8799-fd0006345d24&sn=1&cfg&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 2838
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=de760e43; _cls_v=e6d01060-32ae-4590-8c67-79f137c4f807; _cls_s=09dce672-2ab1-4602-969f-9af1b8fcf05c:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1189
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Thu, 23 Mar 2023 01:01:38 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=de760e43; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!sOmFH/VLSdeRMpsq/D2JHXmrrcNtC7MfqcRuXhsDWiNmmPTjQJpC6W3zgP3mvh3VZIOZJ1rLWQ+h1Q==; path=/; Httponly; Secure
DCID=an+scnhUZWbPQnwSX9bOYe3cWRvz4MoEWQrCGDKpJi5AQsDXI50vW2CBeX1KaLju; Domain=rubicon.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:38 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--u949329d48d6c.wsipv6.com/as/target/offers/dispositions
200 OK 970 B URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with very long lines (2437), with no line terminators
Hash ca08da3bb7a99c73a7efdcb6e4aa8e00
a4a3a0668eb53dbf3f6cfe6e79c951694d8991c7
b01d2df3101afbd856e43f40d3901c81a43c5b0dd1a5945ec5576f88f3ca129a
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Content-Length: 266
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=; utag_main=v_id:01870bfc62a3000d6bc98d8d2f4200050003700900918$_sn:1$_se:2$_ss:0$_st:1679535103506$ses_id:1679533302436%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQJbJu0rgA%2FE8CmqhQa%2FofYNdtq33R6myFo%2FvX6JhKY%3D%22%2C%22_s%22%3A%22Rht6bNA8%22%2C%22c%22%3A%22elBTM3dLY2FHVEp2YjVtOQ%3D%3Dzn28gX-f42CMpBOxjDP7JGohCskFwh1DfAdYgpRybimiA6t55G6ZSa3lltplcCyyzu8-VN3AV3wJm8ks1mu1dGkl8mmP8FNVsno%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C58283159630398234782483752604549179140%7CMCAAMLH-1680138103%7C6%7CMCAAMB-1680138103%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C355126734%7CMCOPTOUT-1679540503s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ISD_WCM_COOKIE=!S5IPGNP7v6n7Z23z2xKqB3cO2dndHsy8Bsob2DzFYmo/dNGy7n7D7KleDF8GiCnPn76fO8sD9xn9ik0=; ADRUM_BTa=R:27|g:073d05d5-6cd5-4dda-9153-872c9efd2793|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206915|e:7|d:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:38 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 970
Connection: keep-alive
Content-Security-Policy: default-src 'none'; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-410dc6ef-b683-41ff-ac1b-2744dc9afaca' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:073d05d5-6cd5-4dda-9153-872c9efd2793|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206915|e:7|d:1; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:b613c051-c60f-4f1a-b788-7f1b47b4e11d; Expires=Thu, 23-Mar-2023 01:02:07 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:b613c051-c60f-4f1a-b788-7f1b47b4e11d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 23-Mar-2023 01:02:07 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Thu, 23-Mar-2023 01:02:07 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Thu, 23-Mar-2023 01:02:07 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:64; Expires=Thu, 23-Mar-2023 01:02:07 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=41631A23287A4200F8C48EACFE7BF18B; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Fri, 22-Mar-2024 01:01:37 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=112023032218013727173563; domain=.wellsfargo.com; path=/; expires=20 Mar 2033 01:01:37 GMT; secure=true; SameSite=Lax; HttpOnly
DCID=3N9JUmxpw2EDWn%2fkw1XwMQn8eGRpuaT6XHEH36mwhYoyHhQhRfgs%2fGPEDWy3g1vR; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:37 GMT;Httponly; Secure
_abck=F9B76E058FC2CEAF9D114227A7A6D7E1~-1~YAAQjtAXAvKIwOaGAQAA2VH8CwlD9L7kuAM0QbQUi9Kk5gkO7wkkG9990VAbL1hXR67fle4omqfrx2ysDwww+SHqrFt8Z45bYrlC/VM6BytvXG8+GWTxB+YJtNvrjJ/xXGj56GjI+GoBvwZMgfjKx3+ohj7nHNySEypTCAo66YM/CnqnXXSBADP4/VnAwCAGtW2rgBdSblktYo5JuFKbvtWpFqNas1NjDxI2bFtamdW4B2F0vS6iGA9A+g8wmJlluWciYf9NtX4q1LuXuMSX7jhuxvNwW289qNI6dmYZ+G90uxT5iJuInO/ys6dMC5IqWRAp4DZjuynlCQxRsEpda4eCu2ihM/2d0/sOxFgGE2jLwxpUjrvkPYsR2GJkWG9uyA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 22 Mar 2024 01:01:38 GMT; Max-Age=31536000; Secure
bm_sz=B3FA2D0323344DAC72994B8A20EB941A~YAAQjtAXAvOIwOaGAQAA2VH8CxPbhoD4xwOUVs4H7PcFkDb24HZTFJMbz4gxXVwbEkFOWVExFLJQP4nNOON7Q+M/RSeYadR4e2EFIoEfsjs4Kr+2NMx7/YGuyIIa13uUniSHBONX+cBzSkWg4dB+lyzy0F0utH79yDmESghlnsPbhLwpewi4l3ZSUBBX5N2dzeOCbPNkMwJPQHSvbFQgHoLj015n95eW50z2VP+IsZqZYILbgnCilp12LKzJDHKwXCo6uech7X75OXfYbpva/nJr+J3gRMhDC1+aFSpTHAlCd8SSTn10~3356721~3355703; Domain=.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 05:01:37 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4f1_kf173_5273-30747
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 23c054d3aee551b6fdc42a5a472a7040
b1a46c12ac7d65c979fd1998bdb243f3dba8f956
9e8b91ab91da9ea20dfb5f90c1c06239d2872b0eb80785534d0c59c3b51de404
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 01:01:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 9f0607231b4674d2bfb5a6798b0b4093
6c14f5c952e413365703144951b09b7126ff8e2d
869816689cb9507d294d69f953e8ea33452a177d405816ad86f729b123ceaa98
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 01:01:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=5483543089525;gtm=2od8g0;auiddc=112035001.1679533305;u1=1120230322180134869657814;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F
200 OK 308 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=5483543089525;gtm=2od8g0;auiddc=112035001.1679533305;u1=1120230322180134869657814;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (544), with no line terminators
Hash c598a5cfd7679d8bb65eab2b7fb2401b
a6e945aabe82aa34ddf2f74cc39c65ccbb8b710b
25fbf9f8e8d53a1e6212127f861a5aa6523761aacaf51c118f7de21ec09ce9b2
GET /ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=5483543089525;gtm=2od8g0;auiddc=112035001.1679533305;u1=1120230322180134869657814;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2549153.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 23 Mar 2023 01:01:38 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 308
