detectportal.firefox.com/success.txt?ipv4
200 OK 8 B URL HTTP/1.1 detectportal.firefox.com/success.txt?ipv4
IP
Hash ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Sat, 28 Jan 2023 15:57:35 GMT
Age: 59931
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5eb7c9bc996a0ff420e58af45526f053
8c2614832b8efe1c9da0bbd465d6f3f172d95a9e
c085cf277dd0429fe15e4a4bce5595636e9f2204d5a8e77220f8bf88adf4068f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C085CF277DD0429FE15E4A4BCE5595636E9F2204D5A8E77220F8BF88ADF4068F"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9323
Expires: Sun, 29 Jan 2023 11:11:50 GMT
Date: Sun, 29 Jan 2023 08:36:27 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a53f88060f412c377262e83c56df5ad4
b3f9c4fa3af3fcd577584fa8ade7e11ee061e902
29bdb5d242ef08e4eccd210f50943062facba308efb76bc597c76cb282e8787c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "29BDB5D242EF08E4ECCD210F50943062FACBA308EFB76BC597C76CB282E8787C"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17689
Expires: Sun, 29 Jan 2023 13:31:16 GMT
Date: Sun, 29 Jan 2023 08:36:27 GMT
Connection: keep-alive
getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
200 OK 45 kB URL HTTP/2 getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
IP
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 7063c4bae04904b2d1f77ceaf1c59bb0
f9c77cf168da112112a782eed490849fdcb05d8b
969dd8795dd2318415d4ca6b7281b28f853f368f6ec4b8484492c9bb5514904c
GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
vary: Accept-Encoding
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Hit from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: lOb9307rK1UfWDco62yNuQUEjdt4YthknZlagpqmQA3OkSdFwTd9xw==
content-encoding: gzip
via: 1.1 6a63e853422f3197776fb098fab5a416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 08:30:23 GMT
age: 364
content-type: application/json
content-length: 45390
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 302c7548412192add063ad6c8b99cf3b
e5d178931a27db036ce8daae302594d3ff7050b8
fc2bd9091006189e67e8074093805ee5492ce16e1dbfba32e083abeeae34969d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC2BD9091006189E67E8074093805EE5492CE16E1DBFBA32E083ABEEAE34969D"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7430
Expires: Sun, 29 Jan 2023 10:40:17 GMT
Date: Sun, 29 Jan 2023 08:36:27 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: C6N5JdsQlkq4BNoqXIhlsed6b6ErJUdrehzS1fbMILKpN+bebBtln5XAZNsf8W0yxOwbGIc5XYSLfrJ+PUcM6w==
x-amz-request-id: FYSY1PGQXCN1M3EK
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 29 Jan 2023 07:43:19 GMT
age: 3188
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3eb88dea4fe00db1182370e72683c3ab
ca520abf1e91bfd2aef40c6a1270a911071e8922
d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3817
Expires: Sun, 29 Jan 2023 09:40:04 GMT
Date: Sun, 29 Jan 2023 08:36:27 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 29 Jan 2023 07:43:08 GMT
content-type: application/json
age: 3199
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 08:36:27 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.dcocsp.cn/
200 OK 471 B IP
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 3ca6985fdd5f6b17bef949ea0d58fdbe
6fbeebf0b6ac3c89432993cf12fedf8857df672b
3f80e9e359c4dfa2a739307efe439843113312d3729208dd017a23b73babc06f
POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Sun, 29 Jan 2023 08:07:08 GMT
Ali-Swift-Global-Savetime: 1674979628
Via: cache21.l2de2[0,0,200-0,H], cache2.l2de2[1,0], cache3.se1[0,-1,200-0,H], cache3.se1[1,0]
Age: 1759
X-Cache: HIT TCP_MEM_HIT dirn:11:329290519
X-Swift-SaveTime: Sun, 29 Jan 2023 08:25:24 GMT
X-Swift-CacheTime: 2504
Timing-Allow-Origin: *
EagleId: 2ff62c9716749813873212471e
detectportal.firefox.com/success.txt?ipv4
200 OK 8 B URL HTTP/1.1 detectportal.firefox.com/success.txt?ipv4
IP
Hash ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Sat, 28 Jan 2023 15:57:35 GMT
Age: 59932
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
ocsp.digicert.com/
200 OK 471 B IP
Hash 536be15a8a98cfcd7af6fb6c2fa38213
151d41462a044ca0dbf3595652092a93eca5c06b
9449c06f4398aa60a6deadea4c32907cebb22d86de0612980434f353ced34533
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4916
Cache-Control: max-age=124851
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 08:36:27 GMT
Etag: "63d5618a-1d7"
Expires: Mon, 30 Jan 2023 19:17:18 GMT
Last-Modified: Sat, 28 Jan 2023 17:55:22 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 29 Jan 2023 07:49:04 GMT
age: 2843
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2645
Expires: Sun, 29 Jan 2023 09:20:32 GMT
Date: Sun, 29 Jan 2023 08:36:27 GMT
Connection: keep-alive
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
200 OK 19 kB URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
IP
ASN #54994 QUANTILNETWORKS
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (731), with CRLF line terminators
Hash 80b4216fa7e3bbcb508e1e7dd247282c
6105eb46df253f3724c380c8fc0143d31f9bc5df
c0c9bcbc873ee1fdaeadae0201b6d72e3185510add3e0ef47b46fabe92903815
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
GET / HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 08:36:27 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 18758
Connection: keep-alive
Expires: -1
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-da1e7ba8-9a25-48ff-8e13-0d6b92df9b75' 'self' https://*.wellsfargo.com https://*.wfinterface.com;report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Content-Language: en-US
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Akamai-Transformed: 9 22612 0 pmb=mTOE,1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:33e0f540-7e29-4bf4-9cfe-4744b6dc247c; Expires=Sun, 29-Jan-2023 08:36:57 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:0|g:33e0f540-7e29-4bf4-9cfe-4744b6dc247c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 29-Jan-2023 08:36:57 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 29-Jan-2023 08:36:57 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894; Expires=Sun, 29-Jan-2023 08:36:57 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:82; Expires=Sun, 29-Jan-2023 08:36:57 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=11202301290036271106803632; domain=.wellsfargo.com; path=/; expires=26 Jan 2033 08:36:27 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==; path=/; Httponly; Secure
WesdAksn=A72sq_yFAQAAhSume-_7EMQAZZ082vG8NqAjRfz2MAMHOEKE3j264piAHB2tAaOrg2CcuDv8wH8AAEB3AAAAAA|1|0|f8a5928c3a9474fdc43a9c1e73704f9b281845af; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=5yzgO+pMeTqGi+S0rFy3tawK%2fspQ0hQKgywuhwoDIkHoVsBat7Js0huZ6KG6ChdL; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:27 GMT;Httponly; Secure
_abck=D1AB5E47F14B8BCF38C9303483849204~-1~YAAQHWgRYNOn6/eFAQAA562r/Ak0nGBzZeQFXO5/CjY8YNgBYc/5WloSUW0I8OOz+aXAY7jSACzKZjV305ViMi4BgqIoxoUQroboHDDIOecGjqpMZUrTeTh6ZZcOJ//okSmLkliabPobICIdw2Kly6FsDG25HJLk/VUObecdkvOFhhnq1clgele5LUZ8ExSuib1GSP8n/j+Znqz75SNku1Nly+Gnwu+vBkLzH0zucTXukZXZIC3D3o4j/KXdOxjQiwyBwuB3bN/XThoJw10gJ2R2oF3hsfrj0vcJzQX5IUUPsBj6M6GIdRjV4wkRXagQvOefIGveJ+iH143J9gsy18fy1CeGc3X2uECrcErH+f34EwnbdT4kroB9jrLunVrWOQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 29 Jan 2024 08:36:27 GMT; Max-Age=31536000; Secure
bm_sz=83D408178A4D968FA0DD8E5F2D3E4FD6~YAAQHWgRYNSn6/eFAQAA562r/BLo8wJHKAEQ71DY71fRk4qDdrb+ftqctXiLIbFv2tyApUm5kzRztqrMDKDvrBhyyEzyzoWHmyfcM020n5CANIZqAbzXkdDM8rZFaxF5PdbUv8UUAUqj9Xk45RJpiXpgRw9Gn1vUPTsCjRffPExD5OuauDfCOrTuAfxEBCx06xmwsr4WALesAIgxD+xDmtx5vSQ6BWh3PH7CfQGf/alyIsRPnPJSlvIc+l1GXqfxT2lQRTtqlWLUYBIs85kEZ3hUOa4ZB5+GyKghmk0zhJtwwyVV48SU~4340018~3552051; Domain=.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 12:36:27 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl22:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d6300b_bl22_20337-12006
shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
200 OK 8 B URL HTTP/1.1 shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
IP
Hash 29fc57841962e407cb50c1be60284bf7
ce968a77e2996da5eee8925182318f171ccdce47
ae7e7075247dcfad763f1e131aeac3d2e756bb03d48b0d315a50c69636e5dc8b
POST /downloads?client=Firefox&appver=96.0a&pver=2.2 HTTP/1.1
Host: shavar.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Sun, 29 Jan 2023 08:36:27 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close
www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
200 OK 1.7 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash c5f6eb132665afa77e8ac7a1a707e951
70d65ab0dcfaace4c1d8bbb772af4fd7c6f66c80
0d7727e08780a04f9c86fca16ed264664eea2b161744cfb70836880bf04fc1ac
GET /assets/images/rwd/wf_logo_220x23.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61bcfcce-10c2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 853
x-check-cacheable: YES
content-length: 1710
content-type: image/webp
cache-control: private, no-transform, max-age=1466863
expires: Wed, 15 Feb 2023 08:04:10 GMT
date: Sun, 29 Jan 2023 08:36:27 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
200 OK 35 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x423, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b4461eb744601a2ca1764ee8245185fe
8666c2c62e249f94da9721df78c7ce0cfbb587b5
e04eef1b087076cfd56ee5728e50ef2993dc739f5d1934c3196c7bf88019d386
GET /assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "62057fd1-14ef3"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 35078
content-type: image/webp
cache-control: private, no-transform, max-age=1532514
expires: Thu, 16 Feb 2023 02:18:21 GMT
date: Sun, 29 Jan 2023 08:36:27 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
200 OK 2.5 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash e3dfb8e67322de6a7be8c293043e69e1
9c2339e0b48afdfdcd908f78777be88c133d2aef
ea103ea932d2ebdd8e57887e4beabb394c21b6f260f49adfa8be4772cb61faec
GET /assets/images/rwd/first_time_experience-account_summary.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "618287e9-14da"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 2496
content-type: image/webp
cache-control: private, no-transform, max-age=1603373
expires: Thu, 16 Feb 2023 21:59:20 GMT
date: Sun, 29 Jan 2023 08:36:27 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 2ab939d7526a8266218f77d9dbd76e54
20aaf3b998f98d720e7374bf337155ad50f88e85
ef9f2ce9c5fc66ec08d01f71dabab11e1db90a4568b9737eb3ae24b816074fa3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5524
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 08:36:27 GMT
Last-Modified: Sun, 29 Jan 2023 07:04:23 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 471 B IP
Hash 2ab939d7526a8266218f77d9dbd76e54
20aaf3b998f98d720e7374bf337155ad50f88e85
ef9f2ce9c5fc66ec08d01f71dabab11e1db90a4568b9737eb3ae24b816074fa3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4108
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 08:36:27 GMT
Last-Modified: Sun, 29 Jan 2023 07:27:59 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
200 OK 901 B URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (1952), with no line terminators
Hash 5dcc7c101ced74367609685d577093f6
f0d8214335e3c33b634048b992afd536f5bd3e43
10aab16ccfb5374425dc6ee64453a7fe6d7b6dfa47ab65779f42c7db740da1ef
GET /assets/js/wfui/appdynamics/appdEUMConfig.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 20 Jan 2022 02:38:25 GMT
Vary: Accept-Encoding
ETag: W/"61e8cb21-7a0"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 901
Date: Sun, 29 Jan 2023 08:36:27 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Yu67y811tnOWUb9jmbh+jQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
200 OK 11 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
IP
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (31790)
Hash 6d79a0dbc6ea2602aa38bbf53e43124e
8b53e45df3e4aea81cbfaa90081f6795bcfe39fc
d2aa003ecdd6c31e12964104bd23498a60e94fa2d163c6d1ff285db59f61bb6a
GET /assets/js/wfui/container/wfui-container-bottom.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Sat, 12 Feb 2022 17:58:28 GMT
Vary: Accept-Encoding
ETag: W/"6207f544-7c61"
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 11076
Date: Sun, 29 Jan 2023 08:36:27 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Gz94%2fSH9vvqL+F5YSriDGg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
200 OK 57 kB URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
IP
ASN #54994 QUANTILNETWORKS
File type Unicode text, UTF-8 text, with very long lines (65500), with no line terminators
Hash 55cf5abb917b734f8783436c20210ab0
83005f65ae0fb0cd0bd2576a330c8a4b9ddbb9fa
7e1678f1d42ace98528997082d53caedc0b14848feee15137bd786c3ba1bc012
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
GET /ui/javascript/homepage-ui/ps-homepage.js HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:33e0f540-7e29-4bf4-9cfe-4744b6dc247c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:82; ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 08:36:27 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 57254
Connection: keep-alive
Expires: Sun, 29 Jan 2023 09:06:27 GMT
Last-Modified: Tue, 13 Dec 2022 16:55:38 GMT
ETag: W/"6398ae8a-2b63b"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01cV0174:5 (Cdn Cache Server V2.0), 1.1 bl21:7 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d6300b_bl22_20685-2092
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
200 OK 18 kB URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
IP
ASN #54994 QUANTILNETWORKS
File type Unicode text, UTF-8 text, with very long lines (31326), with NEL line terminators
Hash 3c62755a932398b8a5d7d8cde9413fb3
8e0c91ea864ec3f0ff9385d6ddc6eb2c0987f8d4
980ef0d6507b3822543dff672ffcb8f9a51930638d23f417daaea928695881ae
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
GET /ui/javascript/homepage-ui/homepage_iaoffer.js HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:33e0f540-7e29-4bf4-9cfe-4744b6dc247c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:82; ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 08:36:27 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 17856
Connection: keep-alive
Expires: Sun, 29 Jan 2023 09:06:27 GMT
Last-Modified: Tue, 13 Dec 2022 16:55:38 GMT
ETag: "6398ae8a-d8e9"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01uY9168:5 (Cdn Cache Server V2.0), 1.1 bl22:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d6300b_bl22_20723-59083
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/f1GHGKQhF8bqq/610maFUBb/NMd1Y/buwat8th/PW02AQ/MhRA/RidCels
200 OK 76 kB URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/f1GHGKQhF8bqq/610maFUBb/NMd1Y/buwat8th/PW02AQ/MhRA/RidCels
IP
ASN #54994 QUANTILNETWORKS
Hash 222851cd0c5cd8989e4b3806fbcff1fc
d00bc04b026070707ac1ab8500e947e915b91b68
d62d83f97f6801bbcfae25869d65d6bac7ae5ef1ed405c0ae6cccc0210e59d66
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
GET /f1GHGKQhF8bqq/610maFUBb/NMd1Y/buwat8th/PW02AQ/MhRA/RidCels HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:33e0f540-7e29-4bf4-9cfe-4744b6dc247c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:82; ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 08:36:27 GMT