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www--wellsfargo--com--u949329d48d6c.wsipv6.com/as/target/offers/dispositions
200 OK 970 B URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with very long lines (2442), with no line terminators
Hash 0f117fb9eebb720b0af83465c999e6b0
72140f1ef5cebb9db2add16f29d515789a955a1c
96602e6e02be2bccf4976808789635cfb8bb5a812815330db527d39ae03f0d47
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Content-Length: 267
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=; utag_main=v_id:01870bfc62a3000d6bc98d8d2f4200050003700900918$_sn:1$_se:2$_ss:0$_st:1679535103506$ses_id:1679533302436%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQJbJu0rgA%2FE8CmqhQa%2FofYNdtq33R6myFo%2FvX6JhKY%3D%22%2C%22_s%22%3A%22Rht6bNA8%22%2C%22c%22%3A%22elBTM3dLY2FHVEp2YjVtOQ%3D%3Dzn28gX-f42CMpBOxjDP7JGohCskFwh1DfAdYgpRybimiA6t55G6ZSa3lltplcCyyzu8-VN3AV3wJm8ks1mu1dGkl8mmP8FNVsno%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C58283159630398234782483752604549179140%7CMCAAMLH-1680138103%7C6%7CMCAAMB-1680138103%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C355126734%7CMCOPTOUT-1679540503s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ISD_WCM_COOKIE=!S5IPGNP7v6n7Z23z2xKqB3cO2dndHsy8Bsob2DzFYmo/dNGy7n7D7KleDF8GiCnPn76fO8sD9xn9ik0=; ADRUM_BTa=R:27|g:073d05d5-6cd5-4dda-9153-872c9efd2793|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206915|e:7|d:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:38 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 970
Connection: keep-alive
Content-Security-Policy: default-src 'none'; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-b5601c77-09e3-4c54-a446-2490cbaee75f' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:073d05d5-6cd5-4dda-9153-872c9efd2793|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206915|e:7|d:1; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:953b9df0-f9f8-4890-b387-b88794c59478; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:953b9df0-f9f8-4890-b387-b88794c59478|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:64; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=02C82577C611AB8691840A7CB0FB3E7B; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Fri, 22-Mar-2024 01:01:38 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202303221801381567307250; domain=.wellsfargo.com; path=/; expires=20 Mar 2033 01:01:38 GMT; secure=true; SameSite=Lax; HttpOnly
DCID=DLRXU0Tz5%2fI6MAkBkgB0aVGz6Ymg%2fCXgq4OYcQTdbYc%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:37 GMT;Httponly; Secure
_abck=BDF80C9776AA3E0F771CC569C7B17C0B~-1~YAAQjtAXAvSIwOaGAQAA/1H8CwlU0fd+Wr31jCuEEPZe45okDUAr/Iyxl4d2AZFM+ljk8+ZvVj4zpXnLyyXeUhEJjhGI9tMpSGhiRR01VSCG8y7Lr1cGSStsBwZDcjqyOvUD7ytSzgOk3Zc/eqglN9YhNcKdQbf/F8qV7tXAYEsDH51MRG9WtRXjQIXYYjPHflfvzeXOqNk/oc1sYggA0o60JAfsNed5013dt8Ag0EqZplunm9RsBb30Wxv1nGTdcXAC4R1BFSlOsEbOQPhHE/ocz0r/F5G8wiFAfBQznryeiSceaOdDBWPyPqegHJo2qjS8CSJ6ZzpWh9QcAQtcPk3xdpNJudxJxkguud8Lmc36Mv3P+HNESlHIffD5MqiZlg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 22 Mar 2024 01:01:38 GMT; Max-Age=31536000; Secure
bm_sz=80CEA3E6AF8BE52D8715479E6A1C1311~YAAQjtAXAvWIwOaGAQAA/1H8CxPuA4k03VPPoEtqwlEPdXR3xeuVsAiAR3ArOcq2EM18vcwKgCBcswK+bqQTvF+E56eQcAoNbENhKR6s0ukXvJwj3LqgJXlrQRcnb5ZgoMVZxWxA0FnzjcUZxnid+S91m20fjYacxRM8IjNhqywvrAOFlBeSgo2Cq9td85AtigPJLvSanWg0pyUuv+s+j6csU+QSsyp8ITJGo8QdHtbt/rRwwiQCxQcD0U6NfgHDTwYnd3JtSIUb0R41iTtkeNgF8yFw8zAWLlXH03VYtBBx2rGsVvgz~3356721~3355703; Domain=.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 05:01:37 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4f1_kf173_5103-49388
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 5cd8c9b1a21861daf74c130682cea34e
32ceecbbe8fdfc999e4169771cf7633fdaa1f083
328369b9dcb3b3b19b031dd350a02c7cbe5fb250ba4748bf8d055da5342f0837
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 01:01:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=400773354.1679533305&jid=546019001&gjid=1244149420&_gid=1708435637.1679533305&_u=4GBACUAABAAAAC~&z=1313783465
200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=400773354.1679533305&jid=546019001&gjid=1244149420&_gid=1708435637.1679533305&_u=4GBACUAABAAAAC~&z=1313783465
IP
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=400773354.1679533305&jid=546019001&gjid=1244149420&_gid=1708435637.1679533305&_u=4GBACUAABAAAAC~&z=1313783465 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 23 Mar 2023 01:01:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
c1.wfinterface.com/tracking/ga/ec.js
200 OK 1.3 kB URL HTTP/1.1 c1.wfinterface.com/tracking/ga/ec.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2771)
Hash 8a1d22ba0de1104dcdc02a582b407ed2
e4d90fd13a73c7379c46b197ded523a5d33c69b9
4a44a1a7efd65360f31e0b1842ad06b7fedc7c0373c69c0077c696cd49cc35de
GET /tracking/ga/ec.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-aed"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1313
Date: Thu, 23 Mar 2023 01:01:38 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=SfRuA4QE9yv5hyoURYurjw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
200 OK 14 kB URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 11345b9f8612f9d931da929c922e7404
319220f932f91539b3fb1c58ea01834cf4ca9247
8174c0b867faf6aa65aa8f2ed86cf055d19e293722e95683c92baca8167d8772
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 01:01:37 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
connect.secure.wellsfargo.com/jenny/nd
200 OK 18 kB URL HTTP/1.1 connect.secure.wellsfargo.com/jenny/nd
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2293)
Hash cdbab96642744cfe76265b1756149619
d69b688e2e233a02799f14dd9b96eb0624d758b5
0eb20779e9c49822f871c976dded64a22f685609c65cf8e69687f2305f1a041f
GET /jenny/nd HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/javascript;charset=ISO-8859-1
Content-Length: 17882
Date: Thu, 23 Mar 2023 01:01:38 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:55|g:f8dfc776-5799-495b-988f-85225cf9dc3e; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Path=/; Secure
ADRUM_BTa=R:55|g:f8dfc776-5799-495b-988f-85225cf9dc3e|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Path=/; Secure
SameSite=None; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812|e:4; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Path=/; Secure
ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=pKybf+8nPQnyUKL6ATeB7iE9cDRgrih%2fg9c%2fzxw1GlaujiKj0AqQ5kBorFU0m+D6; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:38 GMT;Httponly; Secure
_abck=84A0D7AA8D7F796B61BA9BBE712A59E8~-1~YAAQFE8kF5eKFeeGAQAALlL8Cwk74GaiqTcA0chuIFjUG5kpj5Lx99zZ1l2dYrpK5WZgFfGvGvn/gnCpPc+M6sMJiwArv97AUDpPTL9KjktCxa0U77UqWQ8qcoqNDcwCNkKmm5ixT/yKYCYCyRulScGsU93qlAvpcsDDF7eCOkQNqwTwJlrLoGEUmFFnPl+yek4gdFUMFnitQOu1vCajFlJAE3AiR+jPfFAAsATHPKmJKuEFtZLnDtqkNMHnkdIgemUrstPm8ofKdHw6cc3wMxaDWiRMFwIg7PhwJZtsPPetrspHH9QAYUCmRJ5Wt7ewNI2CIpOayjopINsvZWjQy6gom0GB/qsqmWcPy/OHnQAn5pPF0cU8sUkOZdrs1wHWQA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 22 Mar 2024 01:01:38 GMT; Max-Age=31536000; Secure
bm_sz=549C5280F57D148F06DEEF48A9D90CC9~YAAQFE8kF5iKFeeGAQAALlL8CxMiSh0yf2do0t+KUF7HEg2JI+zbbRh+6fYWTcKhP7AwAn075pC4dnNlT/pklssNF/BfvXtWalN6jcR4au6BsvVxTvIQW7QMqRL8VfHzYmB4QZ+KhqQlTbpfyioN30VmmvXd5QrvIhWFaXdHGe8LKhmzlAB/T8vhC33GI23RtFZgJtO+LLgHP8OYKGK6U5WzMBvae8VIxuemjHtgTr0hhShKFTjCfuJl9716lfq5Hm6i4jrLAVctoGErv5KHbPvVWlTPNlZVraUvX4WtC1RM0Bls3+BR~3486516~3683377; Domain=.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 05:01:38 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 9f0607231b4674d2bfb5a6798b0b4093
6c14f5c952e413365703144951b09b7126ff8e2d
869816689cb9507d294d69f953e8ea33452a177d405816ad86f729b123ceaa98
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 01:01:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 5cd8c9b1a21861daf74c130682cea34e
32ceecbbe8fdfc999e4169771cf7633fdaa1f083
328369b9dcb3b3b19b031dd350a02c7cbe5fb250ba4748bf8d055da5342f0837
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 01:01:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.secure.wellsfargo.com/PIDO/pic.js?r=0.27887437481500266
200 OK 51 kB URL HTTP/1.1 connect.secure.wellsfargo.com/PIDO/pic.js?r=0.27887437481500266
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 19d6ed574f224f139a76042de6379aca
aef9810ec3c7cc126c2512c06d81c0922a4ecdb6
c28af2100b746ab367fddbadf134e818b1a2d4bf9b0dbb7a14b1d87ef49d8fcd
GET /PIDO/pic.js?r=0.27887437481500266 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 51325
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 23 Mar 2023 01:01:38 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=hCwbh0Om6IITm4gPHlPMKgTjgMC8V4PxSoGd6p5A0kMoZS8AUxDYToyjEW7MnXqq; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:37 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--u949329d48d6c.wsipv6.com/as/target/offers/dispositions
200 OK 970 B URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with very long lines (2440), with no line terminators
Hash b788a7a13effa0d2a197efe1d30dcb27
63514479bb4efa81f3b54e5524f8b64f3267dd00
7c80224a4f4ec7218fa52985a6808b26301e755cf3070749756231dd5f511908
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Content-Length: 265
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=; utag_main=v_id:01870bfc62a3000d6bc98d8d2f4200050003700900918$_sn:1$_se:2$_ss:0$_st:1679535103506$ses_id:1679533302436%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQJbJu0rgA%2FE8CmqhQa%2FofYNdtq33R6myFo%2FvX6JhKY%3D%22%2C%22_s%22%3A%22Rht6bNA8%22%2C%22c%22%3A%22elBTM3dLY2FHVEp2YjVtOQ%3D%3Dzn28gX-f42CMpBOxjDP7JGohCskFwh1DfAdYgpRybimiA6t55G6ZSa3lltplcCyyzu8-VN3AV3wJm8ks1mu1dGkl8mmP8FNVsno%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C58283159630398234782483752604549179140%7CMCAAMLH-1680138103%7C6%7CMCAAMB-1680138103%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C355126734%7CMCOPTOUT-1679540503s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ISD_WCM_COOKIE=!S5IPGNP7v6n7Z23z2xKqB3cO2dndHsy8Bsob2DzFYmo/dNGy7n7D7KleDF8GiCnPn76fO8sD9xn9ik0=; ADRUM_BTa=R:27|g:073d05d5-6cd5-4dda-9153-872c9efd2793|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206915|e:7|d:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:38 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 970
Connection: keep-alive
Content-Security-Policy: default-src 'none'; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-2fa10d08-01d1-4916-923a-b0e3c2d66156' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:073d05d5-6cd5-4dda-9153-872c9efd2793|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206915|e:7|d:1; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:eb5594b2-ef80-4307-ad0d-0b464198517c; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:eb5594b2-ef80-4307-ad0d-0b464198517c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:64; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=22DC62DDF76A5B2509315812472540B6; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Fri, 22-Mar-2024 01:01:38 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202303221801381732006681; domain=.wellsfargo.com; path=/; expires=20 Mar 2033 01:01:38 GMT; secure=true; SameSite=Lax; HttpOnly
DCID=%2fIKNgG8hq5dpWS1D7snxdQ8x3HWBa8YDqDBxBj1sLwc%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:37 GMT;Httponly; Secure
_abck=3C5BD1FB2BEA9202CF93204BD240A65E~-1~YAAQjtAXAvuIwOaGAQAAYlL8CwkQsjGNfjX4OhkHqEUgYPmCzEkG6ijk+BfgKA9vroGKWPsfNogDYJt0F/uWZXrINveyaWMSHL+nYuOvTZd8dDLZQkqSPbSB9hr+vLRb+XFhUKj9WnstOI+w0JBafAs//Cms53mX1TfDM/iArHbtmEPF56PIAe9ueBp1XlzRrtdepJi8C8fI1uSye2TzF6f71nyVvW4W7kMMa4P0lz8c++wzYLvdmwZKjtPADrgwTpvthNcryqWQ5TLzo2XTl7nPTP6AG1ffvdiHtYP/4XWg/8Hk7lpVGokrCozKBdiup5CZ4Wco7jwSQ5MxJ23NyTDJt5I22a98QXt6TXOkivggc/zFzP6rz4GvQRwgfBHNMw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 22 Mar 2024 01:01:38 GMT; Max-Age=31536000; Secure