Content-Type: application/javascript
Content-Length: 75465
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 18:21:49 GMT
ETag: "fb4318c43422d46079682cfdd37a3c8e4ee1cc4ec2e24902dfdb845bec7855e1"
Content-Encoding: gzip
Cache-Control: max-age=21600
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=xiiNc44lk4vdWNmFxdGuVw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=BC2512E057FA9B7B6B39D1002571F924~-1~YAAQHWgRYN2n6/eFAQAA0q6r/Alq9eeh/RBXJYFR8JyzdZe11b4KzdkBn3tWPs54jAnvUB2CqMTijXhUQ8TX5DyNOFTOt7hIxecyGQciGBp7RvzQV1imGXimjUkt604SQvSZynX0uUdMexp0Gvdfz0LwFKV//sHrrsMIX7BojkC2Za5PpTcpVJionYchYbU8xpA9Em6g46mIavHzcVgk3gjM+dcKjRNFHtc3vE66sOoZ2gFw9tpPg2l/4NH9zxRO9ArODnxERMMoR2PT8GoheSEfnAFNy4IO2kw9aG5Z6gdnjHWnR1+PsqicNAbKF+L297JoqifcQ2ZaRdW14fQTbMuZEgSjmuKjkmvXEWikrXZcsS0t8COWeRagQL2qtV/w7g==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 29 Jan 2024 08:36:27 GMT; Max-Age=31536000; Secure
bm_sz=E7364958EBF4EB0E3119042E1717E4EB~YAAQHWgRYN6n6/eFAQAA0q6r/BI0clNZvBzeAeye2+SQYb6W/hLiMGt7GfLonphn/OFixpx8+/z78UxUbpgsyzXGvRILIVsa3sGk/NpeJVYxdp53/TR8wra77cLhMrcNevTonyMvBaIxMt6KVXn7pPkGgc+4Iwx7xe7paL3FlYSkjYOOhX+99E9W84iYHisa4ca/AQIZuWVxUzcrrLvpJ/qtJEM/SI8XM9inOeOBNpZHZ+1MYOIf7R9fdbTM2sXWo03NrWSS9DPGb+bhGGRfCjLDqe9k+ZmkZ8hXyr/j0fLZ22Q4ltUp~4340018~3552051; Domain=.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 12:36:27 GMT; Max-Age=14400
X-Via: 1.1 bl22:2 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d6300b_bl22_20330-56612
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: pRokk+fyHQOxYaUvjOkSrg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: +KFZLLnKkcR9TOTdaaT4T8HeMaA=
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
200 OK 4.3 kB URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
IP
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (9269)
Hash 5e0e56584ef1345090c5bf8d0b55043d
cebec7c7786089d066b245fbff28408da6e0f96f
b586f78d071de809a463e655b1f3a012578bf4acd25b1d5fcd9d9592df2677b6
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
GET /auth/login/static/js/general_alt.js?single HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:33e0f540-7e29-4bf4-9cfe-4744b6dc247c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:82; ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 08:36:28 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 4279
Connection: keep-alive
Content-Encoding: gzip
Expires: Sun, 29 Jan 2023 08:36:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A8Wuq_yFAQAAfX1bIqd4KkcFhgE2DhPzs1TbFoFztJXRd9Qt4xzBjXAwMnL1AaOrg1-cuDv8wH8AAEB3AAAAAA|1|0|50e7115d52986ec9f3c67231fc8f1c45ea037372; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=Q9bllN9So8j404v+98cRFuCkY3eu2qJVypkI68ATMUSCjoRHFdggMmqc0QsapZKq; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:27 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d6300b_bl22_20337-12051
www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
200 OK 49 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
IP
File type PNG image data, 1187 x 406, 8-bit colormap, non-interlaced\012- data
Hash 4576998e5446061faba47c4c609823e0
3beff60a8beab6ef65403e7bc02f996509c737a2
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39
GET /assets/images/sprite/responsive-sprite-v7.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 48569
last-modified: Thu, 21 Jul 2022 20:04:58 GMT
etag: "62d9b16a-bdb9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=3181400
expires: Tue, 07 Mar 2023 04:19:48 GMT
date: Sun, 29 Jan 2023 08:36:28 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Hash 0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=10719954
expires: Fri, 02 Jun 2023 10:22:22 GMT
date: Sun, 29 Jan 2023 08:36:28 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
200 OK 23 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Hash 83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
GET /assets/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5848"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=10719958
expires: Fri, 02 Jun 2023 10:22:26 GMT
date: Sun, 29 Jan 2023 08:36:28 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Hash f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704
GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=10563131
expires: Wed, 31 May 2023 14:48:39 GMT
date: Sun, 29 Jan 2023 08:36:28 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107\012- data
Hash 1a2740c8df445989e4ee5f5396b6474c
a3f8545619fdd5b2a481952cd9e2c7b169bb43a6
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc
GET /assets/fonts/wellsfargosans-lt.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 21636
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5484"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=10719943
expires: Fri, 02 Jun 2023 10:22:11 GMT
date: Sun, 29 Jan 2023 08:36:28 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221674961030832%22
200 OK 21 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221674961030832%22
IP
File type JSON data\012- , ASCII text, with very long lines (20973), with no line terminators
Hash 8d6a73f64d1c131f0890f5d2e510e681
d7fbdcfb84d496717feff4c00b4bd961729f6f26
5ec97403e02d0b8d62181f332acc7fc31bb766c6adfc1fa8f5eeb2b6b47404d2
GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221674961030832%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 20973
via: 1.1 google
date: Sun, 29 Jan 2023 08:02:20 GMT
age: 2048
last-modified: Sun, 29 Jan 2023 02:57:10 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
static.wellsfargo.com/tracking/hp/utag.js
200 OK 55 kB URL HTTP/1.1 static.wellsfargo.com/tracking/hp/utag.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (15181)
Hash 3696ebaee8a4dce7a09695dd80b3aef8
0dabf76fc893ffa3d29ba90d81cc03708b798431
0987f794748b29c49ec899c0d7599f225ce1252f243ab35d168a8d853b1aceae
GET /tracking/hp/utag.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 24 Jan 2023 07:23:58 GMT
Vary: Accept-Encoding
ETag: W/"63cf878e-322c5"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 54818
Date: Sun, 29 Jan 2023 08:36:28 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=9F43JdgQ1Qw+iu%2fuCU6m%2fQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1674931041829&_since=%221666204638208%22
200 OK 21 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1674931041829&_since=%221666204638208%22
IP
File type JSON data\012- , ASCII text, with very long lines (21040), with no line terminators
Hash d581f134affe0913454e30c03b2fb78a
4b1f93dd98b82b14aad69bed09048336054c45aa
63e7a9e6cd9afc6090b932b74b5d08495e3ff6f9c19354a8d5732f785787fc6b
GET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1674931041829&_since=%221666204638208%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 21040
via: 1.1 google
date: Sun, 29 Jan 2023 08:08:53 GMT
age: 1655
last-modified: Sat, 28 Jan 2023 18:37:21 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: eiIeQYeJ60RaZGTyHlR6wHHBaKrqEdgc36HF7W7H5gNU0i9P4dXzflHhHNYaf2CmfviXkHjIGJU=
x-amz-request-id: FKB9ETKSGTBC0SW1
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 29 Jan 2023 08:21:19 GMT
age: 909
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 29 Jan 2023 08:35:36 GMT
content-type: application/json
age: 52
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/f1GHGKQhF8bqq/610maFUBb/NMd1Y/buwat8th/PW02AQ/MhRA/RidCels
201 Created 18 B URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/f1GHGKQhF8bqq/610maFUBb/NMd1Y/buwat8th/PW02AQ/MhRA/RidCels
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
POST /f1GHGKQhF8bqq/610maFUBb/NMd1Y/buwat8th/PW02AQ/MhRA/RidCels HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2435
Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:33e0f540-7e29-4bf4-9cfe-4744b6dc247c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:82; ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 201 Created
Date: Sun, 29 Jan 2023 08:36:28 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=1kdXybFhmMRue5eLnqkeog%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=1kdXybFhmMRue5eLnqkeog%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=5A241598CB729366E34E2EC89D850BB7~-1~YAAQHWgRYBGo6/eFAQAAZ7Cr/AkhIXwEXtzIsCEo7Pfq5zBnIePn7hU0mlFi0tJDTxltN4izBggBaY3iOaS8u4xFdQ8U5wE/Q9ZkUCPYqCmeOlerxaIddnNIfRu2RCpO0xh2hbjnXb9KUkJmmuMiVoP1E13U18+jR+XI0pNPYR1rDOvLpVFgpcHTXzCy5vOHtxjzGgCmk+trNAGUgF6xAjndAqJUdbSnSQP9vrAaLN+ZsR2pLpRmzLR+4TG7MxvahItUZDl2+uxjb5DXW7duiaBEw6eZ7yORTroKHGoEUnE7vSOJAyL+Tus0Uykj5ZojQRt/wQ+TclV0qO1EuCW4vEdTQw+DuL1whdAKAmdAfkMULuCMhqFSKEvtJgPBls2vbg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 29 Jan 2024 08:36:28 GMT; Max-Age=31536000; Secure
bm_sz=CB1CD27616CB07AD1116021240DC9E73~YAAQHWgRYBKo6/eFAQAAZ7Cr/BI/Mx5nW72PA6Hc08J+YlLPiuiI7V/vHjJbjdse8RIh0Nv+cHWnEAKz4kcgdYMz4BqT8xyGFx2omo6L2px4xPEQoug2DRgdWslbqVAMQYT1bg803YpPv1X1KI9LNGU9xFheM1D4rhXp/E9UqxdF18qq0o37wKcpJ4hbQang17KHRMVDhQ5qs9S61HTKqj/2uXN0PSBjKIXCbDBEsvyxu1fAQfo19Mj8SeHK3cZh8gP1hbUK93DlMmx24b9cSS/Ft4WAAhzalojOKQK+nk1PeeAStPYb~3487297~3621175; Domain=.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 12:36:28 GMT; Max-Age=14400
X-Via: 1.1 bl22:2 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d6300c_bl22_20337-12109
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d09f36e361c76e50fbcdaac17347e73a
5fbed1dbeaa9bd3f804f89ae35fc20b324a09b87
9100edf350a0e51b0958a3a2b8af9f3aad8b2033ab685a2b4453d510921750ea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9100EDF350A0E51B0958A3A2B8AF9F3AAD8B2033AB685A2B4453D510921750EA"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17976
Expires: Sun, 29 Jan 2023 13:36:04 GMT
Date: Sun, 29 Jan 2023 08:36:28 GMT
Connection: keep-alive
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
200 OK 306 kB URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
IP
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (65356)
Size 306 kB (305866 bytes)
Hash 0a73606e47133a2d2a13f7b5e1750e3c
8faaf759f275f0b66491df1c5077939099282044
cadbb05fc74ea8549b09ebed74da9dddf5499847acbcfaf7775b67a48abfc1ed
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
GET /auth/login/static/js/general_alt.js?1js HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:33e0f540-7e29-4bf4-9cfe-4744b6dc247c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:82; ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 08:36:28 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Sun, 29 Jan 2023 08:36:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: DCID=3e2EbTg19Yp5g6GKtPnoEaHq4YOiX9ULYABqXOsohnw%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:28 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d6300c_bl22_20685-2113
firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin
200 OK 807 kB URL HTTP/2 firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin
IP
Size 807 kB (807180 bytes)
Hash 914be443bdfbe8a1c3ded61e1c114bd6
4fe7c5ff83f6a29e6699f4cebc17550891504661
41b036d0c889509d547296b238027a063c313261ad52d5f7bb81922011791857
GET /staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin HTTP/1.1
Host: firefox-settings-attachments.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: eqaXtdOyxXu+k/C39UfpNG7DiCNWPjFMC32dK+Q1BlulymrlE7Zk2DqSltB3DFDPgUFmdnIj5Hg=
x-amz-request-id: R8H01851VPQQRPJY
x-amz-version-id: K1ODzappZsD35qeu0OM5zvs_BP1eybj7
accept-ranges: bytes
server: AmazonS3
content-length: 807180
via: 1.1 google
date: Tue, 24 Jan 2023 12:42:02 GMT
age: 417266
last-modified: Tue, 10 Jan 2023 12:38:46 GMT
etag: "914be443bdfbe8a1c3ded61e1c114bd6"
content-type: application/octet-stream
cache-control: public,max-age=604800
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22
200 OK 935 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22
IP
File type JSON data\012- , ASCII text, with very long lines (935), with no line terminators
Hash 3d63398bfcd270d3aff50d730b7fbf8e
95b217d19c323845ba9739f9e343ffd4a050dc2a
28be153e42646803b6aa62501fcb5262eea2812237655cec6be8b2a3ff4e7d0c
GET /v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 935
via: 1.1 google
date: Sun, 29 Jan 2023 07:53:19 GMT
age: 2589
last-modified: Sat, 28 Jan 2023 16:36:44 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/target/offers/conversations
200 OK 2 B URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/target/offers/conversations
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
POST /target/offers/conversations HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 105
Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:33e0f540-7e29-4bf4-9cfe-4744b6dc247c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:82; ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 08:36:28 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 2
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-508b4741-eea6-4951-8807-a28603cbf073' 'self' https://*.wellsfargo.com https://*.wfinterface.com;report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Set-Cookie: ADRUM_BTa=R:0|g:33e0f540-7e29-4bf4-9cfe-4744b6dc247c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:82; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:c3e4e260-f572-42b1-b571-f38812511b6d; Expires=Sun, 29-Jan-2023 08:36:58 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:c3e4e260-f572-42b1-b571-f38812511b6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 29-Jan-2023 08:36:58 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 29-Jan-2023 08:36:58 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893; Expires=Sun, 29-Jan-2023 08:36:58 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:78; Expires=Sun, 29-Jan-2023 08:36:58 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=11202301290036281281801984; domain=.wellsfargo.com; path=/; expires=26 Jan 2033 08:36:28 GMT; secure=true; SameSite=Lax; HttpOnly
wcmcookiehp=DAE5DB1834EA2A9E69AA4A6F0A974619; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
DCID=Xn2LqT8dGu2YCVXiqVploTIt9NMjRTdsvOds52VcXRpcW4rtu9qPO6N+NWTmqkhJ; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:28 GMT;Httponly; Secure
_abck=04C3293DDF5F7E86AD570D89B2BB44BB~-1~YAAQHWgRYCGo6/eFAQAAEbGr/AmfjQit8MVDTZuslzxyCBUInOEBYfci0GT+xL7vDHsy6nuFg65dJxnGCtwk0OFeL02NXHT0Qv9d5KDe2ym0MwrRh2NlulXOECKSe2jwHj6S91Fhyv35AQNyb8FtnpLefOO/4oDU/4P4Kb+oUQD1byLzrQLEPtkjGtSCL/++eaMtPm8GfQdHAVM6OwkBuq6tgk15kVAh5MzgB9/UGCKfVeRxUWcr5Ox7ewpBogj5Rwv9O6hUVxDDyW+kwD8pdC7Luq4TacQi3tm0A2xKFU6EyM8KmW+DeFKdmrHGHhCdIrN7Bt4jOFF8+K/ByzbPxPrn9bdM3irCEK1BHGO72+8WNrS5BD+ZNj90H7uR2hAvWg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 29 Jan 2024 08:36:28 GMT; Max-Age=31536000; Secure
bm_sz=601A9EAF65A1C2CDDCC42F8D39634F00~YAAQHWgRYCKo6/eFAQAAEbGr/BLTmuWBltUYlG2Aci39f+5O/a9EoPfnG6QXzvafpRjDJs4BQR13oOuioPKdUQZuoDUJWEux+kt6a9Qs68D6ntudARxZ0pZfSqrgOtAQvz8JM4O4LMYrFTjbevB14MOSyJMMGqGCDoRGXYogW+C4iYsZ5BJMVWL9akX5zjThKtSuCzQnOku/tg+lcQBFQ2Xdjm9YMrhZ5Z6ebGaW3oO2m/m9h4M2YVT7oIm0yjejmS1EuO99SdcmOp2ficJRZmfFXmcmKKaZptJVR2jF8ebUCyoSYpMF~3487297~3621175; Domain=.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 12:36:28 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl22:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d6300c_bl22_20626-64431
firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1674858595598&_since=%221666279968541%22
200 OK 78 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1674858595598&_since=%221666279968541%22
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash ee4eef8de43cf4a7c73ce43ba18c7ac5
7d666d6425e23d1d84ae8456fb9300e810d6b851
5617a76238713aa0896790d5336540b4e275bdf6a10fd4360559496a0e14a4c5
GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1674858595598&_since=%221666279968541%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 78157
via: 1.1 google
date: Sun, 29 Jan 2023 08:23:14 GMT
age: 794
last-modified: Fri, 27 Jan 2023 22:29:55 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1674841566207&_since=%221666483264567%22
200 OK 52 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1674841566207&_since=%221666483264567%22
IP
File type JSON data\012- , ASCII text, with very long lines (52267), with no line terminators
Hash 43fa3c33ef7e1368ef38013ab44077ec
70447b3d512f20511dec32ecad04b77a76a86b6f
bae20740abda87eb747664b2ec70fb29c5ff7899292685645d7ed2c609727391
GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1674841566207&_since=%221666483264567%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 52267
via: 1.1 google
date: Sun, 29 Jan 2023 08:36:09 GMT
age: 19
last-modified: Fri, 27 Jan 2023 17:46:06 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
200 OK 9.2 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
IP
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash cd112f1acb59ef6e59e09c0effd8ce2a
bc104cd92adc32a8f695300d2b0cc69c2776f6af
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c
GET /assets/images/icons/ico/favicon.ico HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/x-icon
content-length: 9198
last-modified: Fri, 17 Dec 2021 21:10:38 GMT
etag: "61bcfcce-23ee"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=71331
expires: Mon, 30 Jan 2023 04:25:19 GMT
date: Sun, 29 Jan 2023 08:36:28 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
200 OK 1.0 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
IP
File type ISO Media, AVIF Image\012- data
Hash 4febe8c61db195a61e1bf6366a2dba1e
6b66fc1349bd2d08b0d9046a2f0c33d1b2925534
964596930b998b90463258b346ce36d991a0f28e7054770a1decfff35a9cda0c
GET /assets/images/icons/icon-hires_192x192.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6116f9a6-dcf"
last-modified: Tue, 17 Jan 2023 06:26:40 GMT
server: Akamai Image Manager
content-length: 1012
content-type: image/avif
cache-control: private, no-transform, max-age=1547329
expires: Thu, 16 Feb 2023 06:25:17 GMT
date: Sun, 29 Jan 2023 08:36:28 GMT
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
200 OK 1.5 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
IP
File type JSON data\012- , ASCII text, with very long lines (1505), with no line terminators
Hash bf91148bc6bc52655c8e8138e8a0a4f4
919f632d0fa2021439aefb26804e6c811f077343
0b87aabbe04ee50ba0cdfdfd6710e761f3ede6ac42cc8faa1b136315529daabf
GET /v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1505
via: 1.1 google
date: Sun, 29 Jan 2023 08:04:35 GMT
age: 1913
last-modified: Fri, 27 Jan 2023 16:36:46 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1674751976728&_since=%221661199949574%22
200 OK 18 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1674751976728&_since=%221661199949574%22
IP
File type JSON data\012- , ASCII text, with very long lines (17471), with no line terminators
Hash 6e2d33aecce57f200365d89f518caa2a
0226b86348839e3398809b8e542aa7daf6909ba6
1fa13b584b43bddc8fd2e1fc57676c930b50dea74726a9c2fc55e35dca77ebfd
GET /v1/buckets/main/collections/search-config/changeset?_expected=1674751976728&_since=%221661199949574%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 17471
via: 1.1 google
date: Sun, 29 Jan 2023 08:05:32 GMT
age: 1856
last-modified: Thu, 26 Jan 2023 16:52:56 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1674132577705&_since=%221657747510534%22
200 OK 2.1 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1674132577705&_since=%221657747510534%22
IP
File type JSON data\012- , ASCII text, with very long lines (2144), with no line terminators
Hash 5081e6ce6effca1e5ba513b8ee475b1c
56b570761e64c997d2340e4697a1c0e1b06cc0e5
df3c6bd21705a779e7eace5f711efb8e0c91a77a0fd18288d12cf49507f944a2
GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1674132577705&_since=%221657747510534%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 2144
via: 1.1 google
date: Sun, 29 Jan 2023 07:44:26 GMT
age: 3122
last-modified: Thu, 26 Jan 2023 16:36:43 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22
200 OK 1.7 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22
IP
File type JSON data\012- , ASCII text, with very long lines (1743), with no line terminators
Hash ab262a9bb6f1280c3c36ed0ced90f3d5
e042e56c58964267c5ffada95c35cf17f9f844be
5a6ea549b05e1a0061529a1e08b3863a74f8ae84036353d6e24fac17583d689d
GET /v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1743
via: 1.1 google
date: Sun, 29 Jan 2023 08:19:00 GMT
age: 1048
last-modified: Tue, 24 Jan 2023 21:17:28 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png
200 OK 1.0 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2700367e62982f99dbdb7efa2e11328c
7db153f43a4bc9d95eb94e0d07404440b92ec129
8e16030cdf2d91809d0540f79aa3a3be4b83e4a9bf13bd91def3962f1484406f
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61a93697-f60"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 131
x-check-cacheable: YES
content-length: 1004
content-type: image/webp
cache-control: private, no-transform, max-age=1549211
expires: Thu, 16 Feb 2023 06:56:39 GMT
date: Sun, 29 Jan 2023 08:36:28 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
200 OK 2.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash cd43a2d200f1b8eec84495408eb299f0
2eb173b0af9b49b634e0645a96931f5fdf6e3ab3
659ec8c02bafa9c286c39731fb1d2d382a7a8dd2ee8cc4132146558dbe27b6a8
GET /assets/images/homepage/position-1-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-9f2c"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 858
x-check-cacheable: YES
content-length: 2330
content-type: image/webp
cache-control: private, no-transform, max-age=1550656
expires: Thu, 16 Feb 2023 07:20:44 GMT
date: Sun, 29 Jan 2023 08:36:28 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
200 OK 2.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2f9e97870725142046712437d067b97f
bf8db685193835edea05ac95e5671b24e0f49467
50ce7b0d954443e5fd62e3cd003bc7124bda0b30dd58d6a66485c72be96959c0
GET /assets/images/homepage/position-2-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-cf3e"
last-modified: Thu, 14 Jul 2022 02:02:39 GMT
server: Akamai Image Manager
content-length: 2340
content-type: image/webp
cache-control: private, no-transform, max-age=1467578
expires: Wed, 15 Feb 2023 08:16:06 GMT
date: Sun, 29 Jan 2023 08:36:28 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
200 OK 2.1 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash bf02d082705f06162b2e73f68602e79e
219dbb45081fa5d8663bad2f96e9066e7f17aa6e
10c22e3b130204065c1a61e7995a9defe21f0408801e8b442035a03f8d16ad64
GET /assets/images/homepage/position-3-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-7b35"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
x-serial: 416
x-check-cacheable: YES
content-length: 2092
content-type: image/webp
cache-control: private, no-transform, max-age=1581989
expires: Thu, 16 Feb 2023 16:02:57 GMT
date: Sun, 29 Jan 2023 08:36:28 GMT
X-Firefox-Spdy: h2
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/f1GHGKQhF8bqq/610maFUBb/NMd1Y/buwat8th/PW02AQ/MhRA/RidCels
201 Created 18 B URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/f1GHGKQhF8bqq/610maFUBb/NMd1Y/buwat8th/PW02AQ/MhRA/RidCels
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
POST /f1GHGKQhF8bqq/610maFUBb/NMd1Y/buwat8th/PW02AQ/MhRA/RidCels HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2352
Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==; utag_main=v_id:0185fcabca0d001e979148b3bd4f00050003700900918$_sn:1$_se:1$_ss:1$_st:1674983194958$ses_id:1674981394958%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:c3e4e260-f572-42b1-b571-f38812511b6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:78
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 201 Created
Date: Sun, 29 Jan 2023 08:36:28 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=yF7Mge7FrpdpKIcdaj6g4A%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=yF7Mge7FrpdpKIcdaj6g4A%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=5E45111C68CAD388FE19A57A34150E9A~-1~YAAQHWgRYE6o6/eFAQAApLKr/AkOJPANX10piDR3KDmHUn3TbA3gBca8Zs5xBBMjTy4UVrJ8JR5SbpYZ+GHr4b+hgCBkJgXlsQHcWA+ITKWRMD6dCbb1j/6SjixYpkp39rmF4sPHMFbJef6eBD/hHrrZeovx1IDsFrtUc+LpeVN6qqTw+4C0sYyExPIcRnzwyX0AWyCYGNUnhwX248zxKb08KdVhoENHxK/ZOp/d60T+DKxk5W4PV26REIHnXsEGcNcSbCONcTlLINCuw4CR+ukN7xN1O36DedxSmY0nSqUKcxRCb43qTNhP4/BBO8nERZ47Tjvt2v8QXU2zr8G6Bq5HfrAc0Lzr++/oOvHB0TQCrLErUCYzGO32l0tjVZppRw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 29 Jan 2024 08:36:28 GMT; Max-Age=31536000; Secure
bm_sz=F4103ADF7448B7F40B0F6D0DD8ED96F8~YAAQHWgRYE+o6/eFAQAApLKr/BKvuGb4rWlq5ZTWkfCErP/P0oE1zp9cESyeYoVIGZizgm+y5iAv5wTkEnPnMH+K+yP8NIz1cc996NtXKW618u00pPwA5eG5yMHsYtFQU0/8g5Ggb9Y1Y3CaqpY8W/icesaJXWDPOaYjlb6KmJEwAg/qxBtcfBH+9OyAWH9E9MsOeyO3rPSry3juh9X4hEK0/337cW8B9Y5CEW6k44lWMr92uMI/9H+K4r40b2WbC3ZIpOJ7kMzYQablbpMZ2e/wF8hxLXhOaEK7g0zux188wmvnmn3l~3487297~3621175; Domain=.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 12:36:28 GMT; Max-Age=14400
X-Via: 1.1 bl22:2 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d6300c_bl22_20685-2192
firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1674595012490&_since=%221662044085942%22
200 OK 4.3 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1674595012490&_since=%221662044085942%22
IP
File type JSON data\012- , ASCII text, with very long lines (4318), with no line terminators
Hash d2da10d4238679967f2f1b3c1b9b23c4
975faf29a2f3f3e7033760e2dbcfaedacdf10df0
06f2f6e989845778d3804554769b028d9d95378aafbeffd125c1f977a64b82d3
GET /v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1674595012490&_since=%221662044085942%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 4318
via: 1.1 google
date: Sun, 29 Jan 2023 08:20:18 GMT
age: 971
last-modified: Tue, 24 Jan 2023 21:16:52 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22
200 OK 1.7 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22
IP
File type JSON data\012- , ASCII text, with very long lines (1719), with no line terminators
Hash 72383bcf75fd3f95b04c04f9b29e6f46
9af7454ba7e71364303c3b2fed36d96138acf802
145b07c9a17c643743a65915536b5c73e7a5bd00b689b1c411a32f3a56ff763d
GET /v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1719
via: 1.1 google
date: Sun, 29 Jan 2023 08:33:58 GMT
age: 151
last-modified: Tue, 24 Jan 2023 16:36:44 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22
200 OK 1.3 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22
IP
File type JSON data\012- , ASCII text, with very long lines (1250), with no line terminators
Hash 813d4e664d5e77312ff4d33db52751ed
fc198a56a45d8ee8594c067bd17ba4f30569201e
2051a6f05a4a12e0b4a2c0772ab9b7773bdd4ce903c95b9976a9cb1dd1666719
GET /v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1250
via: 1.1 google
date: Sun, 29 Jan 2023 07:43:44 GMT
age: 3165
last-modified: Tue, 24 Jan 2023 16:36:43 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
200 OK 680 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
IP
File type JSON data\012- , ASCII text, with very long lines (680), with no line terminators
Hash 3c2ab58934d4eb17ff9d1f19e23dd202
0fe30545b9b31860da6b7de765133774fc8677d9
86d6334b6a51c4ec01520e2b7d990bd1cbce3b8202d715e56b1017e2ea82e40c
GET /v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 680
via: 1.1 google
date: Sun, 29 Jan 2023 07:48:10 GMT
age: 2899
last-modified: Sat, 21 Jan 2023 16:36:52 GMT
etag: "1674319012896"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AEDDpfyFAQAA440OzkFx41nnzAcx8gvGm6fO8KfaVe4HRa1MvQ0ZUqfhwPuJ&X-G2Q3kxs3--z=q
200 OK 149 kB URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AEDDpfyFAQAA440OzkFx41nnzAcx8gvGm6fO8KfaVe4HRa1MvQ0ZUqfhwPuJ&X-G2Q3kxs3--z=q
IP
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (65536), with no line terminators
Size 149 kB (148758 bytes)
Hash d52a2558b378b9b1508fb296b5c8f96a
613262e90348c935d084442c9b6eb917ac241a26
272491f27e4a6ed4951da89f180302d77d75eaba4bbf71e472ec0a5273f304fb
Analyzer Verdict Alert openphish Wells Fargo & Company
quad9 Sinkholed
GET /auth/login/static/js/general_alt.js?async&seed=AEDDpfyFAQAA440OzkFx41nnzAcx8gvGm6fO8KfaVe4HRa1MvQ0ZUqfhwPuJ&X-G2Q3kxs3--z=q HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:33e0f540-7e29-4bf4-9cfe-4744b6dc247c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:82; ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 08:36:29 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Sun, 29 Jan 2023 08:36:29 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A76vq_yFAQAAUu1Rqqx0FxcH1zS5Uz-zcDZMwsEeucA9N4Wj42CoHvYBKhE1AaOrg1-cuDv8wH8AAEB3AAAAAA|1|0|ee8b160f0af419605e70f3c9533f0bbbe57ded09; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=GIhOyqGe+vKmqmbjaf8AZR6AuHAKVdjKEox1550m2K4%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:28 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl21:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d6300c_bl22_20330-56628
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14434
Expires: Sun, 29 Jan 2023 12:37:03 GMT
Date: Sun, 29 Jan 2023 08:36:29 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14434
Expires: Sun, 29 Jan 2023 12:37:03 GMT
Date: Sun, 29 Jan 2023 08:36:29 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14434
Expires: Sun, 29 Jan 2023 12:37:03 GMT
Date: Sun, 29 Jan 2023 08:36:29 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14434
Expires: Sun, 29 Jan 2023 12:37:03 GMT
Date: Sun, 29 Jan 2023 08:36:29 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14434
Expires: Sun, 29 Jan 2023 12:37:03 GMT
Date: Sun, 29 Jan 2023 08:36:29 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F167a00fc-5c65-46d1-816e-da9e473736e3.jpeg
200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F167a00fc-5c65-46d1-816e-da9e473736e3.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5e7433eb3123a1f9b14507c78e38e7b9
fef8b905b580999963758a56be9c3226697929a2
895298ddf6822e9f95e10fe17c1ade0b0782c3753e96eab8a3798df5ba969dbe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F167a00fc-5c65-46d1-816e-da9e473736e3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6518