bm_sz=8510A8AFA4721880CA93F96650523420~YAAQjtAXAvyIwOaGAQAAYlL8CxPsMm2WiAJhghyKq1nVW5nHR42DPAS5Ek4tc5lbWEAt6XLjvbzNjgdyTJx9Y4l02TBkBtzrKgtef7kNNU3t//fiRnA64hEwIHsufICt7J6HnfEVMkyPWGrvELCeyM4KYCzm+mbO6hPODZ1MTB7VYhfjUrvUDUowSTBQqK1ZKXO0zeiv04cY/jal+JqH8fLlCfQO/Z90PAbqxoDUVcMC5m+yPdjFGj8QAqbrjj+gUx5/HWRWIafWUwy6Khl8oi7AY0A3nEGovNE1icMsiM6mRWq7btA0~3356721~3355703; Domain=.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 05:01:37 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4f1_kf173_5203-59469
www--wellsfargo--com--u949329d48d6c.wsipv6.com/as/target/offers/dispositions
200 OK 967 B URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with very long lines (2438), with no line terminators
Hash 0522ba888a9d818b64719b87b6f051a5
7396a64b8bc1cdeaa7db72385308176b3596263b
12e4899db70275fa31f19c2447d5c5370972d064c1255c773a9d79fa2e374f1b
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Content-Length: 265
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=; utag_main=v_id:01870bfc62a3000d6bc98d8d2f4200050003700900918$_sn:1$_se:2$_ss:0$_st:1679535103506$ses_id:1679533302436%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQJbJu0rgA%2FE8CmqhQa%2FofYNdtq33R6myFo%2FvX6JhKY%3D%22%2C%22_s%22%3A%22Rht6bNA8%22%2C%22c%22%3A%22elBTM3dLY2FHVEp2YjVtOQ%3D%3Dzn28gX-f42CMpBOxjDP7JGohCskFwh1DfAdYgpRybimiA6t55G6ZSa3lltplcCyyzu8-VN3AV3wJm8ks1mu1dGkl8mmP8FNVsno%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C58283159630398234782483752604549179140%7CMCAAMLH-1680138103%7C6%7CMCAAMB-1680138103%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C355126734%7CMCOPTOUT-1679540503s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ISD_WCM_COOKIE=!S5IPGNP7v6n7Z23z2xKqB3cO2dndHsy8Bsob2DzFYmo/dNGy7n7D7KleDF8GiCnPn76fO8sD9xn9ik0=; ADRUM_BTa=R:27|g:073d05d5-6cd5-4dda-9153-872c9efd2793|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206915|e:7|d:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:38 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 967
Connection: keep-alive
Content-Security-Policy: default-src 'none'; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-1b5e32e4-c393-4c14-8807-a4c5c0ccc637' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:073d05d5-6cd5-4dda-9153-872c9efd2793|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206915|e:7|d:1; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:fbe8599e-167a-4da1-bd4e-2b1e90a7b162; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:fbe8599e-167a-4da1-bd4e-2b1e90a7b162|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:64; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=40F7C78B1A185415340FF36C62659710; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Fri, 22-Mar-2024 01:01:38 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120230322180138687746624; domain=.wellsfargo.com; path=/; expires=20 Mar 2033 01:01:38 GMT; secure=true; SameSite=Lax; HttpOnly
DCID=HPdZ%2f%2fQy1v0SlYWZ0UObJzG1DGIYdrmEnBz409lGcF1jV90ShDdkQ72MjJFgA0SQ; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:37 GMT;Httponly; Secure
_abck=B91473F2D19A211C5B4C661900FF0E69~-1~YAAQlNAXAli3cOOGAQAAgFL8CwmbXuhHkK7hKuImyEri+0mESDMekU3RmKRsb4G8PhT752FDbg40B9QaOGaqKVMY74QpyvnaDZFXfSGC4agZb6NZEb05ZeGaaNWSVkcE8I/0nxe3xuCkCrOCNURLiL/jVR0X16w5poNmhcqF1qRhFuvb4hd4d9J2RT1xruCKu6gscwPiU+Kk25S/1/sfZCabcdH7D2k+48/qz17etu7ilhxCtt/DOhc+RYrd/QWiUAdi3JXvBT7gfVy7JeQqJbKidPnArrBA7V4MfqbCXLktWDX2mISMDUx57PirC0uxeVDob6LnWuidcelDFSyiVr6qajRvQbGGXFBD0J5u7eIvlmJsWUHFPNR5akeAya3uxA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 22 Mar 2024 01:01:38 GMT; Max-Age=31536000; Secure
bm_sz=684FE1AE1339775BDCD2D4496885628F~YAAQlNAXAlm3cOOGAQAAgFL8CxM5mdjLc5R3IU/xUHLkvqk+rxA2PQxB3E0iUqjHcG+m1uFKIe7q108dPe9pZ2GRHJ0jcLwiLdSKL0W1vLtWvvR5cgdlo1HvmMoAshVQ1mfGtAfKRPCQXF5DXONRTWtpOT/Ml/OGkieDt/Zb6ctiUTGAVSI2y5L4x5OMW556kMF19/1jmBDgg1RLmgaW3SfZky+/AgntBBQGZXXcu1yTcRqS8vuFikFmKEjJAbxgpbGroV9rITopmIVt/HjslAGSJIr64dRq7Kfu++xnCcAagxH6ms9d~3356721~3355703; Domain=.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 05:01:37 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4f1_kf173_5162-57675
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 8795e5b287f501dc39ee441cd6bd7125
9d420cfc40477940eff7fcfc1aee2c7731fd17a5
a2f6bc52d276e1f73a3e823606457e033bccf8eca8631940a55c298f952451ed
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 01:01:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=5483543089525;gtm=2od8g0;auiddc=112035001.1679533305;u1=1120230322180134869657814;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F
200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=5483543089525;gtm=2od8g0;auiddc=112035001.1679533305;u1=1120230322180134869657814;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=5483543089525;gtm=2od8g0;auiddc=112035001.1679533305;u1=1120230322180134869657814;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 23 Mar 2023 01:01:38 GMT
expires: Thu, 23 Mar 2023 01:01:38 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBSS3V6bmZBenRTZWlBdEtkajNpbmhnQWxnRHp6cys4blYwcWNOcExtb3RMZ0U2VGsvTWFWQ3B6Q1NPSy9aUE1aQmNmYlhuMEFIUmdZdnBtL3lVN05ONTJmNTA5ZmRyMWtCWFpZRENaRmNPVndEY2hVb0RyWWJ4WHVqc2tRdU1QK0dyaXdCdzhjSXhXK3JpZWVoT1VNbUh4MzJqMncrVGxOeWpXYWcyNDVaWk9TbGZnWEZpSTNhSmFxY1lUaVdjZWp2TFZJY09oY0RzaVNIU0VYVFBlWkJ1Z0FqQmJoWlNwYk55aVAzYm9CYVNLWkdiQ0VkOW9BSzcrRmNVdllGQ1VVU0wwSThqN2Qva1pwOHl3TDJBL2RrZEpCT0tCMzJpNnFtTWh6clM0PXwxOTA5MDNmMjUyNjg2YTk1MTAzMzg2YThiNjBkZjA4ZTU5YWM2MGYyNTRiYmQ5ZDAyNDNhY2U5MjJiZjlhMTE5OTEzNmI1MWYyMGIwMDA4NDhhNzQxZjRhNmJlMmNmZDA3Y2YzODZhMzVjOWI3MGFiNGMwY2FmNzYzNGU5NjQxZDNiNjcwYzAxOWFmNzFiMTc0YjM2ZTgwNTgyNTc1NDdhMjM1NzhlYTZiMzlhOWVhMDIyMGE2ZmIzMTRjMTVjMTM0MWM2MTc3NjEzNWFhMThkMDc3YmZhYjRiZjhmZjhhNDFmMjc2NmU5YTZjNWQ5YjBhZjZiNWE3NTBhMmJjMmU0ZTE2ODg4OGU0YTQ5M2Q4MGY5ZTU1MTFjZTA1NTRmZDA0NTM0NmUxNzNlMGQxM2RmMDJlMDJiYWQ5NDdiZGI4NmNjOTE0MzVmMTk0OGRkZDFlNmJiZWZkNDI2ZTczNDI4NThhMGNmNGU3YmQzYzFjNjJiZDIwZTdhN2JjYTE1YjU5NjFmMmU5M2YzYzRhNTJhYjRkN2MwZDBkOTRhNWYxNjhmNjQxM2FkNmQxOTI0NGMwMGEzMGJhZGFiMzUwYjU3MTE4MjFiNDk2MTYwZjFhNDczZWE5OTkxZDc5ZWUzNmVlZDMyYTUwZDA0NWQ0ZWQwYWJkNmMwM2NmMTE0NjJiMnwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com&t=jsonp&c=g_clxolsxwggbgcq&eu=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F