x-amzn-requestid: 6e9c624a-2036-4161-ad9e-1c66068e3eb1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPHz0HmsoAMFljA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf867e-011e1c43072a8dfa22af6e88;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:19:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Q1ZzG8pFadpyekXKMIv_GJZ-_rPBBBvvfVXSXLbSQVLhPETx6Eomvw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 21:46:47 GMT
age: 38982
etag: "fef8b905b580999963758a56be9c3226697929a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg
200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43c4a8e963936a8064dbd2bd3c67b905
8508727c97127c98b886833af28b3470306216c2
070c29fe7c0a227029483d675eac863904ab6b291467acdf62167f4845699c21
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8652
x-amzn-requestid: 5a5a883e-d7d4-4fc5-925a-3a95830c504e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVguyG7BIAMFm8g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d214c4-390b59a32060e41203533c58;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 05:51:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ewSsCY4u9DwRtaj00U9JCim9tYeCgHRuIQFpdHm4ttI6L02-e44iDQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 23:11:24 GMT
age: 33905
etag: "8508727c97127c98b886833af28b3470306216c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcc7f65e9-ca75-4ecb-ba7c-ae70877eaf01.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcc7f65e9-ca75-4ecb-ba7c-ae70877eaf01.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2f73f114f8dc452fc0b16825570ad50c
6bb1b3db6c36e2c9d23b6cb7d1c8616eeec19575
23fd69e6ccdd2ce2b5d3d8b3f075a07cdb36efd663a4119b5dca22165e7b2090
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcc7f65e9-ca75-4ecb-ba7c-ae70877eaf01.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10030
x-amzn-requestid: 0c6c82b5-f91b-4468-bb25-d87d4d7dedd5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVAbgERRIAMFdcw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1e116-7f17c79047447dff2de3ab67;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 02:10:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4C0fCJB3N9nw0xKQnlsRLx_VGA3shg394U3Tq4pxNMWgggZe93TLUA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 20:30:44 GMT
age: 43545
etag: "6bb1b3db6c36e2c9d23b6cb7d1c8616eeec19575"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3be81f83687ddb6c93d3ff3c09a9dba2
50a48e737310d3f31840db4301b25927fbcc12c5
e78c909e2381898e7f546183784a05dff47c31734c95358aaada8c2777ad47be
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9167
x-amzn-requestid: e6e0789c-a4a9-4ffa-a0ae-691770d1035b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPF9YEBmIAMF0kQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf8388-01d2093432d3959903671a69;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:06:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: awfNeaKbFw2bjiTGwUrwUTxU-qbVS2eTjn948H8kn1hy7pi_DwLMlQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 17:35:56 GMT
age: 54033
etag: "50a48e737310d3f31840db4301b25927fbcc12c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 4jPbm4WufkUKm7ljLvpHrJUFhr-JQ_nl3iYfI5S8nTqEszFdUtz9EQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 05:24:09 GMT
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
age: 11540
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg
200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4c77437e3a7361861aed8bfecbfe6bd6
fefd238c13c0fdfb7d964c90fcc8a8cbbf953034
282d15c443cb6232ae0a30046a0dc24360617355a4651cdba59b11e6f7313d8a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5594
x-amzn-requestid: d56c9b84-dc1f-4d5c-91bf-7db55058bf67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLyeEGOloAMFpzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ce3126-5013a6b971d6800c5c85a4eb;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 07:03:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: D2ZAelkDgsd0wjoOSoPRwTzhozs84_aIcgwU-QmbDrTnHztVD0VL_A==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 14:57:16 GMT
age: 63553
etag: "fefd238c13c0fdfb7d964c90fcc8a8cbbf953034"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/f1GHGKQhF8bqq/610maFUBb/NMd1Y/buwat8th/PW02AQ/MhRA/RidCels
201 Created 18 B URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/f1GHGKQhF8bqq/610maFUBb/NMd1Y/buwat8th/PW02AQ/MhRA/RidCels
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
POST /f1GHGKQhF8bqq/610maFUBb/NMd1Y/buwat8th/PW02AQ/MhRA/RidCels HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2917
Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==; utag_main=v_id:0185fcabca0d001e979148b3bd4f00050003700900918$_sn:1$_se:1$_ss:1$_st:1674983194958$ses_id:1674981394958%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:c3e4e260-f572-42b1-b571-f38812511b6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:78
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 201 Created
Date: Sun, 29 Jan 2023 08:36:29 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=pwxoFIOCc3cqqbIeVCZEzg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=pwxoFIOCc3cqqbIeVCZEzg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=04BED84F266FCD6EFAA35E3A5A9B1275~-1~YAAQHWgRYHqo6/eFAQAAeLSr/Aly+QlOsjlmZlkDG7xyNrVPFmysVlizSgnGAXs4G0JecpN294EXeH8XBahH9QcrweUVOIGMBV9e121lK/kENWdfPwsBMDns6g9vXWh6rxwkV6Jn9QobWyG9rU4Y9xzw1ac/KMiPQ+OYpALpipZxxhSs3N3HrW6lPqVrsgqILeQb2eWm+aKcSATfS26DgaqRUU8NnGEnL0pK7NMvf1qIif17BN9dPJejahvovA1utJ8pRrUCaSzklpeO7g6jGDLjBNfFITcIViGydEa++CYbrhRACfSk5JTExaHJiEFD2klshDMzDT7OZogeWb/46ZWWRWoxMUm3fSFrGCLOnm/31smMdT1CX4BsoYL7P7MsHg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 29 Jan 2024 08:36:29 GMT; Max-Age=31536000; Secure
bm_sz=173487441FE2C9FB0D12B3BA19BA8808~YAAQHWgRYHuo6/eFAQAAeLSr/BLnGL9Ox/ewqyQ6Ubrj1aITcBds/wtrQftP5X6A3jGVA4EwiIw87bDVfbb2trqGsmippcbEbfh/R0SuAwqI4lY8DkSxloBJ8JCsG/9wHySDeZAAYv9pnbns4KRj8qcEOsNz3X38IBJR3Mjqjp0E8IoxLV+Iae8yXVuMLEvhndHQ19JHxHAZAlEg+CUBZIBj38g7viKOblpkm8G51b32/VUcCevi7mufshRVD5moih1ObdLpBZw8qLVBaDrQ1ZgpPQXe9+eVLl3tYoBJSXp43SSNjqvy~3749681~3487811; Domain=.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 12:36:29 GMT; Max-Age=14400
X-Via: 1.1 bl22:2 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d6300d_bl22_20685-2234
www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
200 OK 852 B URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 83d5bb1eeca48fd91b76ba78a6033079
795d21b0703fe9606406267cbb1740251f17949c
b5b73fb58b90213e3e94e8bb2f2821ae968e4a14c736940a2a80673c5039919b
GET /assets/images/rwd/Active-Cash-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6217f519-1d25"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 852
content-type: image/webp
cache-control: private, no-transform, max-age=1435762
expires: Tue, 14 Feb 2023 23:25:51 GMT
date: Sun, 29 Jan 2023 08:36:29 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
200 OK 1.1 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 79x50, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 8fc4a7236687f00978c3d3d9c679fa7d
5d7bcfc23ba4a4b58f22f497b214e7b427916b05
c2f04b9277e2158e498ea44ff61a651461ac7bcf0eed712b78fa8e21ae6eabfb
GET /assets/images/rwd/wf_autograph_card_79x50.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6286a22a-81c"
last-modified: Thu, 14 Jul 2022 19:31:27 GMT
server: Akamai Image Manager
x-serial: 2010
x-check-cacheable: YES
content-length: 1118
content-type: image/webp
cache-control: private, no-transform, max-age=1646140
expires: Fri, 17 Feb 2023 09:52:09 GMT
date: Sun, 29 Jan 2023 08:36:29 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
200 OK 712 B URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 856ba11ad61b561850f726f3f9bd8c6b
b50337dec6ee97d505a21bdcaa15f4a0d2bb2571
7867b0f1e4d21ebd684268360f820149578a15141a9128b57a97843c0fcb3b72
GET /assets/images/rwd/Reflect-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6217f519-1c20"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 712
content-type: image/webp
cache-control: private, no-transform, max-age=1553618
expires: Thu, 16 Feb 2023 08:10:07 GMT
date: Sun, 29 Jan 2023 08:36:29 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
200 OK 1.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 20395535ccb9d64fc541151586d860d7
791003e66d20380a1925d19a9bb3c4cbaf451073
5220e2267bf1d52810fa37112ed26e7d0d6a6f8cfaaa7d36c032b68562030d05
GET /assets/images/rwd/bilt_card_79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6217f519-1be6"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 961
x-check-cacheable: YES
content-length: 1348
content-type: image/webp
cache-control: private, no-transform, max-age=1532381
expires: Thu, 16 Feb 2023 02:16:10 GMT
date: Sun, 29 Jan 2023 08:36:29 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_check_mark_gradient_64x64.png
200 OK 1.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_check_mark_gradient_64x64.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 20cf7cbf9f523ea23270f0140672e57d
61c40fed4a85b0ff069f6361f87ee77ff4207c2d
9d7f1fe0833268a6a9468b9fc19436ffe00b8596c67131b09361467deaed1b76
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_check_mark_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61a93697-12d2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 1344
content-type: image/webp
cache-control: private, no-transform, max-age=1005206
expires: Thu, 09 Feb 2023 23:49:55 GMT
date: Sun, 29 Jan 2023 08:36:29 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
200 OK 562 B URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash dffe59af45e3b6e5d78ffcb4a1a5386a
f273b4eded463939c9a9ec7944a892d2a3921ed2
9bd4d77dfdadd6574d42e469c1968fffce0422134f4487f1d785367752743f96
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61a93697-769"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 562
content-type: image/webp
cache-control: private, no-transform, max-age=1576344
expires: Thu, 16 Feb 2023 14:28:53 GMT
date: Sun, 29 Jan 2023 08:36:29 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_g_1199830824_1600x700.jpg
200 OK 52 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_g_1199830824_1600x700.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x502, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 67a063a06589a4e40465cffe34adf460
83bd779eab37f708db097c28d9eb4295c3ebdc13
e037cf255bed27ebd83c682b368532fc925848a9ff0e42d97132ac995e43bbdf
GET /assets/images/contextual/responsive/lpromo/wfi_ph_g_1199830824_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61a7e46d-172e2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 51474
content-type: image/webp
cache-control: private, no-transform, max-age=1549112
expires: Thu, 16 Feb 2023 06:55:01 GMT
date: Sun, 29 Jan 2023 08:36:29 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1345111232_616x353.jpg
200 OK 24 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1345111232_616x353.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 51ee4423bd7473f82847570bb6f10f88
5665cca6ad63f3cf35b07de9f3534c8e94cfe698
79117776265cb8f5638233611d20d12eb5af668b2b7a0228eaa6d15d190e6890
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1345111232_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6350582a-e73f"
last-modified: Tue, 01 Nov 2022 15:13:52 GMT
server: Akamai Image Manager
content-length: 23618
content-type: image/webp
cache-control: private, no-transform, max-age=1776067
expires: Sat, 18 Feb 2023 21:57:36 GMT
date: Sun, 29 Jan 2023 08:36:29 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_557715963_616x353.jpg
200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_557715963_616x353.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 338cfc728ba1dbb6840c74558c5b9d9e
16d3653d467c5e8f80600b924a91fc19d3bf416f
dcc2606ff287abd984b9e619a55adb02716c387721e5482b604503b0602e3cd0
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_557715963_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "635162e0-ce5a"
last-modified: Mon, 31 Oct 2022 17:02:20 GMT
server: Akamai Image Manager
x-serial: 60
x-check-cacheable: YES
content-length: 22174
content-type: image/webp
cache-control: private, no-transform, max-age=1844757
expires: Sun, 19 Feb 2023 17:02:26 GMT
date: Sun, 29 Jan 2023 08:36:29 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_900217040_616x353.jpg
200 OK 37 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_900217040_616x353.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 610cca644e5b3cff3d2aa622756a5262
21d77bf774d09ef0d2aadd12e9b554bdcfabf685
9c48183f44abcf70ba1c5752a29e2e3fbb314ed363d918ee00f4977f70dcac3e
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_900217040_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "63505814-e902"
last-modified: Tue, 01 Nov 2022 15:12:20 GMT
server: Akamai Image Manager
content-length: 36638
content-type: image/webp
cache-control: private, no-transform, max-age=1750163
expires: Sat, 18 Feb 2023 14:45:52 GMT
date: Sun, 29 Jan 2023 08:36:29 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
200 OK 9.7 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 8b4c65145c9e79c9856c52e2ce603d3b
438a74f7b0422772484641c478e42249dfe67b02
768a1f0d67ab6d887d220ae8500265022bc019d8076b815c8ca7b009556be135
GET /assets/images/rwd/Native_App_Phone_Personal_v8.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6328cc17-9829"
last-modified: Tue, 11 Oct 2022 18:46:18 GMT
server: Akamai Image Manager
content-length: 9652
content-type: image/webp
cache-control: private, no-transform, max-age=2451725
expires: Sun, 26 Feb 2023 17:38:34 GMT
date: Sun, 29 Jan 2023 08:36:29 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/woman_in_office_616x353.jpg
200 OK 32 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/woman_in_office_616x353.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7b5816c180aaf51a1142bd41e53a6ed3
f8dfd3ec8e0fb88ecef0a4b07acda06d280741ab
d7651b47c8d449b7311d15e9625df3514e7c0278ff059392189e608b5a9113a1
GET /assets/images/rwd/woman_in_office_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "618017dd-d06e"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 31450
content-type: image/webp
cache-control: private, no-transform, max-age=1704319
expires: Sat, 18 Feb 2023 02:01:48 GMT
date: Sun, 29 Jan 2023 08:36:29 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
200 OK 29 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1368994cfb46c8ae169c749459365581
49af26a99885e645354f7b26e123655cdeee159b
a5bcbe6002a1fbae84d43160b1f45c3686d5c35e7fda458e9f4b3fd2dacfe3e5
GET /assets/images/rwd/volunteers_cars_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "618017dd-cd21"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 29240
content-type: image/webp
cache-control: private, no-transform, max-age=1544704
expires: Thu, 16 Feb 2023 05:41:33 GMT
date: Sun, 29 Jan 2023 08:36:29 GMT
X-Firefox-Spdy: h2
connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
200 OK 569 B URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
IP
ASN #20940 Akamai International B.V.