200 OK 90 B URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBSS3V6bmZBenRTZWlBdEtkajNpbmhnQWxnRHp6cys4blYwcWNOcExtb3RMZ0U2VGsvTWFWQ3B6Q1NPSy9aUE1aQmNmYlhuMEFIUmdZdnBtL3lVN05ONTJmNTA5ZmRyMWtCWFpZRENaRmNPVndEY2hVb0RyWWJ4WHVqc2tRdU1QK0dyaXdCdzhjSXhXK3JpZWVoT1VNbUh4MzJqMncrVGxOeWpXYWcyNDVaWk9TbGZnWEZpSTNhSmFxY1lUaVdjZWp2TFZJY09oY0RzaVNIU0VYVFBlWkJ1Z0FqQmJoWlNwYk55aVAzYm9CYVNLWkdiQ0VkOW9BSzcrRmNVdllGQ1VVU0wwSThqN2Qva1pwOHl3TDJBL2RrZEpCT0tCMzJpNnFtTWh6clM0PXwxOTA5MDNmMjUyNjg2YTk1MTAzMzg2YThiNjBkZjA4ZTU5YWM2MGYyNTRiYmQ5ZDAyNDNhY2U5MjJiZjlhMTE5OTEzNmI1MWYyMGIwMDA4NDhhNzQxZjRhNmJlMmNmZDA3Y2YzODZhMzVjOWI3MGFiNGMwY2FmNzYzNGU5NjQxZDNiNjcwYzAxOWFmNzFiMTc0YjM2ZTgwNTgyNTc1NDdhMjM1NzhlYTZiMzlhOWVhMDIyMGE2ZmIzMTRjMTVjMTM0MWM2MTc3NjEzNWFhMThkMDc3YmZhYjRiZjhmZjhhNDFmMjc2NmU5YTZjNWQ5YjBhZjZiNWE3NTBhMmJjMmU0ZTE2ODg4OGU0YTQ5M2Q4MGY5ZTU1MTFjZTA1NTRmZDA0NTM0NmUxNzNlMGQxM2RmMDJlMDJiYWQ5NDdiZGI4NmNjOTE0MzVmMTk0OGRkZDFlNmJiZWZkNDI2ZTczNDI4NThhMGNmNGU3YmQzYzFjNjJiZDIwZTdhN2JjYTE1YjU5NjFmMmU5M2YzYzRhNTJhYjRkN2MwZDBkOTRhNWYxNjhmNjQxM2FkNmQxOTI0NGMwMGEzMGJhZGFiMzUwYjU3MTE4MjFiNDk2MTYwZjFhNDczZWE5OTkxZDc5ZWUzNmVlZDMyYTUwZDA0NWQ0ZWQwYWJkNmMwM2NmMTE0NjJiMnwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com&t=jsonp&c=g_clxolsxwggbgcq&eu=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with no line terminators
Hash 8ee67b69ef0a2ea0a443739dc9680707
c48b81041d35bd905fb5460d0baf742a0995ef83
72344f4d6e7bf9ecd96b63bb35c1cbc8072b3dc01282cd2aef1c2e523355ba56
GET /AIDO/vyHb?d=ZW5jZEBSS3V6bmZBenRTZWlBdEtkajNpbmhnQWxnRHp6cys4blYwcWNOcExtb3RMZ0U2VGsvTWFWQ3B6Q1NPSy9aUE1aQmNmYlhuMEFIUmdZdnBtL3lVN05ONTJmNTA5ZmRyMWtCWFpZRENaRmNPVndEY2hVb0RyWWJ4WHVqc2tRdU1QK0dyaXdCdzhjSXhXK3JpZWVoT1VNbUh4MzJqMncrVGxOeWpXYWcyNDVaWk9TbGZnWEZpSTNhSmFxY1lUaVdjZWp2TFZJY09oY0RzaVNIU0VYVFBlWkJ1Z0FqQmJoWlNwYk55aVAzYm9CYVNLWkdiQ0VkOW9BSzcrRmNVdllGQ1VVU0wwSThqN2Qva1pwOHl3TDJBL2RrZEpCT0tCMzJpNnFtTWh6clM0PXwxOTA5MDNmMjUyNjg2YTk1MTAzMzg2YThiNjBkZjA4ZTU5YWM2MGYyNTRiYmQ5ZDAyNDNhY2U5MjJiZjlhMTE5OTEzNmI1MWYyMGIwMDA4NDhhNzQxZjRhNmJlMmNmZDA3Y2YzODZhMzVjOWI3MGFiNGMwY2FmNzYzNGU5NjQxZDNiNjcwYzAxOWFmNzFiMTc0YjM2ZTgwNTgyNTc1NDdhMjM1NzhlYTZiMzlhOWVhMDIyMGE2ZmIzMTRjMTVjMTM0MWM2MTc3NjEzNWFhMThkMDc3YmZhYjRiZjhmZjhhNDFmMjc2NmU5YTZjNWQ5YjBhZjZiNWE3NTBhMmJjMmU0ZTE2ODg4OGU0YTQ5M2Q4MGY5ZTU1MTFjZTA1NTRmZDA0NTM0NmUxNzNlMGQxM2RmMDJlMDJiYWQ5NDdiZGI4NmNjOTE0MzVmMTk0OGRkZDFlNmJiZWZkNDI2ZTczNDI4NThhMGNmNGU3YmQzYzFjNjJiZDIwZTdhN2JjYTE1YjU5NjFmMmU5M2YzYzRhNTJhYjRkN2MwZDBkOTRhNWYxNjhmNjQxM2FkNmQxOTI0NGMwMGEzMGJhZGFiMzUwYjU3MTE4MjFiNDk2MTYwZjFhNDczZWE5OTkxZDc5ZWUzNmVlZDMyYTUwZDA0NWQ0ZWQwYWJkNmMwM2NmMTE0NjJiMnwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com&t=jsonp&c=g_clxolsxwggbgcq&eu=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 90
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Thu, 23 Mar 2023 01:01:38 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=MxKAkRR2fXvXUOZ3POcS3mBzNbgdL2hYWeIAtGzK73zG0m9GXe7AIRM2UioDcOyv; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:38 GMT;Httponly; Secure
_abck=32271B454DB2FB511FD41324EBBBB87E~-1~YAAQFE8kF5uKFeeGAQAAOVP8CwnbDNpT+IJ3lzJ8YYbwPLVie2E1b4MoZk9x8gh6LqPgqDyn3h8ZHQMX5WwX/wg63vAR7AXmQkFYOFVXyFxzGz21wRH/4z63LJJVgkrNMg85LhbXOKFq3Ss6UHx6m+9p7f1w1VLEiVB6qi2JoSGbqA/cpdipFei5gwvDrnuJzSVMyaVigD1g0tf7wi2dg1kdwJLAAmhMi6SPDdU47Z1ynIW9FLBBVcOhWFLS4aUZcSBIs/SUz872GnowfD1JDdAWwJLK6MSTsWC7DGE7ZWl0as+m04u5cDNJxURacjnutRHFEhy5gStkryKkIPPjarczaDI0nTStTAg5J9VsSVJ+O8Hs7MTz0FylRKTI5GETqQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 22 Mar 2024 01:01:38 GMT; Max-Age=31536000; Secure
bm_sz=0E70C29A1AB125D9723B0A3053105F27~YAAQFE8kF5yKFeeGAQAAOVP8CxPoGSxMU+/ubqhH6ngZhZi+rEMo2tj6V3d8SD4dZNohZQ180GmeFGsWE0uy9I6qdEnKWBmuMjF+qhqeWYOrMt+Cu8Ci3f8Sb+lUVEEuBDfc4WP7pCfGZHZsm8gAQY0cDI6FBTjM36eRdyLySc1JSBq32irLTQAA1C4u3ypsBh0VyI7YAPyeDiOe1jr1rfaLTjiUcogCWLHUBBtayUeiTgEdTVIfC9FM6a6W+Rg3yZoYAcclhiFI0D8D8IIFHKMJU7X1MKNib4JqiHg+9R71+5FGp+8m~3486516~3683377; Domain=.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 05:01:38 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 8795e5b287f501dc39ee441cd6bd7125
9d420cfc40477940eff7fcfc1aee2c7731fd17a5
a2f6bc52d276e1f73a3e823606457e033bccf8eca8631940a55c298f952451ed
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 01:01:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ort.wellsfargo.com/securereporting/reporting/v1/csp
200 OK 0 B URL HTTP/1.1 ort.wellsfargo.com/securereporting/reporting/v1/csp
IP
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /securereporting/reporting/v1/csp HTTP/1.1
Host: ort.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 3596
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Length: 0
X-Vcap-Request-Id: cbd027b8-4e60-4e85-66f4-67568710f8bf
X-Xss-Protection: 1; mode=block
Date: Thu, 23 Mar 2023 01:01:38 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:0|g:eb276839-9103-4266-962b-3bc65ed01075; Max-Age=30; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Path=/; Secure
ADRUM_BTa=R:0|g:eb276839-9103-4266-962b-3bc65ed01075|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Max-Age=30; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Path=/; Secure
SameSite=None; Max-Age=30; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766; Max-Age=30; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:2; Max-Age=30; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:2|d:3; Max-Age=30; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Path=/; Secure
DCID=rlVukIf5N0VjZJJNxUW9PKUaSk8swwsWvUzMXg2OtH0%3d; Domain=ort.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:38 GMT;Httponly; Secure