Hash 33fbe3a2d69cddef6e4a946096d516c6
5dc02187efd63f59e7747024016774a9ae4046bf
5afe00e1770197f51923e187f09f529db01f0ad8a3f245b2e9b571446e364fe8
GET /accounts/static/7M/accounts/short/accounts-cache.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: W/"6387ebc6-497"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 569
Date: Sun, 29 Jan 2023 08:36:29 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=tgFAP7Lo89D8WozUjKjutBTbQuwZkRSQnVg9yJo4Wpc%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1
200 OK 45 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sun, 29 Jan 2023 08:36:29 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=0RmzRr1sriq8qoHrYD5Jsw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.2f6490b248e0bc46f824.chunk.css
200 OK 23 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.2f6490b248e0bc46f824.chunk.css
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 1f394d5e622516de8455a0adad3ec3a4
6ea419e3813723cbe7bb8e2b1a55007c27de2cf5
f5e90651778c28c44a8527a67cf1e6ca98e3f444079e453f4005558e66437e2c
GET /accounts/static/7M/accounts/public/stylesheets/main.2f6490b248e0bc46f824.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 23136
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-5a60"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Sun, 29 Jan 2023 08:36:29 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=pHYCipy6Vq3bI+EcZjKy3Q%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.dfcfda3cf6ac55a7ceb9.chunk.css
200 OK 37 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.dfcfda3cf6ac55a7ceb9.chunk.css
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 1524d2feddb5b31daa9fe7c4fcb562b1
45717724083119d92a3e2e5e7b65724ae0333b84
ddb56ac96f135f1dc6eede90348813730b1a2744bdd3e5f20443dbc6010820a0
GET /accounts/static/7M/accounts/public/stylesheets/wfui.dfcfda3cf6ac55a7ceb9.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 37102
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-90ee"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Sun, 29 Jan 2023 08:36:29 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=7fku0t5KF7nAtixkk6qXtA%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
200 OK 152 kB URL HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Size 152 kB (151950 bytes)
Hash 2f03e20abea7675d382901d0eb862e47
00c4263e9986375130a0931f7b1a66401efa837d
3f7be6dec2340819217f5a881eee28e914cc60a07693ce53ffe1728aaa486fe4
GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Allow: GET, POST, OPTIONS
Access-Control-Allow-Methods: POST
X-Frame-Options: SAMEORIGIN
ETag: W/"63d032c6-172f"
Last-Modified: Tue, 24 Jan 2023 19:34:30 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Sun, 29 Jan 2023 08:36:29 GMT
Content-Length: 151950
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
WesdAksn=A6i1q_yFAQAAvrXz-6IkdeSks9GXuJQnnKigcRYZkvlnjWCPBX61fC3YeElTAVtaKpqcuDv8wH8AAEB3AAAAAA|1|0|53d6f10d2720adc01771838fa9084c62d8d1043c; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=w3+9gAozJDMPFlsK8K1HvNaJBa+VNIfCWwYTWNRsqH0kGfO0VOL2tNInGgnAR1ut; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.digicert.com/
200 OK 471 B IP
Hash d234f496b541c096e00e63c80d7a62ad
e4e37fe3bc81161b93d2494e5ef826896d8248e7
a39b69a3d3f963e2be2085e3f3ca24f25bbf7e21a672d45a038ab2daa091ece4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5888
Cache-Control: max-age=169713
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 08:36:29 GMT
Etag: "63d60cfe-1d7"
Expires: Tue, 31 Jan 2023 07:45:02 GMT
Last-Modified: Sun, 29 Jan 2023 06:06:54 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
200 OK 178 B URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash 0f6481c3733db5276027a14d5b5dcffc
3118a59186b0955f2be74c5b86f635cf13559f5a
5326ab471af2728191e5595ab21a2d5e6342b22e2abf3e25f635ca2d030c967a
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
POST /dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Content-Type: multipart/form-data; boundary=---------------------------254245302526401960742257338978
Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Content-Length: 171
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==; utag_main=v_id:0185fcabca0d001e979148b3bd4f00050003700900918$_sn:1$_se:1$_ss:1$_st:1674983194958$ses_id:1674981394958%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:c3e4e260-f572-42b1-b571-f38812511b6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:78; dti_apg=%7B%22_rt%22%3A%22DTcPZZEb4g3K8CmqmRq3p%2F9MKJPr8Aai5lEEhWysqdE%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 08:36:29 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 178
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
x-envoy-decorator-operation: ingress DeviceCategoryPost4
X-Akamai-Transformed: 9 175 0 pmb=mTOE,1
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=1pSqqoPsu%2fNKDNsHjauwtBRtglV07ybtAFo0fNy%2f0Zbh7r0OL+Bof2AtRd4iSAvC; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:29 GMT;Httponly; Secure
_abck=42FD31641A2B24BEDE7D5534E20DBF0E~-1~YAAQHWgRYKmo6/eFAQAAgrar/AkePNeDWMlAslUeELQsGHdYWRCmUQj1L/ksyMUVvNPaZpp2X4cA5AbwX/CTz7A3sjSSi7ytC3BYJATzSE/8OSrUElQosTvc79DXmB6I5iTdTWAH59FrCTYzikcwUoR94LfL4yj4Qj6w4TwitJ08VPa8tX3DpTiC+BYWDeLNF71Q398PIv5o9Bz5F51+5PWnONz0K++7fPtXeYWkAD6atLfU8P8MhvAbR9B+Ae9lMJJllJ4w8Elp2PxjkNIUrvHOVYojTFLTPcOUueKLGa6WVc3DXGg40JptKqrUKXiPa2bywhuBJhdKA/oqXOZqbMYTwxnklePICKVbD5jQ7+vGkvI1NmLvqdRo1P8q7LHT5w==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 29 Jan 2024 08:36:29 GMT; Max-Age=31536000; Secure
bm_sz=217911CBDB7CD6A1F8DF2408453BA6E7~YAAQHWgRYKqo6/eFAQAAgrar/BJqBT10C5aiQOi6rAeBlRRjgYEYToeJfGgGV1iR64Wcj9/C/ERkr7/w5P5CqMEDygrjhVjYd6dY2fTG5LGvdG0qQibQMheJEi/r/Hy/i8rhp/x8OdZp/b2kfBS9t7dx8zbMIIif+tCdMrOin2XJEVAH5lrZA9BbeZZERZ5Lw3G2TIUmrEve/0UYl9J8Jb25qYTofTRhBreze2Zr+VFKNyhFb1N1v3Sn8PewB3xqyj7WHzSoGete1pdZCp68+W8Rg2X/0CeH4mgd+uEZZG1tsfxFAPyD~3749681~3487811; Domain=.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 12:36:29 GMT; Max-Age=14400
X-Via: 1.1 bl21:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d6300d_bl22_20685-2272
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1674981396295
200 OK 320 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1674981396295
IP
File type JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Hash 20084a7cbb5fd2c196119350eb42ad4f
a23935aa33713df9b95064ca24e816111230e3ec
42b85ef5d2fd4dd6de37925b8be0d336ecbdf657977006b5c4463e5c7f8a33b8
GET /id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1674981396295 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0687cfe76.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=06793482361982985033544102455980655261; Max-Age=15552000; Expires=Fri, 28 Jul 2023 08:36:29 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: NmOcOtn+TSs=
Content-Length: 320
Connection: keep-alive
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
200 OK 14 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (32088), with CRLF line terminators
Hash 3aebe41731e9656c48b87e8e8b2d1177
43369d1732f4ad8a5e7a1e9a3e133d96945afe02
6cf0cd136cefa8b4cce2da6ead22c33b83af4af3e87d7e4e9589b60f6ce4e395
GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 14304
Date: Sun, 29 Jan 2023 08:36:29 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Vte5%2f7pUj8Kry9NAjhQhIQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.85f8fe51d92e1666882c.js
200 OK 3.6 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.85f8fe51d92e1666882c.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (7300), with no line terminators
Hash 529a7c0a23255dcba4b28d93223b1baa
d42dccc998c4ef14ccd29ac23dad922646aff36f
efe09028974baf21caabbc06eceea0e8b01d1efd9102f7985743241f6cc8abb2
GET /accounts/static/7M/accounts/public/js/runtime.85f8fe51d92e1666882c.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: W/"6387ebc6-1c84"
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Content-Encoding: gzip
Content-Length: 3646
Date: Sun, 29 Jan 2023 08:36:30 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=FTXMf76vN6AbcKcGFojreF9%2fxqzxcMT4RsQUIyT18gI%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=06756965873028448203540435689102604430&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%0111202301290036271106803632%011&ts=1674981396613
200 OK 320 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=06756965873028448203540435689102604430&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%0111202301290036271106803632%011&ts=1674981396613
IP
File type JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Hash f7bf2ee5a9b068f57e80bbb366d78440
a0ccc3895d0dccf8413f508d02ff37be9e9c9672
ee4790da60165e2c41363b6eea17ac057fc721b28524325a1cc2cf99ac3e35a1
GET /id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=06756965873028448203540435689102604430&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%0111202301290036271106803632%011&ts=1674981396613 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0f822ad5b.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=19139199662328585653887026407023127617; Max-Age=15552000; Expires=Fri, 28 Jul 2023 08:36:30 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: C1a09b+rTlY=
Content-Length: 320
Connection: keep-alive
ocsp.sectigo.com/
200 OK 471 B IP
Hash 8ef1dbe04ff3834735b0659e7ae82c62
56d86283c8861f679162e92c70bbea59f819b8dc
a41623bee3b144f94362b7351bf88236e4291f113068361be33209f550fb3373
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 08:36:30 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 29 Jan 2023 01:42:55 GMT
Expires: Sun, 05 Feb 2023 01:42:54 GMT
Etag: "56d86283c8861f679162e92c70bbea59f819b8dc"
Cache-Control: max-age=579383,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7910a3f74a75b4f9-OSL
api.rlcdn.com/api/identity/idl?pid=1317
451 Unavailable For Legal Reasons 0 B URL HTTP/2 api.rlcdn.com/api/identity/idl?pid=1317
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/identity/idl?pid=1317 HTTP/1.1
Host: api.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 451 Unavailable For Legal Reasons
date: Sun, 29 Jan 2023 08:36:30 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396604&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396604&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396604&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==; utag_main=v_id:0185fcabca0d001e979148b3bd4f00050003700900918$_sn:1$_se:1$_ss:1$_st:1674983194958$ses_id:1674981394958%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:c3e4e260-f572-42b1-b571-f38812511b6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:78; dti_apg=%7B%22_rt%22%3A%22DTcPZZEb4g3K8CmqmRq3p%2F9MKJPr8Aai5lEEhWysqdE%3D%22%2C%22_s%22%3A%22RhsNfelD%22%7D; _cls_v=cfb58a1f-0eb6-460b-8f29-bddd2e081166; _cls_s=a9cf8a87-531d-425d-ad39-94b0169ca16a:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 08:36:30 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 28 Jan 2023 08:36:30 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=r+eydA%2fEulNEtq8SHSU9heWd8+hXp+ymXtooK6+8pOj1O1nlu1GqP8iAKAXVy+BJ; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d6300e_bl22_20685-2313
static.wellsfargo.com/tracking/ga/gtag.js?t=AW-984436569
200 OK 45 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/gtag.js?t=AW-984436569
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=AW-984436569 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sun, 29 Jan 2023 08:36:30 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=jrOgfR9kalTY7jiyToA2XA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1674981396302
200 OK 322 B URL HTTP/1.1 wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1674981396302
IP
File type JSON data\012- , ASCII text, with very long lines (596), with no line terminators
Hash 2a3f7dd5e61b9d3bbcdf12bf90b1db07
0be5f085cd9d66a13086e0aed76a5e2476a93a6a
b8ae06a1d12352482a21d1638147f4011659af8f7b691c44c666ab6d792848c8
POST /event?d_dil_ver=9.5&_ts=1674981396302 HTTP/1.1
Host: wellsfargobankna.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 392
Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0687cfe76.edge-irl1.demdex.com 5 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=06793482361982985033544102455980655261; Max-Age=15552000; Expires=Fri, 28 Jul 2023 08:36:30 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: HefacMCmQBg=
Content-Length: 322
Connection: keep-alive
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
200 OK 16 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (599)
Hash 18a9dcc7cee831010cf1647c8e39088a
731f39c30835414c6e165dd4687bf4071fe0eb10
1dc439a17ef08f995584c4869ccc397120b2502b57ba40240887df28e347be9b
GET /assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 Mar 2021 23:46:24 GMT
Vary: Accept-Encoding
ETag: W/"60401fd0-bbed"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15970
Date: Sun, 29 Jan 2023 08:36:30 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=eeRCmyEmuASonHM4pCklrA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
200 OK 607 B URL HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with CRLF line terminators
Hash 00c66df208db2e1ba86a1bf44853001c
703b030e21167b9bbb52ae54bca96921a886c2dc
ab1989dd07ba1ed256db9131647ea9cb1b3735fac736fd27fb73b4b44c6e45b9
GET /auth/static/prefs/atadun.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 24 Jan 2023 19:34:34 GMT
Vary: Accept-Encoding
ETag: W/"63d032ca-4a0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Content-Encoding: gzip
Content-Length: 607
Date: Sun, 29 Jan 2023 08:36:30 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=Qq+zR9CR+EX4CuW7Dm4J5ICH+9soyJdKGvKRDydo%2f7qhTUM6BYlDM2d4YWywyzU5; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396704&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396704&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396704&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32 HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==; utag_main=v_id:0185fcabca0d001e979148b3bd4f00050003700900918$_sn:1$_se:1$_ss:1$_st:1674983194958$ses_id:1674981394958%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:c3e4e260-f572-42b1-b571-f38812511b6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:78; dti_apg=%7B%22_rt%22%3A%22DTcPZZEb4g3K8CmqmRq3p%2F9MKJPr8Aai5lEEhWysqdE%3D%22%2C%22_s%22%3A%22RhsNfelD%22%7D; _cls_v=cfb58a1f-0eb6-460b-8f29-bddd2e081166; _cls_s=a9cf8a87-531d-425d-ad39-94b0169ca16a:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C06756965873028448203540435689102604430%7CMCAAMLH-1675586196%7C6%7CMCAAMB-1674981395%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-410170382%7CMCOPTOUT-1674988596s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 08:36:30 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 28 Jan 2023 08:36:30 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=qIQEPGMpFjHgSCoG6qwB0rLv9ksrFOSnS2rUjbhRcM7k3CjzQzTkI2KRP8NzSX74; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d6300e_bl22_20330-56806
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396707&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396707&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396707&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32 HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==; utag_main=v_id:0185fcabca0d001e979148b3bd4f00050003700900918$_sn:1$_se:1$_ss:1$_st:1674983194958$ses_id:1674981394958%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:c3e4e260-f572-42b1-b571-f38812511b6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:78; dti_apg=%7B%22_rt%22%3A%22DTcPZZEb4g3K8CmqmRq3p%2F9MKJPr8Aai5lEEhWysqdE%3D%22%2C%22_s%22%3A%22RhsNfelD%22%7D; _cls_v=cfb58a1f-0eb6-460b-8f29-bddd2e081166; _cls_s=a9cf8a87-531d-425d-ad39-94b0169ca16a:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C06756965873028448203540435689102604430%7CMCAAMLH-1675586196%7C6%7CMCAAMB-1674981395%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-410170382%7CMCOPTOUT-1674988596s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 08:36:30 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 28 Jan 2023 08:36:30 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=9LsGHJt1UDlhllvvNX5ckdc%2fBDCWOdSqkMQw2kyDjyOrWBuYkUoprw2X44MEn6V2; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d6300e_bl22_20626-64584
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396713&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396713&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396713&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8 HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==; utag_main=v_id:0185fcabca0d001e979148b3bd4f00050003700900918$_sn:1$_se:1$_ss:1$_st:1674983194958$ses_id:1674981394958%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:c3e4e260-f572-42b1-b571-f38812511b6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:78; dti_apg=%7B%22_rt%22%3A%22DTcPZZEb4g3K8CmqmRq3p%2F9MKJPr8Aai5lEEhWysqdE%3D%22%2C%22_s%22%3A%22RhsNfelD%22%7D; _cls_v=cfb58a1f-0eb6-460b-8f29-bddd2e081166; _cls_s=a9cf8a87-531d-425d-ad39-94b0169ca16a:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C06756965873028448203540435689102604430%7CMCAAMLH-1675586196%7C6%7CMCAAMB-1674981395%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-410170382%7CMCOPTOUT-1674988596s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 08:36:30 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 28 Jan 2023 08:36:30 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=dFjJzwubvJcW3LhnxUBYxTbfn+7FafDLmUi8w311IK1hmL%2ffcpVGN6alXZhWzlSb; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d6300e_bl22_20337-12258
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396719&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A242-223859-16%7Etcm%3A91-223657-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396719&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A242-223859-16%7Etcm%3A91-223657-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396719&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A242-223859-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==; utag_main=v_id:0185fcabca0d001e979148b3bd4f00050003700900918$_sn:1$_se:1$_ss:1$_st:1674983194958$ses_id:1674981394958%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:c3e4e260-f572-42b1-b571-f38812511b6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:78; dti_apg=%7B%22_rt%22%3A%22DTcPZZEb4g3K8CmqmRq3p%2F9MKJPr8Aai5lEEhWysqdE%3D%22%2C%22_s%22%3A%22RhsNfelD%22%7D; _cls_v=cfb58a1f-0eb6-460b-8f29-bddd2e081166; _cls_s=a9cf8a87-531d-425d-ad39-94b0169ca16a:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C06756965873028448203540435689102604430%7CMCAAMLH-1675586196%7C6%7CMCAAMB-1674981395%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-410170382%7CMCOPTOUT-1674988596s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 08:36:30 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 28 Jan 2023 08:36:30 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=At32r9CihbmLXTVqRF%2f7r5ZmPpJdKH0frjWeH9YQ+klbn2oa6EBDtd9D12XYX+Wl; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d6300e_bl22_20723-59287
static.wellsfargo.com/tracking/ga/gtag.js?t=DC-2549153
200 OK 45 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/gtag.js?t=DC-2549153
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sun, 29 Jan 2023 08:36:30 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=STxijorBvGiFw0VXY2%2fsGQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/tracking/ga/gtag.js?t=UA-107148943-1
200 OK 45 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/gtag.js?t=UA-107148943-1
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=UA-107148943-1 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sun, 29 Jan 2023 08:36:30 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=cv0Pq2903sIzGExnFeffeg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
ocsp.sectigo.com/
200 OK 471 B IP
Hash 8ef1dbe04ff3834735b0659e7ae82c62
56d86283c8861f679162e92c70bbea59f819b8dc
a41623bee3b144f94362b7351bf88236e4291f113068361be33209f550fb3373
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 08:36:30 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 29 Jan 2023 01:42:55 GMT
Expires: Sun, 05 Feb 2023 01:42:54 GMT
Etag: "56d86283c8861f679162e92c70bbea59f819b8dc"
Cache-Control: max-age=579383,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7910a3f8ec44b4f9-OSL
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1674981396723&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarqueeOffer
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1674981396723&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarqueeOffer
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1674981396723&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarqueeOffer HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==; utag_main=v_id:0185fcabca0d001e979148b3bd4f00050003700900918$_sn:1$_se:1$_ss:1$_st:1674983194958$ses_id:1674981394958%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:c3e4e260-f572-42b1-b571-f38812511b6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:78; dti_apg=%7B%22_rt%22%3A%22DTcPZZEb4g3K8CmqmRq3p%2F9MKJPr8Aai5lEEhWysqdE%3D%22%2C%22_s%22%3A%22RhsNfelD%22%7D; _cls_v=cfb58a1f-0eb6-460b-8f29-bddd2e081166; _cls_s=a9cf8a87-531d-425d-ad39-94b0169ca16a:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C06756965873028448203540435689102604430%7CMCAAMLH-1675586196%7C6%7CMCAAMB-1674981395%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-410170382%7CMCOPTOUT-1674988596s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 08:36:30 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 28 Jan 2023 08:36:30 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=ghONtNOBqvM3Kugn02gzGT+8rCqH51UHGb0wUarQO0V+6srnuec88LboRw6Sbbq0; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d6300e_bl22_20790-54853
connect.secure.wellsfargo.com/AIDO/glu.js
200 OK 37 kB URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/glu.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 955b7f98a94881d403d5b4a89dc2e21a
9c219f2ac7d6fb738280dcbe3f4bb8c8efa0ce2d
d23620f3843f17281cba2b0d3df8e16f203b611f56bad4a8760d6a30da4ecd68
GET /AIDO/glu.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 37102
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, OPTIONS
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Encoding: gzip
Date: Sun, 29 Jan 2023 08:36:30 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=oOV4B5VeIvzcYuk9MWms1xe3QdeI5qQ5OUKDubB6yveOd3ZIWp0dt+iiHqtg0rEY; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396726&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-228778-16%7Etcm%3A91-228643-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396726&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-228778-16%7Etcm%3A91-228643-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396726&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-228778-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==; utag_main=v_id:0185fcabca0d001e979148b3bd4f00050003700900918$_sn:1$_se:1$_ss:1$_st:1674983194958$ses_id:1674981394958%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:c3e4e260-f572-42b1-b571-f38812511b6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:78; dti_apg=%7B%22_rt%22%3A%22DTcPZZEb4g3K8CmqmRq3p%2F9MKJPr8Aai5lEEhWysqdE%3D%22%2C%22_s%22%3A%22RhsNfelD%22%7D; _cls_v=cfb58a1f-0eb6-460b-8f29-bddd2e081166; _cls_s=a9cf8a87-531d-425d-ad39-94b0169ca16a:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C06756965873028448203540435689102604430%7CMCAAMLH-1675586196%7C6%7CMCAAMB-1674981395%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-410170382%7CMCOPTOUT-1674988596s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 08:36:30 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 28 Jan 2023 08:36:30 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=KvRJU8uGx9VE63lOlsdtSpgs0oqH65oAJe8AMYFb6COxtHFE82HZMNIKi7%2fcVY8+; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d6300e_bl22_20330-56843
static.wellsfargo.com/tracking/gb/detector-dom.min.js
200 OK 43 B URL HTTP/1.1 static.wellsfargo.com/tracking/gb/detector-dom.min.js
IP
ASN #20940 Akamai International B.V.