_abck=4FF31E5811BC69E3001CBEB4648EB439~-1~YAAQFU8kF9YZ9gaHAQAAdVP8CwmIwbX5RDYswUJaJzxqPa1vaYBkXTisQ6Qfh9WbkzSMnsdj2JC7WQ67eAD8c0coYhjqAgFjieZIvt3DfYfG35Ljavjit3pPMi6CyBg93giR0NXK0n9HC5ETWMGyK0BMJNsxx86nOM9/CTPddiLM6d2KoZq20c8D0KBBQQudESJ6U5ySvydBDg8Ia7zyGxWFAxVrpxJUFO6Y9XIzwJjzlRJAhu+dlan7SfdCPNIQF4/W2wT5KyBpiICCOf7f9jryN5AaCyF2RcTJBov+zRrOvtOrgnlImE9rVDdJHbAxJuXzYCcljD3bnF/N+gj5I/erQHjdIAqnr5XAvifd0ruF2MqoGBldfcNW9LOsYSWnKQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 22 Mar 2024 01:01:38 GMT; Max-Age=31536000; Secure
bm_sz=1FC64DFFD81C9D3B55B72E9F2EA47A8F~YAAQFU8kF9cZ9gaHAQAAdVP8CxPK1gg618O62s9AIq2uimf/T1MOwcPNlV9kMHiBksmYLsAsdcB9fI/qNItxAMYrqNTeDk4VSxOFFNjD+nLKRcyLCuHLFs/VcgopDsJHvIPwjhXDZVSIOZwgFezHLEBi1fq8GUP1YjAw/BcTdrIDQmxgJMwuZldTYV9ktLzLCavNPc1yblAkgtPGBfUu9R/LshSAc4WgAMOF7/8JJneKHMc7JIVQZCXKz9Drwiw5KEldlZG5ZTGrGr8zz0FngLmChcTN0yjmKxeifddIaVql5sldUXgF~3753026~4403782; Domain=.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 05:01:38 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.9899860155975924
200 OK 136 kB URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.9899860155975924
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Size 136 kB (136469 bytes)
Hash 0e3b5e8f52fbad1b009e51bcccb2bcd9
f52dda52cca84d1c64898467ae5ac6bca7bfb944
d34ff536b13930c109268a59b0ab501204559a6e42b0e4af3ee3d19a15dea2af
GET /AIDO/mint.js?dt=login&r=0.9899860155975924 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 136469
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 23 Mar 2023 01:01:38 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=eXMo8a2PGLxv3aPTd1XRuwduL5SNhz81Wav6vX2BBjI%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:37 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash d09ed5b5ccfa429cf3ded7d6634ce586
e1d26f666c2b0ecf75aa847b3ee907c41514b588
b5536c7e81811b1a5ffeb8dcc80a08f14b4c5ed5ddb2c53b4b52f84c721beeed
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 01:01:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 78815ec28cdd11dab4f66f2eaab35658
c6fd7f2a657d87c6e7641be6fc69913c427cd26a
f99b9d279c7ddfe7916dde9c7390be1f225e330ffa662bd7ae603ceed76e44c3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 01:01:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash 6e965ba75b84abf96ca0d83da48d2fbb
4c2eb4c06cabee4d0f0606e88e9e074e2f767168
4b39bfe671df590e9c5baf75008d76f4272d8ffbafd7108e7592f8165b6806c6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6585
Cache-Control: max-age=140459
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 01:01:38 GMT
Etag: "641b0ce4-1d7"
Expires: Fri, 24 Mar 2023 16:02:37 GMT
Last-Modified: Wed, 22 Mar 2023 14:12:52 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 471
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=400773354.1679533305&jid=546019001&_u=4GBACUAABAAAAC~&z=453762139
200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=400773354.1679533305&jid=546019001&_u=4GBACUAABAAAAC~&z=453762139
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=400773354.1679533305&jid=546019001&_u=4GBACUAABAAAAC~&z=453762139 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 23 Mar 2023 01:01:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1679533305060&cv=9&fst=1679533305060&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1
302 Found 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1679533305060&cv=9&fst=1679533305060&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/984436569/?random=1679533305060&cv=9&fst=1679533305060&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 23 Mar 2023 01:01:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-user-list/984436569/?random=1679533305060&cv=9&fst=1679533200000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635471&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--u949329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=1672016565&resp=GooglemKTybQhCsO
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 23-Mar-2023 01:16:38 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0
200 OK 0 B URL HTTP/2 www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Thu, 23 Mar 2023 01:01:38 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash d09ed5b5ccfa429cf3ded7d6634ce586
e1d26f666c2b0ecf75aa847b3ee907c41514b588
b5536c7e81811b1a5ffeb8dcc80a08f14b4c5ed5ddb2c53b4b52f84c721beeed
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 01:01:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash 6e965ba75b84abf96ca0d83da48d2fbb
4c2eb4c06cabee4d0f0606e88e9e074e2f767168
4b39bfe671df590e9c5baf75008d76f4272d8ffbafd7108e7592f8165b6806c6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6586
Cache-Control: max-age=140460
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 01:01:38 GMT
Etag: "641b0ce4-1d7"
Expires: Fri, 24 Mar 2023 16:02:38 GMT
Last-Modified: Wed, 22 Mar 2023 14:12:52 GMT
Server: ECAcc (ska/F6D2)
X-Cache: HIT
Content-Length: 471
www--wellsfargo--com--u949329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
200 OK 134 B URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash 4b9a19448512275de350f16187c08199
6f49a30302c984fbba93b0f0168e254a81ced4fe
9558fbc437db882fa9b01fe9c5e5e7ea5fcd3b9fc065f8da31943834a2e5ea4b
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /dti_apg/api/dip/v1/dip HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
ADRUM: isAjax:true
Content-Length: 2008