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:03:51 GMT
Vary: Accept-Encoding
ETag: W/"632cbfa7-6b8d3"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 131829
Date: Sun, 29 Jan 2023 08:36:29 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=p1KG02DgFFwMFIQeV8JL4g%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396733&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-228784-16%7Etcm%3A91-228643-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396733&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-228784-16%7Etcm%3A91-228643-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396733&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-228784-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==; utag_main=v_id:0185fcabca0d001e979148b3bd4f00050003700900918$_sn:1$_se:1$_ss:1$_st:1674983194958$ses_id:1674981394958%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:c3e4e260-f572-42b1-b571-f38812511b6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:78; dti_apg=%7B%22_rt%22%3A%22DTcPZZEb4g3K8CmqmRq3p%2F9MKJPr8Aai5lEEhWysqdE%3D%22%2C%22_s%22%3A%22RhsNfelD%22%7D; _cls_v=cfb58a1f-0eb6-460b-8f29-bddd2e081166; _cls_s=a9cf8a87-531d-425d-ad39-94b0169ca16a:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C06756965873028448203540435689102604430%7CMCAAMLH-1675586196%7C6%7CMCAAMB-1674981395%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-410170382%7CMCOPTOUT-1674988596s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 08:36:30 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 28 Jan 2023 08:36:30 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=z3OgIXtwq2O9CmkEsjXjhqla7IRhpKXetWbzXZDQw7SW0mt%2fWAiqQYzDu3sDWO6U; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d6300e_bl22_20337-12288
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/as/jsLog
200 OK 0 B URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/as/jsLog
IP
ASN #54994 QUANTILNETWORKS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
POST /as/jsLog HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 171
Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==; utag_main=v_id:0185fcabca0d001e979148b3bd4f00050003700900918$_sn:1$_se:2$_ss:0$_st:1674983196785$ses_id:1674981394958%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:c3e4e260-f572-42b1-b571-f38812511b6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:78; dti_apg=%7B%22_rt%22%3A%22DTcPZZEb4g3K8CmqmRq3p%2F9MKJPr8Aai5lEEhWysqdE%3D%22%2C%22_s%22%3A%22RhsNfelD%22%7D; _cls_v=cfb58a1f-0eb6-460b-8f29-bddd2e081166; _cls_s=a9cf8a87-531d-425d-ad39-94b0169ca16a:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C06756965873028448203540435689102604430%7CMCAAMLH-1675586196%7C6%7CMCAAMB-1675586196%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-410170382%7CMCOPTOUT-1674988596s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 08:36:30 GMT
Content-Length: 0
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-5e998263-8f1a-4f5d-b74c-ffb4696cf0d5' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Set-Cookie: ADRUM_BTa=R:27|g:c3e4e260-f572-42b1-b571-f38812511b6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:78; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:032de214-66bd-46fa-928e-be42c0db3b73; Expires=Sun, 29-Jan-2023 08:37:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:032de214-66bd-46fa-928e-be42c0db3b73|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 29-Jan-2023 08:37:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 29-Jan-2023 08:37:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=FF95FCA9E69C49D99A97A2F40F5D39C1; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Mon, 29-Jan-2024 08:36:30 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202301290036301321654205; domain=.wellsfargo.com; path=/; expires=26 Jan 2033 08:36:30 GMT; secure=true; SameSite=Lax; HttpOnly
ADRUM_BT1=R:27|i:206915; Expires=Sun, 29-Jan-2023 08:37:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206915|e:10; Expires=Sun, 29-Jan-2023 08:37:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206915|e:10|d:0; Expires=Sun, 29-Jan-2023 08:37:00 GMT; Path=/; Secure; SameSite=Lax; Httponly
ISD_WCM_COOKIE=!XZuZzPCaF6FJdNgCM1DtwKm8Wrr89zVegR8YjL6Av+drUgHcsowmx70ZeU1o2keE/4PqPQOS24UYlsA=; path=/; Httponly; Secure
DCID=fqzQKbISZP3v9JLUImprAsXJCYXvsVdSumHzqeKMP0Ycz3XXAJBOMGQ3RV2BCkkB; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:30 GMT;Httponly; Secure
_abck=D3005F52C501570F80B526BF90AA5782~-1~YAAQHWgRYN2o6/eFAQAA1rir/AlCs1LSp4o8CelTV678NNNsttDcON397zw/0qUswDpvqqLj0Lx0XL9HKl/5BqtIpGKSywchRTttBf29pUdiwxnXNHibf/Dq0Zjm3IJooTAPMzEyuGGB2otJp7dDmte+uTBETQERl4HekRo2KqJ7Ab4CktCH1VxUryUnZEU866dux8dnrQ2a5wWCSg2tERyDjYvue467M5hc/PSzLIlHrxVvlE0j29gYtAirLrO6pqeB7Uxf0nEMPCQasnVZ5mQwEW01Fv9i6vMRHTM7xJeDECPSR0WaNNyg6rCUNf548oAp2xANmyEh1kErhEyMsr4xeIIWyJJIiNHl2lp5AcubkD8xmgrLo3aVEfrY7AbpcQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 29 Jan 2024 08:36:30 GMT; Max-Age=31536000; Secure
bm_sz=E1B05660D2E4E1DBAF80F3DEC4C2C4B2~YAAQHWgRYN6o6/eFAQAA1rir/BKXoolgnDDs7gb60z+jgPZ2jtFllMMHPT6LiYgG53uKg+OCapyk8JPUOWBrcq/vKDBaS6LqKo5XCa25hZ2O1hqNGjJx0j+6BqJVi8L3bJqTsx40qr1bTJWXdcinz/OXFyImTourb0JYxFQskO5RfOoV93AHxDn4AM4OmMvKLq1TmLWkdv/4KU86ZezBWgrErdWe87m7bSh4fvjgMGk0QE25FnZm1fGN6Ch/PUmuCQIvVAbAC8WgUs31osg11fpExDFnUhVz6C2tdYNws0SPNNuuieD+~4405061~4538691; Domain=.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 12:36:30 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 bl22:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d6300e_bl22_20685-2339
static.wellsfargo.com/tracking/ga/ga.js
200 OK 20 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/ga.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (49163)
Hash d76c07f3794667edfb1c8ac0df3aac66
23e1915175dad06223c692b49c7b3c2aad1a5820
e0a246ff71144016a26e53493b8275a3a02b9386c690a169801840072851136b
GET /tracking/ga/ga.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-c025"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 19477
Date: Sun, 29 Jan 2023 08:36:30 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=nuEBQrfqWvjHrMfDMJWXBw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/tracking/ga/ga_conversion_async.js
200 OK 14 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/ga_conversion_async.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (35846)
Hash 42c817a7b5f9583b2bc70f742dc950c9
ff75711716f8605860abe551b0235f7194e4348e
881b430ac699f32b3b5234582494d1f4fc0d22be1e6ac797847d66bc5ebc250f
GET /tracking/ga/ga_conversion_async.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-8c31"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 13593
Date: Sun, 29 Jan 2023 08:36:30 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=aU17i1B77n6%2fF4sCAV7Rlg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1674981396730&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=1
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1674981396730&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=1
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1674981396730&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=1 HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==; utag_main=v_id:0185fcabca0d001e979148b3bd4f00050003700900918$_sn:1$_se:1$_ss:1$_st:1674983194958$ses_id:1674981394958%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:c3e4e260-f572-42b1-b571-f38812511b6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:78; dti_apg=%7B%22_rt%22%3A%22DTcPZZEb4g3K8CmqmRq3p%2F9MKJPr8Aai5lEEhWysqdE%3D%22%2C%22_s%22%3A%22RhsNfelD%22%7D; _cls_v=cfb58a1f-0eb6-460b-8f29-bddd2e081166; _cls_s=a9cf8a87-531d-425d-ad39-94b0169ca16a:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C06756965873028448203540435689102604430%7CMCAAMLH-1675586196%7C6%7CMCAAMB-1674981395%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-410170382%7CMCOPTOUT-1674988596s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 08:36:30 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 28 Jan 2023 08:36:30 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=4s9PNUT0tAyRZQ2N8JCZDE+hcHtj2ckxcd5zFq%2fKrVqdX68PbEP2Ee+BLnbbOTBM; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d6300e_bl22_20626-64607
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=a9cf8a87-531d-425d-ad39-94b0169ca16a%3A0&_cls_v=cfb58a1f-0eb6-460b-8f29-bddd2e081166&pv=2&f_cls_s=true
200 OK 76 B URL HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=a9cf8a87-531d-425d-ad39-94b0169ca16a%3A0&_cls_v=cfb58a1f-0eb6-460b-8f29-bddd2e081166&pv=2&f_cls_s=true
IP
ASN #20940 Akamai International B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash 6c976da8050e4826dbf2a927eedf209c
e0f9612a96b9bf93d442a88d140f730e45454050
e8ef8742e278b5b807e3e402f0eaf2eddecba70a93dea38318cb499df1659a05
GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=a9cf8a87-531d-425d-ad39-94b0169ca16a%3A0&_cls_v=cfb58a1f-0eb6-460b-8f29-bddd2e081166&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 76
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sun, 29 Jan 2023 08:36:30 GMT
Connection: keep-alive
Set-Cookie: _cls_v=cfb58a1f-0eb6-460b-8f29-bddd2e081166; Secure; SameSite=None;HttpOnly;Secure
_cls_s=a9cf8a87-531d-425d-ad39-94b0169ca16a:0; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!aPyixHeSYQAfTekR0YpcGl4FPg9joU5vopBiU7hcCSJcowfdNLA3+RvDF20jazBErWloa0fvOZD1iw==; path=/; Httponly; Secure
DCID=jnwEUv06ogBZHmeho2uzKr98XtJKsPkAN14k0LX8iRFLvs0By7XoGn0Q+2IYCOiG; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.5140154239007404
200 OK 56 kB URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.5140154239007404
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash e0cacc54969e86c3e9f31c55af243b7a
810cbb5477c463f7996fb816808a26319145565c
c57f21dd7bbfcabd2c0c3f12b9fd35057912837cdafb3584afb3a7ac2383c21e
GET /AIDO/mint.js?dt=login&r=0.5140154239007404 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 55799
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sun, 29 Jan 2023 08:36:30 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=W5G0+c0dXIz9MaYhldCkBkkhpRi8mLhI2EZW5pmrkO8GZYbR9cFOChQgcltA4OQW; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash f69c5f43bf99edb53b690cb0bba51efb
e303559ff0956b6bf963b572b17da2a713ce5206
bc95b0a6b8b9a1df9c53272c4324ca1d008699b3da74110efa37ed0118c66181
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 08:36:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.secure.wellsfargo.com/PIDO/pic.js?r=0.8744464577854957
200 OK 50 kB URL HTTP/1.1 connect.secure.wellsfargo.com/PIDO/pic.js?r=0.8744464577854957
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 1e353078ab0abbd5e06b8e1254231049
672530a80a4d98f7181e13010e6ac218d2990907
2aa184848fddadfb8f179b66a414d9a74047ec7ba79e9487e0abf3f3ae8ffed4
GET /PIDO/pic.js?r=0.8744464577854957 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 50219
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sun, 29 Jan 2023 08:36:30 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=eyiwHHyAJgBNp9BgJkr+Od2DVGEaFvBZDSXudbCqbNYceCJg%2f0WU6iSjrYqmwnGG; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
2549153.fls.doubleclick.net/activityi;src=2549153;type=allv40;cat=all_a00;ord=5067443881648;gtm=2od8g0;auiddc=1455797698.1674981397;u1=11202301290036271106803632;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F?
200 OK 310 B URL HTTP/2 2549153.fls.doubleclick.net/activityi;src=2549153;type=allv40;cat=all_a00;ord=5067443881648;gtm=2od8g0;auiddc=1455797698.1674981397;u1=11202301290036271106803632;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F?
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (547), with no line terminators
Hash 8ca9b6795606f19d3479fa48cc2ffd8e
3d215898c699b1d40dbb4aec90119290eaaad68a
1f0341b1eab4996d65c6f8594137b6b521526ac717119f4a5ebdd640ce80025d
GET /activityi;src=2549153;type=allv40;cat=all_a00;ord=5067443881648;gtm=2od8g0;auiddc=1455797698.1674981397;u1=11202301290036271106803632;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F? HTTP/1.1
Host: 2549153.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 29 Jan 2023 08:36:30 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 310
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 29-Jan-2023 08:51:30 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1674981396747&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=3
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1674981396747&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=3
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /assets/images/global/s.gif?log=1&event=IADefaultOffer&cb=1674981396747&pageID=per_home&program=EventReporting&offterType=cmsDefault&eventDescription=DisplayCMSDefaultMarketingSmallPromoOffer&promoSlot=3 HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==; utag_main=v_id:0185fcabca0d001e979148b3bd4f00050003700900918$_sn:1$_se:1$_ss:1$_st:1674983194958$ses_id:1674981394958%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:c3e4e260-f572-42b1-b571-f38812511b6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:78; dti_apg=%7B%22_rt%22%3A%22DTcPZZEb4g3K8CmqmRq3p%2F9MKJPr8Aai5lEEhWysqdE%3D%22%2C%22_s%22%3A%22RhsNfelD%22%7D; _cls_v=cfb58a1f-0eb6-460b-8f29-bddd2e081166; _cls_s=a9cf8a87-531d-425d-ad39-94b0169ca16a:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C06756965873028448203540435689102604430%7CMCAAMLH-1675586196%7C6%7CMCAAMB-1674981395%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-410170382%7CMCOPTOUT-1674988596s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 08:36:30 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 28 Jan 2023 08:36:30 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=NcdwoxgOp0R3KlQmYXyCFKDpjIIjHQJVO6WfE7SPRPDFGq4KZaQ+0+oNFqjMxwjz; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d6300e_bl22_20330-56868
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396753&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396753&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396753&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32 HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==; utag_main=v_id:0185fcabca0d001e979148b3bd4f00050003700900918$_sn:1$_se:1$_ss:1$_st:1674983194958$ses_id:1674981394958%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:c3e4e260-f572-42b1-b571-f38812511b6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:78; dti_apg=%7B%22_rt%22%3A%22DTcPZZEb4g3K8CmqmRq3p%2F9MKJPr8Aai5lEEhWysqdE%3D%22%2C%22_s%22%3A%22RhsNfelD%22%7D; _cls_v=cfb58a1f-0eb6-460b-8f29-bddd2e081166; _cls_s=a9cf8a87-531d-425d-ad39-94b0169ca16a:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C06756965873028448203540435689102604430%7CMCAAMLH-1675586196%7C6%7CMCAAMB-1674981395%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-410170382%7CMCOPTOUT-1674988596s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 08:36:30 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 28 Jan 2023 08:36:30 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=aLgDVrCJC%2fX6cQShhMDH2NSj2RpM7owt6t7h%2fhH7MjHj2P6Ch3gUqNKCINO7W01w; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d6300e_bl22_20723-59334
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396742&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-228805-16%7Etcm%3A91-228643-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396742&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-228805-16%7Etcm%3A91-228643-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
quad9 Sinkholed
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&cb=1674981396742&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A242-228805-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==; utag_main=v_id:0185fcabca0d001e979148b3bd4f00050003700900918$_sn:1$_se:1$_ss:1$_st:1674983194958$ses_id:1674981394958%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:c3e4e260-f572-42b1-b571-f38812511b6d|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:78; dti_apg=%7B%22_rt%22%3A%22DTcPZZEb4g3K8CmqmRq3p%2F9MKJPr8Aai5lEEhWysqdE%3D%22%2C%22_s%22%3A%22RhsNfelD%22%7D; _cls_v=cfb58a1f-0eb6-460b-8f29-bddd2e081166; _cls_s=a9cf8a87-531d-425d-ad39-94b0169ca16a:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C06756965873028448203540435689102604430%7CMCAAMLH-1675586196%7C6%7CMCAAMB-1674981395%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-410170382%7CMCOPTOUT-1674988596s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 08:36:30 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 28 Jan 2023 08:36:30 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=%2fpbRtYviIXpLuYjjY834WGuPqQJUVipH+IDZgJ90VYmADR0H+CtZoai5TKSe+zSM; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d6300e_bl22_20790-54873
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash f69c5f43bf99edb53b690cb0bba51efb
e303559ff0956b6bf963b572b17da2a713ce5206
bc95b0a6b8b9a1df9c53272c4324ca1d008699b3da74110efa37ed0118c66181
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 08:36:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.wellsfargo.com/tracking/ga/ec.js
200 OK 1.3 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/ec.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2771)
Hash 8a1d22ba0de1104dcdc02a582b407ed2
e4d90fd13a73c7379c46b197ded523a5d33c69b9
4a44a1a7efd65360f31e0b1842ad06b7fedc7c0373c69c0077c696cd49cc35de
GET /tracking/ga/ec.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-aed"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1313
Date: Sun, 29 Jan 2023 08:36:30 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=IUgwy%2fMpj2rZRg8E4ogaYQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
ocsp.digicert.com/
200 OK 471 B IP
Hash 7078b1d21bbac26012d93fc9501fbbb0
412189ffa7980709edc28b87a820aa1ae64fa3a7
6db1d0d3f3924d7e75e1fd087553cf4ec5fa938ecc52adf3f149570551eaf7f3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5546
Cache-Control: max-age=124758
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 08:36:30 GMT
Etag: "63d55ebb-1d7"
Expires: Mon, 30 Jan 2023 19:15:48 GMT
Last-Modified: Sat, 28 Jan 2023 17:43:23 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0
200 OK 0 B URL HTTP/2 www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Sun, 29 Jan 2023 08:36:30 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash bab8a4c1e6bb2e6c9cc00222eef1235d
1a5dd108e9f9aaf33bc048b0097a9f510d295cad
fd182297a143655a9142e3ee5bbafefd76ca974094f43fb695611f6876f3ab63
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 08:36:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash 7078b1d21bbac26012d93fc9501fbbb0
412189ffa7980709edc28b87a820aa1ae64fa3a7
6db1d0d3f3924d7e75e1fd087553cf4ec5fa938ecc52adf3f149570551eaf7f3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5545
Cache-Control: max-age=124758
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 08:36:30 GMT
Etag: "63d55ebb-1d7"
Expires: Mon, 30 Jan 2023 19:15:48 GMT
Last-Modified: Sat, 28 Jan 2023 17:43:23 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=837174986&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUALBAAAAC~&jid=803700726&gjid=445877093&cid=1408923311.1674981397&tid=UA-107148943-1&_gid=1508063849.1674981397&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=11202301290036271106803632&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=1408923311.1674981397&z=1379015672
200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=837174986&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUALBAAAAC~&jid=803700726&gjid=445877093&cid=1408923311.1674981397&tid=UA-107148943-1&_gid=1508063849.1674981397&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=11202301290036271106803632&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=1408923311.1674981397&z=1379015672
IP
File type ASCII text, with no line terminators
Hash cc7a1e792bca8ccb1946b7a07f6dbc03
11a2757082428311f587b7664fa9840376137f80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
POST /j/collect?v=1&_v=j92&aip=1&a=837174986&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUALBAAAAC~&jid=803700726&gjid=445877093&cid=1408923311.1674981397&tid=UA-107148943-1&_gid=1508063849.1674981397&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=11202301290036271106803632&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=1408923311.1674981397&z=1379015672 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
date: Sun, 29 Jan 2023 08:36:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash bab8a4c1e6bb2e6c9cc00222eef1235d
1a5dd108e9f9aaf33bc048b0097a9f510d295cad
fd182297a143655a9142e3ee5bbafefd76ca974094f43fb695611f6876f3ab63
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 08:36:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ed8a8c45dceab588456b222e04775919
0242859712655caa3c3e9b936878c7c7874b7b5a
669f0691b8bf32a10fb219ce47ad69495e5cd2a11317b672aecca53f50b51de3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 08:36:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1674981397359&cv=9&fst=1674981397359&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1
302 Found 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1674981397359&cv=9&fst=1674981397359&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/984436569/?random=1674981397359&cv=9&fst=1674981397359&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 29 Jan 2023 08:36:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-user-list/984436569/?random=1674981397359&cv=9&fst=1674979200000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=1890021283&resp=GooglemKTybQhCsO
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 29-Jan-2023 08:51:31 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ed8a8c45dceab588456b222e04775919
0242859712655caa3c3e9b936878c7c7874b7b5a
669f0691b8bf32a10fb219ce47ad69495e5cd2a11317b672aecca53f50b51de3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 08:36:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.secure.wellsfargo.com/jenny/nd
200 OK 18 kB URL HTTP/1.1 connect.secure.wellsfargo.com/jenny/nd
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2293)
Hash b65542b5b6d552ac8363274dc71b7c0b
19ebc2a118f712b58c2b7acbbb765d986daa743e
499e986768d3194224161097898d70b6d9c5b3f9043921a0a32c95b85442350d
GET /jenny/nd HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/javascript;charset=ISO-8859-1
Content-Length: 17955
Date: Sun, 29 Jan 2023 08:36:31 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:55|g:70596d46-2c7a-48e2-8530-6d1af3435003; Expires=Sun, 29-Jan-2023 08:37:00 GMT; Path=/; Secure
ADRUM_BTa=R:55|g:70596d46-2c7a-48e2-8530-6d1af3435003|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 29-Jan-2023 08:37:00 GMT; Path=/; Secure
SameSite=None; Expires=Sun, 29-Jan-2023 08:37:00 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812; Expires=Sun, 29-Jan-2023 08:37:00 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812|e:2; Expires=Sun, 29-Jan-2023 08:37:00 GMT; Path=/; Secure
ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=GHVjgF%2f6%2fWADqUOAnIRDgCbgOPtVBsHWOgbC+RgqswyWIDuwL0oGdlTCNjCc1ExR; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:30 GMT;Httponly; Secure
_abck=7EE61ED4F4FCEE8EDA9D6A6FBF957D9B~-1~YAAQHk8kF5Vflc6FAQAATbur/AmVTBpe5zVJnMeDejeV6Juk+0LSJFbig+cR6Aa42xI/sN09+pUTF3aFAFwpO2DGjKENI5llWMcUHCDyDwIf4fmtz+Or6wdxl7IFDnUEYguBo9dKDbIyzVUOFRx7G8WkYDmacwi9Lhz7Y80uXlGn/GwoJNYR52Tr+DTZ+FP7pUlL0dfyRHkmjlj+MIQZJvC8yhiq5q1Iqyc5Yd7OsUR0nlJHBuXBBwiToqQzb8YO+br9hoHm9yBnrXka2o/6CGWMEsrmC49Nc/zLMTVEBRBWdtK/lBOYjHCxGPQDd/WH4ZDV50/jr5SoE8QQJeb8QWAkaJjEsBwSEXd3GCP+dhHiGJL6MRmEM40HagkH+qvQbg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 29 Jan 2024 08:36:31 GMT; Max-Age=31536000; Secure
bm_sz=B0C7916BB0AA73E4D17972A9FD85F3A1~YAAQHk8kF5Zflc6FAQAATbur/BJ29jWe4oJiSBpz/JWw+MRJNKn2niPaMnKdXTqQN+R64keqOj9XwsK4G2jb+2c+UDRh7oSdb3bptd9+HMILYfpDYDDFhJwN1sO22Eti6NFM4LDcCDkUTDN27XR1aPX/XX84IKNmRHFKLThO9XF5wnsVk0Hp9S+SU16FtoYjUE6VaE2gpzRvLZ8cY3jmZcV7DkHohav9vBFSRbfz79gyvDu+XQBinIdKegys3WYvNhcVwN6vz0EO65EceYwOCdtY6B5o27eBHaburWWWl5SO1QAfdmww~4473155~3290676; Domain=.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 12:36:30 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=1408923311.1674981397&jid=803700726&gjid=445877093&_gid=1508063849.1674981397&_u=4GBACUAKBAAAAC~&z=1595990079
200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=1408923311.1674981397&jid=803700726&gjid=445877093&_gid=1508063849.1674981397&_u=4GBACUAKBAAAAC~&z=1595990079
IP
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=1408923311.1674981397&jid=803700726&gjid=445877093&_gid=1508063849.1674981397&_u=4GBACUAKBAAAAC~&z=1595990079 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 29 Jan 2023 08:36:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ef589be52a3e55b643978f17949a73da