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=; utag_main=v_id:01870bfc62a3000d6bc98d8d2f4200050003700900918$_sn:1$_se:2$_ss:0$_st:1679535103506$ses_id:1679533302436%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQJbJu0rgA%2FE8CmqhQa%2FofYNdtq33R6myFo%2FvX6JhKY%3D%22%2C%22_s%22%3A%22Rht6bNA8%22%2C%22c%22%3A%22elBTM3dLY2FHVEp2YjVtOQ%3D%3Dzn28gX-f42CMpBOxjDP7JGohCskFwh1DfAdYgpRybimiA6t55G6ZSa3lltplcCyyzu8-VN3AV3wJm8ks1mu1dGkl8mmP8FNVsno%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C58283159630398234782483752604549179140%7CMCAAMLH-1680138103%7C6%7CMCAAMB-1680138103%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C355126734%7CMCOPTOUT-1679540503s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ISD_WCM_COOKIE=!S5IPGNP7v6n7Z23z2xKqB3cO2dndHsy8Bsob2DzFYmo/dNGy7n7D7KleDF8GiCnPn76fO8sD9xn9ik0=; _cls_v=e6d01060-32ae-4590-8c67-79f137c4f807; _cls_s=09dce672-2ab1-4602-969f-9af1b8fcf05c:0; _gcl_au=1.1.112035001.1679533305; _ga=GA1.2.400773354.1679533305; _gid=GA1.2.1708435637.1679533305; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoib0grczF5dzNmNmJESHJwdXpXak9hQT09IiwiZSI6Inl0N3FqNHpCZlVPUktpdDJWdWJnYlRVQ1JKaFhGa3A3c0VpVEZSd1BCaHpSVGhHN09zdW5FVVdtclR6dCt3d0tuY2RrNGVQNG9nZzdlWk9JN3pJQTJcL2s3UkFUeWRQNTh4cHVBbHI5TjBMSnVpNWZTWHJDSndLZHg0VXoxVDNLNHVwMnBxZkVLdFRZMGdTakpDWGtUNkE9PSJ9.a069c9eba63e03c4.Zjc4MzViZDRjNjIyOTAzNDdhMzMzYTZhMDk4MWI4NDNjM2ZlMjA1MGNjYzBkMzk0Y2JkOWYwYmJjZWMyYTY3MQ%3D%3D; ndsid=ndsa5glhgr5dlc3lfkerk86; ADRUM_BTa=R:27|g:fbe8599e-167a-4da1-bd4e-2b1e90a7b162|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:64
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:39 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 134
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
x-envoy-upstream-service-time: 9
X-Akamai-Transformed: 9 206 0 pmb=mTOE,1
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=LIaCKdW+Kplbg7mhM6IJj0VLT5987w9Wz0hcXA9aNIQ%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:39 GMT;Httponly; Secure
_abck=43A4BFE9A76BE48E0E1A2814BC06571A~-1~YAAQjtAXAgyJwOaGAQAAFVb8CwkovB/i44miiIh1bBni9jZ4gHqQUnVF5I/tBX1oVjfGv0TjcxeSaqXVCqouZlzswq4KPdNEnsiuloCCPaF0QDAFyBJNppKHddk55cyAAsBbUAz4Zite9za5xKOADTzgULm+4iJwSwbl6u0MK+OJsJzzGADhkByKkPjheMObJQLoXQQ0wTjORxoD4gDQoHDLmUM0PUpqPaKJIRKB+XNxGOOdNSC19vDEE0lVid2I9TLoECrf/HMUmmuxIJJGhXbA6o5t6eA0VBfkjYaPYgzp6Deyv9PZzP9Q0SbJfq46J7UCym+MWcAjmkl4UcgNXRROBR8bRmV3iMrJONmzK1oCmsNbsOQ7t4zHorZHvpNm6w==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 22 Mar 2024 01:01:39 GMT; Max-Age=31536000; Secure
bm_sz=0300FAA2EC8F68EF55EDC69F57BFAB4E~YAAQjtAXAg2JwOaGAQAAFVb8CxMpbvyiGqzttzzkW4UzrlqbI/WEQDUEOc+QK0ChKamJ4pzSANrrX/9AOICzCLpilG2jUnsB3bRHeDKBG93ZeRUJqgKIpqmoAl7v5vhxYsFpwDpmE+02olJl9jOLGItCoRCfdW4R8B0uurdCEvlENJDkR5YfIF7ai90fepTguiG0rgay7wmlfHv1MjkMCer/+X7sFFbv3VHajsqJ2A29WKwjYoceOv9dryvh0gFg3j5TNhn9QcYUAjg+5vkpEwB0hRvsQtTWH+ibvpTYRAhgbAP96rCk~4539447~3290680; Domain=.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 05:01:39 GMT; Max-Age=14400
X-Via: 1.1 kf175:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4f3_kf173_4979-37239
ort.wellsfargo.com/securereporting/reporting/v1/csp
200 OK 0 B URL HTTP/1.1 ort.wellsfargo.com/securereporting/reporting/v1/csp
IP
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /securereporting/reporting/v1/csp HTTP/1.1
Host: ort.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 3843
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Length: 0
X-Vcap-Request-Id: 34528f7b-04d8-49bd-4fec-d30a455e956d
X-Xss-Protection: 1; mode=block
Date: Thu, 23 Mar 2023 01:01:39 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:0|g:f585bd89-bbf9-4bc8-86df-a98f43238238; Max-Age=30; Expires=Thu, 23-Mar-2023 01:02:09 GMT; Path=/; Secure
ADRUM_BTa=R:0|g:f585bd89-bbf9-4bc8-86df-a98f43238238|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Max-Age=30; Expires=Thu, 23-Mar-2023 01:02:09 GMT; Path=/; Secure
SameSite=None; Max-Age=30; Expires=Thu, 23-Mar-2023 01:02:09 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766; Max-Age=30; Expires=Thu, 23-Mar-2023 01:02:09 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:2; Max-Age=30; Expires=Thu, 23-Mar-2023 01:02:09 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:2|d:2; Max-Age=30; Expires=Thu, 23-Mar-2023 01:02:09 GMT; Path=/; Secure
DCID=y3GHrsBvTAembW2KLvaEGty+kfwIotZAL94L0zDtlPU%3d; Domain=ort.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:39 GMT;Httponly; Secure
_abck=435A802CF6DA87A18C3CE3997913727B~-1~YAAQFU8kF90Z9gaHAQAAfVb8CwnNl2ddz1CkBDOcq72HHbNCuozCrTNKgzObdJwjWN6ZUIH+Ma8GhYhhgeMxeqjnSi63LhKoPVkt2QKn6svQp0nxE/fGXT5mqow7+goQNamuois+bKxdOurUqMiFmZenRQ6VTr4PReKEJxS1KuTEUquVmlhkQK3OJu32DYPLWKLgpfFtg66eTlSCudcggKyfVpTkL4WUWzU8VUZvkIkMy3n4dCJsuZLrdOstizIsi7R/zxRY89/vZkObzcHdOS7lcGiFJOpf3ygls4blsUL+UOP96WgGkE1hWTHLZ2tJrSGI27ltL4B1uNwW89k7c3pOvIwqLruUfL6E9ZNQhO+5cugwqg+ZVKmH/6WKDKMIjg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 22 Mar 2024 01:01:39 GMT; Max-Age=31536000; Secure
bm_sz=C72E8777CF3DAE597D7C40E0302BCBF6~YAAQFU8kF94Z9gaHAQAAfVb8CxO9cuWQujKOhysfvHZvFRzhiCKJ2Tw4yKrHPrztf8O6cDVj8W292mlF0DXeVjfvtBy0FWl5Te36yW63Q34o/T3tx8a3w5JIAK6iXkTLVRUkeLHI6oZViNF406PRy0QK93o2VbEIIJu3ne6f8t1NtffHaMLlO4imw0XnI0jQp+rZv6LKF0SLC41Sb/z+B5YZpbgzO1bpG1b73bQIX/VumjWjrTNVL916zAa/qHcxcqcsOSswZCz6Om5qPEbtCgQ5Hhm7tGEou+wgtqCQNqQOtaam2rxC~4408628~3359300; Domain=.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 05:01:39 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--u949329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
200 OK 265 B URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash 028c0b3132cc9ed00d6a0c359fd2fd9a
c3704fef138185804add98aa827bf6e588d1b206
889ff7788d7aeec632515a909e6d017caf1cd281ada2024081f7cc8c2c4aeb22
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/imp/v1.0/report/?m&fq=load HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
content-type: text/plain;charset=UTF-8
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Content-Length: 648
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=; utag_main=v_id:01870bfc62a3000d6bc98d8d2f4200050003700900918$_sn:1$_se:2$_ss:0$_st:1679535103506$ses_id:1679533302436%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQJbJu0rgA%2FE8CmqhQa%2FofYNdtq33R6myFo%2FvX6JhKY%3D%22%2C%22_s%22%3A%22Rht6bNA8%22%2C%22c%22%3A%22elBTM3dLY2FHVEp2YjVtOQ%3D%3Dzn28gX-f42CMpBOxjDP7JGohCskFwh1DfAdYgpRybimiA6t55G6ZSa3lltplcCyyzu8-VN3AV3wJm8ks1mu1dGkl8mmP8FNVsno%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AfOkG2QAAAAAcspZTWCXtdubBQho803f%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A10000%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C58283159630398234782483752604549179140%7CMCAAMLH-1680138103%7C6%7CMCAAMB-1680138103%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C355126734%7CMCOPTOUT-1679540503s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ISD_WCM_COOKIE=!S5IPGNP7v6n7Z23z2xKqB3cO2dndHsy8Bsob2DzFYmo/dNGy7n7D7KleDF8GiCnPn76fO8sD9xn9ik0=; _cls_v=e6d01060-32ae-4590-8c67-79f137c4f807; _cls_s=09dce672-2ab1-4602-969f-9af1b8fcf05c:0; _gcl_au=1.1.112035001.1679533305; _ga=GA1.2.400773354.1679533305; _gid=GA1.2.1708435637.1679533305; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoib0grczF5dzNmNmJESHJwdXpXak9hQT09IiwiZSI6Inl0N3FqNHpCZlVPUktpdDJWdWJnYlRVQ1JKaFhGa3A3c0VpVEZSd1BCaHpSVGhHN09zdW5FVVdtclR6dCt3d0tuY2RrNGVQNG9nZzdlWk9JN3pJQTJcL2s3UkFUeWRQNTh4cHVBbHI5TjBMSnVpNWZTWHJDSndLZHg0VXoxVDNLNHVwMnBxZkVLdFRZMGdTakpDWGtUNkE9PSJ9.a069c9eba63e03c4.Zjc4MzViZDRjNjIyOTAzNDdhMzMzYTZhMDk4MWI4NDNjM2ZlMjA1MGNjYzBkMzk0Y2JkOWYwYmJjZWMyYTY3MQ%3D%3D; ndsid=ndsa5glhgr5dlc3lfkerk86; ADRUM_BTa=R:27|g:fbe8599e-167a-4da1-bd4e-2b1e90a7b162|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:64; _imp_di_pc_=AfOkG2QAAAAAcspZTWCXtdubBQho803f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:39 GMT
Content-Type: text/plain
Content-Length: 265
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=PxffzSojHXiP%2fbVV0Vh5xBdemyBznRtj2UmEYk3H3Yw%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 01:16:39 GMT;Httponly; Secure
_abck=1629F5DF703BD9FAFE1ACCC794F5ABF1~-1~YAAQlNAXArW3cOOGAQAA+1j8CwniiyGqkoPgsqSh117qyN427DChkHJgXLujZk9m/l9/tZu8S5ZBaK/uVvhf3nYvhYrqLnlR6AU4xAA3T1rgQbSXCleSK89AeccxSNAbMnzwroEXSPrtBSEy/tne6hJGiNLaUzD7CKWSWYbdr7k3Zoq1dGe5KlJNP+UdH/K5fe4ZGKFQat5vFIQfiig/g0GIwO+BxCTQjKs6+irBZCHUy1XGD+Oy+h091hbtsSyAxgGPL2PHFJVTsDfTOcUeF1/ih/GP6GIDZ7hKFs7kv8UZKLU5q2s3sUxebGGUJVbp05+ymGp0iSwAkbNEJRJ0isM8ZuMkWIiqEWzoQGOfRMjB4mOwUTPTqM0yNco/lXWOOQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 22 Mar 2024 01:01:39 GMT; Max-Age=31536000; Secure
bm_sz=AD835E13B03901AA3DACC10B45624C79~YAAQlNAXAra3cOOGAQAA+1j8CxOlIMmkYKkZxkE3bUy9SoJ0rz24EQB4KUUnf8ogIW8ebjQhs1OhXHVKGl1nRn3gs4wAUFe1vskZz7CscuNSVVHqYDutxKZfWkc7A78ScEByPmhRC4Yj7UVb/T+5pnLEJJZ5bwNi0FqphZtwm9neSULrowTRXy2OFPlW7Z+5mqIsgk9aT6gvdrnLsA6RGucn9Lw+yfV3nlFZNhPTg6crfsX5GNPOkSOY6LZyx+5u9vgZPiiZq4hBsGyNBdOzSrOB0NDi7xurE2RJEES3GPodYV6N5Tt7~4539447~3290680; Domain=.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 05:01:39 GMT; Max-Age=14400
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4f3_kf173_4979-37251
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
200 OK 0 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP
POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 13690
Origin: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 01:01:38 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:55|g:025dd018-5686-4204-9d43-fe880467e598; Path=/; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Max-Age=30
ADRUM_BTa=R:55|g:025dd018-5686-4204-9d43-fe880467e598|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e; Path=/; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Max-Age=30
SameSite=None; Path=/; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Max-Age=30; Secure
ADRUM_BT1=R:55|i:559461; Path=/; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Max-Age=30
ADRUM_BT1=R:55|i:559461|e:8; Path=/; Expires=Thu, 23-Mar-2023 01:02:08 GMT; Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
www--wellsfargo--com--u949329d48d6c.wsipv6.com/T74aG3/v/Z/0wqlYKpXVdy3/3JiOkQfLEuru3k/YXVAWAE/Pk/gzGlkBTVA
200 OK 0 B URL HTTP/1.1 www--wellsfargo--com--u949329d48d6c.wsipv6.com/T74aG3/v/Z/0wqlYKpXVdy3/3JiOkQfLEuru3k/YXVAWAE/Pk/gzGlkBTVA
IP
ASN #54994 QUANTILNETWORKS
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /T74aG3/v/Z/0wqlYKpXVdy3/3JiOkQfLEuru3k/YXVAWAE/Pk/gzGlkBTVA HTTP/1.1
Host: www--wellsfargo--com--u949329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:8fbcc309-f33b-4f35-837f-774baee41b13|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:87; ISD_WWWAF_COOKIE=!PfabRqFwCStWTcMeavdtAshNKc8KkV2bMMp/mMTLHkBGFmIsbcBemGQoq1AX/+gmeAhZnvnB4pS/vAY=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 01:01:35 GMT
Content-Type: application/javascript
Content-Length: 77202
Connection: keep-alive
Stored-Attribute-Sha-Checksum: f83f52a3ef01a4360a0e01885cd652ba71d4fd946ffa69f745cc1afcfe428d60
Last-Modified: Wed, 01 Mar 2023 16:38:10 GMT
ETag: "25d60855d8ebee1f1b5f138f7ed5003d81ad4b67f05e591c270a2ce360c66069"
Content-Encoding: gzip
Cache-Control: max-age=21600
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=NbSYcaeKSZclMuE9f44FTg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=771D213551ADA4F5B592380BB0764013~-1~YAAQlNAXAuO2cOOGAQAAAEb8CwkSSIhE6ZRXUWikd0Py8zvJRcAWBcOl6XRUKeTIWh/V7KTKhq6ie2MZgnyRiuvyjLFx/YNMKtPYgxddrtooRjDUOa8s4tJsreycJRPPzOHjljnonBCnkrebA//kxdNOVukCZNtYm5h3/I5wqUA1NDGIYbXQiDDQiF52EkAo1rWMtUKShuJ+s0jup5oEGW3mNCE2Z6+9n1rLYSb4c0k+owYkc5qMgT0htbXv4qRe3OP5HbAO7FGuEqVyZy75evciwKFtqOjhFbjl45GndSTiv5hYAjNFbqLp9RHdnv0ZRW7ksna1FO8LXlsqorc6aVw31Xuw5DGUfmmZNPgW9A7dHl/pl00MLowQV8djYeQkbg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Fri, 22 Mar 2024 01:01:35 GMT; Max-Age=31536000; Secure
bm_sz=0A4E9405433EF4A5DF524FE1427E365E~YAAQlNAXAuS2cOOGAQAAAEb8CxOCd53RJP+4MrlGAhjHbQV7FfJnpDcXcBJ79GXvZt44X2PIQhSGoVm8BAW4fRac2/sZjYPSZdcUD074X6DrgMGV60yuzCkOFpBWT2uWLDhAlS5rGJ2H27XhGkSlnSLmeeg99QWEUkuBXfkm8KAsQ1S+2R6KyDC93RZcW3e39PSDfrcMcD6R7FPPo0gAYfsoDjtavczv5WNWINxNdPpOj4PfqKDLf057B1bpc9eXzINRqnaij85bTRRvMPxg5YHex6ua9NjfWTFIEX0v/xnMvy9o083P~3749174~3291449; Domain=.wellsfargo.com; Path=/; Expires=Thu, 23 Mar 2023 05:01:35 GMT; Max-Age=14400
X-Via: 1.1 kf182:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 641ba4ef_kf173_5273-30728
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
200 OK 0 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
IP
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--u949329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 01:01:37 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
163.171.132.220
34.248.151.155
142.250.74.162
47.246.44.225
23.36.79.27
157.240.200.35
0.0.0.0