74545de6f144282252ff92c751f97cc835c80341
7bfa68c43e60a2627770163b5c1b96fbd7e4843984ad5ff6225c5490b8073b26
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 08:36:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=5067443881648;gtm=2od8g0;auiddc=1455797698.1674981397;u1=11202301290036271106803632;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F
200 OK 310 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=5067443881648;gtm=2od8g0;auiddc=1455797698.1674981397;u1=11202301290036271106803632;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (546), with no line terminators
Hash a50e105cff1ac2ec5a4b8409d3082860
128cfaec81275ce953e9908e15a03bed98e07680
b3bf4cff3deb64e2472584ec1d06cac9d9e4a6da8222fc1735981491c82baf73
GET /ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=5067443881648;gtm=2od8g0;auiddc=1455797698.1674981397;u1=11202301290036271106803632;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2549153.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 29 Jan 2023 08:36:31 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 310
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ef589be52a3e55b643978f17949a73da
74545de6f144282252ff92c751f97cc835c80341
7bfa68c43e60a2627770163b5c1b96fbd7e4843984ad5ff6225c5490b8073b26
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 08:36:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBCSUNITTB1NkFCYm41TGtXMFZJYldHR05UMThUeVZLZzQ0QnJGT0ZIZlZYcjBJM1hVUFdyM21sL09iOSt5eERIenJXSkI0K2prNEVlRXVhaEd6TVhnSlR3ZzVMajN2TU0vSzYrQTNOWTN2ZkxwSmIvdE51YmRDQnM4ODRPbEVjZ0pQVm96UFFUZFJxNHg2c0NHOGx5WExZRDB1MmdFdFRKSXRGREhPQlVSQkVMZnM5N0t0K0tEZUppM3c0eFVsT0VmKzQwR3o4SVVtRVArcjFoUkczbDBmcnpUUXRXWEtWWjQ4MUpvdlhYTE9IakYxOWQ4czhGam1UZUVZU3ZhRWV2VTN1cVZwNlVNNE5YVVh1bEZodWgyTTV1U3d1eFdSQ3Z2U014YjljPXw5MTkyYjVkMzllZTQ0MjM3NGFmYzM3OTM0ZWQ4ZDBkYTI2NjQwNzJlNjdjNjFlODgyMDc5ZWRlNWNhM2JmNDkxMDZmYWVkZTJmODQ0ZmNmYzU5Y2ViYWFjZDA4OTk1ZGIyN2MxOTdlYThjNDliZTA3YzU0NzI2NTVmNTNhNGYxZjBkYWMxMTZkMTAxZGIxZmRjMzYwNjg5ZDk3YTEzNDI5N2YwODIzZDlhNDFlYTdkMTE4YTQ3NTdkYmJhMjE4OTEwMTNhZjJiNjJlN2Y0ZTQ5OTZhNmQzYjk4YWUxYzU0ZDAyMjdmZGZhNGE4ZmMzZjI1MmMzNmJiYjkwZDAxOWFhZGE2NWQ5NmE2YmEzNDM4ZDQ4OTgyODYxODdkNTIyODQwN2FjNDI3ZTVmY2I1ODFmNTc5NTYyZjAyYjQ1NTI3YWExMWQ2MWVlN2VmMWJkZWVlNWFkMjI4NTNjM2MwMjdlZmFkNDk5OGUyMTdkZTcxMjk0MWEyYzg3NjY2ZjFkYjM0ZjQ4NDY5MjE2ODI2ZTE5ZTcyZDM1OTQzMGU5NzI3ZTEzYzY4M2U4MTQ5YTI0NzU0YWQ5OGE3Mjc2NDcxMTQ1ZjVlYzYxMTEwNzI5YWMzYmY3NjgzYzIxZGQwMmU0NWM2MDY2YmRjN2FjNWQyMWY2NzFmNDUyYzU3OWY1YTY1MHwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com&t=jsonp&c=wdafntzvkbcgrabf&eu=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F
200 OK 90 B URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBCSUNITTB1NkFCYm41TGtXMFZJYldHR05UMThUeVZLZzQ0QnJGT0ZIZlZYcjBJM1hVUFdyM21sL09iOSt5eERIenJXSkI0K2prNEVlRXVhaEd6TVhnSlR3ZzVMajN2TU0vSzYrQTNOWTN2ZkxwSmIvdE51YmRDQnM4ODRPbEVjZ0pQVm96UFFUZFJxNHg2c0NHOGx5WExZRDB1MmdFdFRKSXRGREhPQlVSQkVMZnM5N0t0K0tEZUppM3c0eFVsT0VmKzQwR3o4SVVtRVArcjFoUkczbDBmcnpUUXRXWEtWWjQ4MUpvdlhYTE9IakYxOWQ4czhGam1UZUVZU3ZhRWV2VTN1cVZwNlVNNE5YVVh1bEZodWgyTTV1U3d1eFdSQ3Z2U014YjljPXw5MTkyYjVkMzllZTQ0MjM3NGFmYzM3OTM0ZWQ4ZDBkYTI2NjQwNzJlNjdjNjFlODgyMDc5ZWRlNWNhM2JmNDkxMDZmYWVkZTJmODQ0ZmNmYzU5Y2ViYWFjZDA4OTk1ZGIyN2MxOTdlYThjNDliZTA3YzU0NzI2NTVmNTNhNGYxZjBkYWMxMTZkMTAxZGIxZmRjMzYwNjg5ZDk3YTEzNDI5N2YwODIzZDlhNDFlYTdkMTE4YTQ3NTdkYmJhMjE4OTEwMTNhZjJiNjJlN2Y0ZTQ5OTZhNmQzYjk4YWUxYzU0ZDAyMjdmZGZhNGE4ZmMzZjI1MmMzNmJiYjkwZDAxOWFhZGE2NWQ5NmE2YmEzNDM4ZDQ4OTgyODYxODdkNTIyODQwN2FjNDI3ZTVmY2I1ODFmNTc5NTYyZjAyYjQ1NTI3YWExMWQ2MWVlN2VmMWJkZWVlNWFkMjI4NTNjM2MwMjdlZmFkNDk5OGUyMTdkZTcxMjk0MWEyYzg3NjY2ZjFkYjM0ZjQ4NDY5MjE2ODI2ZTE5ZTcyZDM1OTQzMGU5NzI3ZTEzYzY4M2U4MTQ5YTI0NzU0YWQ5OGE3Mjc2NDcxMTQ1ZjVlYzYxMTEwNzI5YWMzYmY3NjgzYzIxZGQwMmU0NWM2MDY2YmRjN2FjNWQyMWY2NzFmNDUyYzU3OWY1YTY1MHwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com&t=jsonp&c=wdafntzvkbcgrabf&eu=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with no line terminators
Hash bfe30a7951092c982edb10717f3398cb
4fa3976c91981d8167b6992aa224e640c90f0e2b
f3f4c651e93d1e1c07025f5bb7423b9da18a1bfd754192e8196471459b8458fe
GET /AIDO/vyHb?d=ZW5jZEBCSUNITTB1NkFCYm41TGtXMFZJYldHR05UMThUeVZLZzQ0QnJGT0ZIZlZYcjBJM1hVUFdyM21sL09iOSt5eERIenJXSkI0K2prNEVlRXVhaEd6TVhnSlR3ZzVMajN2TU0vSzYrQTNOWTN2ZkxwSmIvdE51YmRDQnM4ODRPbEVjZ0pQVm96UFFUZFJxNHg2c0NHOGx5WExZRDB1MmdFdFRKSXRGREhPQlVSQkVMZnM5N0t0K0tEZUppM3c0eFVsT0VmKzQwR3o4SVVtRVArcjFoUkczbDBmcnpUUXRXWEtWWjQ4MUpvdlhYTE9IakYxOWQ4czhGam1UZUVZU3ZhRWV2VTN1cVZwNlVNNE5YVVh1bEZodWgyTTV1U3d1eFdSQ3Z2U014YjljPXw5MTkyYjVkMzllZTQ0MjM3NGFmYzM3OTM0ZWQ4ZDBkYTI2NjQwNzJlNjdjNjFlODgyMDc5ZWRlNWNhM2JmNDkxMDZmYWVkZTJmODQ0ZmNmYzU5Y2ViYWFjZDA4OTk1ZGIyN2MxOTdlYThjNDliZTA3YzU0NzI2NTVmNTNhNGYxZjBkYWMxMTZkMTAxZGIxZmRjMzYwNjg5ZDk3YTEzNDI5N2YwODIzZDlhNDFlYTdkMTE4YTQ3NTdkYmJhMjE4OTEwMTNhZjJiNjJlN2Y0ZTQ5OTZhNmQzYjk4YWUxYzU0ZDAyMjdmZGZhNGE4ZmMzZjI1MmMzNmJiYjkwZDAxOWFhZGE2NWQ5NmE2YmEzNDM4ZDQ4OTgyODYxODdkNTIyODQwN2FjNDI3ZTVmY2I1ODFmNTc5NTYyZjAyYjQ1NTI3YWExMWQ2MWVlN2VmMWJkZWVlNWFkMjI4NTNjM2MwMjdlZmFkNDk5OGUyMTdkZTcxMjk0MWEyYzg3NjY2ZjFkYjM0ZjQ4NDY5MjE2ODI2ZTE5ZTcyZDM1OTQzMGU5NzI3ZTEzYzY4M2U4MTQ5YTI0NzU0YWQ5OGE3Mjc2NDcxMTQ1ZjVlYzYxMTEwNzI5YWMzYmY3NjgzYzIxZGQwMmU0NWM2MDY2YmRjN2FjNWQyMWY2NzFmNDUyYzU3OWY1YTY1MHwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com&t=jsonp&c=wdafntzvkbcgrabf&eu=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 90
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Sun, 29 Jan 2023 08:36:31 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=eri8gOTCyyXceDe+j0LsLJuRUJkC9oXiD6rrgCOujV9rNP4TB010Z0vExv9bpr0q; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:31 GMT;Httponly; Secure
_abck=E193D8E8AB2C1B9E523ABB6DC7493511~-1~YAAQHk8kF5dflc6FAQAAObyr/AmQVTeLm6pLnUkMPTQSUmbGayCl8WYqukNI9+rmx2ndrTbGxyB36hHFVmRMmPHo2kfAkyL4lzhP9YbAu+FFiBR93NeOqUh5AU9vw41BKxSNtu8s492uVa4v7jfPvI50XxXEM4unTSrqMEp2nrdFYewnwhZfUzUCLXdn9mffzEYNoKOkmd+P5+bHhW8xGwPZvlOW7IVYzQHncoUDeli7ooo/z3hMWvuGEVSJcJwGxwsig5Q34AsQGqyhK6/9c3yR/y9sjiwgh+Rb696OKHcTPgHnC44JIxpakWOIAwbr3WEx3a4FNlibucgFmLnBmy7xn60YqKvWjzPsODx4SMWW9PU5tp/CH3Bj0gBafxeb1w==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 29 Jan 2024 08:36:31 GMT; Max-Age=31536000; Secure
bm_sz=FB1513150A7A32BA5F2F0BC0AE605C74~YAAQHk8kF5hflc6FAQAAObyr/BIwd+UfPZUA2NLHwg5x1YqQRGtgJylG0V/5cR1GFwlbCt8b5jnQIVMGPatJ5tSS6i7UKm3oCYoZg3vxCiJaRZAYe4HDeenl5S90sGPxd+G5tCweUWHA7M0Dw4cPZI6R3CwdJA/+B4sQl1nqVupmvo5TqSulK+klaZVwhFlEhI51HSSOX2bo6M/tp/xEWIxzrLzpekJxSCCZQUPT0rvmWw/YeadvMQ245xUROHEJMXi5T1YvOGTsMaJ/FgIIJOzE5PEcCqymW7uGeHK5F2Cg/zwOOMG3~3293490~3163704; Domain=.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 12:36:31 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash b7da7d1d3e5880d5d4e313ac7fcf2a83
60a1e887ccb7c7cdae0035c65ef7df9908547fef
af17efcd17df50324c29cff05cea79f18cba79f6b1134ec0e6d1637759b5e895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 08:36:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=5067443881648;gtm=2od8g0;auiddc=1455797698.1674981397;u1=11202301290036271106803632;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F
200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=5067443881648;gtm=2od8g0;auiddc=1455797698.1674981397;u1=11202301290036271106803632;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=5067443881648;gtm=2od8g0;auiddc=1455797698.1674981397;u1=11202301290036271106803632;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 29 Jan 2023 08:36:31 GMT
expires: Sun, 29 Jan 2023 08:36:31 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 20fde87929f1ed3e6695451d51a32a8b
2a837b01ee984a87d7c6267882a8daea889b1a17
9a4f0120ded9a874091775e9704de1831fa1eddf28bf2d6f21fdcf38d14d916b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4877
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 08:36:31 GMT
Last-Modified: Sun, 29 Jan 2023 07:15:14 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 471 B IP
Hash 20fde87929f1ed3e6695451d51a32a8b
2a837b01ee984a87d7c6267882a8daea889b1a17
9a4f0120ded9a874091775e9704de1831fa1eddf28bf2d6f21fdcf38d14d916b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4982
Cache-Control: max-age=119484
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 08:36:31 GMT
Etag: "63d54c55-1d7"
Expires: Mon, 30 Jan 2023 17:47:55 GMT
Last-Modified: Sat, 28 Jan 2023 16:24:53 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash b7da7d1d3e5880d5d4e313ac7fcf2a83
60a1e887ccb7c7cdae0035c65ef7df9908547fef
af17efcd17df50324c29cff05cea79f18cba79f6b1134ec0e6d1637759b5e895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 08:36:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 86352d15c37831cf9bf1e41325029224
ac8b28bcc1e6dd026e1f62d1ef8b9f80a42eee21
154f5f5e116df41f5d3bd414c671138b2afc198071529a0f3573109277566cd8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 08:36:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1408923311.1674981397&jid=803700726&_u=4GBACUAKBAAAAC~&z=1485725483
200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1408923311.1674981397&jid=803700726&_u=4GBACUAKBAAAAC~&z=1485725483
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1408923311.1674981397&jid=803700726&_u=4GBACUAKBAAAAC~&z=1485725483 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 29 Jan 2023 08:36:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.c8097827d58cdc727a2c.chunk.js
200 OK 192 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.c8097827d58cdc727a2c.chunk.js
IP
ASN #20940 Akamai International B.V.
Size 192 kB (192284 bytes)
Hash b90b34d19644f332e7d66f2923c04ac3
31b9621c2a7c3d45e4b8c67951454604d009454c
b00fb534d38ee7d4ee3ff0311ad745d7c5d9910d77ae7892638f203ba15792b7
GET /accounts/static/7M/accounts/public/js/vendor.c8097827d58cdc727a2c.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 365187
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-59283"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Sun, 29 Jan 2023 08:36:30 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=7UbADMQjr5LllY2QSqqeArUuxth0PEt4atlxcRgCsNA%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1408923311.1674981397&jid=803700726&_u=4GBACUAKBAAAAC~&z=1485725483
200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1408923311.1674981397&jid=803700726&_u=4GBACUAKBAAAAC~&z=1485725483
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1408923311.1674981397&jid=803700726&_u=4GBACUAKBAAAAC~&z=1485725483 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 29 Jan 2023 08:36:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/984436569/?random=1674981397359&cv=9&fst=1674979200000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=1890021283&resp=GooglemKTybQhCsO
302 Found 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/984436569/?random=1674981397359&cv=9&fst=1674979200000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=1890021283&resp=GooglemKTybQhCsO
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/984436569/?random=1674981397359&cv=9&fst=1674979200000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=1890021283&resp=GooglemKTybQhCsO HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 29 Jan 2023 08:36:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-user-list/984436569/?random=1674981397359&cv=9&fst=1674979200000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--5m49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=1890021283&resp=GooglemKTybQhCsO&ipr=y
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
200 OK 265 B URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash fb04797270bd7d3de2c0ccfcc3b34027
ed984410261196ce1aecc0c0748b7cc10f4c4c7e
ba355b914185d212a979becab50d4a3ef9f9225e370524d61d58f03dbdd827db
Analyzer Verdict Alert openphish Wells Fargo & Company
quad9 Sinkholed
POST /dti_apg/api/imp/v1.0/report/?m&fq=load HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
content-type: text/plain;charset=UTF-8
Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Content-Length: 648
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==; utag_main=v_id:0185fcabca0d001e979148b3bd4f00050003700900918$_sn:1$_se:2$_ss:0$_st:1674983196785$ses_id:1674981394958%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTcPZZEb4g3K8CmqmRq3p%2F9MKJPr8Aai5lEEhWysqdE%3D%22%2C%22_s%22%3A%22RhsNfelD%22%2C%22c%22%3A%22cnAyYWxjVWVHYkhTSGpKTQ%3D%3DfNAMi6pF1-v2iBMtq1i3QjSMA8JxLsWUojDJ5TIJzqIQwAQFV4sczXq00m36nK8d5Zved2_zWX4GZt7-L_65uCE6p2DqH4Y11Ac%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_fr%22%3A10000%7D; _cls_v=cfb58a1f-0eb6-460b-8f29-bddd2e081166; _cls_s=a9cf8a87-531d-425d-ad39-94b0169ca16a:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C06756965873028448203540435689102604430%7CMCAAMLH-1675586196%7C6%7CMCAAMB-1675586196%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-410170382%7CMCOPTOUT-1674988596s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _gcl_au=1.1.1455797698.1674981397; ISD_WCM_COOKIE=!XZuZzPCaF6FJdNgCM1DtwKm8Wrr89zVegR8YjL6Av+drUgHcsowmx70ZeU1o2keE/4PqPQOS24UYlsA=; ADRUM_BTa=R:27|g:032de214-66bd-46fa-928e-be42c0db3b73|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206915|e:10|d:0; LSESSIONID=eyJpIjoiYUJQZmVpd1RsZUNJaXlYd3dod2k5Zz09IiwiZSI6IjBcLytSZWdtSDZHRyt2RDcrOEtFTEZlYVBzZzhXQko1Rnd3NnljK09vODZPZUVyK2U2RnJOM1dSRHJkS1RqWnBHWmp2TEtIcnVURW5lTk1USnNLUnVleTE4ZTZCdVJKM3d5bENLV1wvTnIwMGZtRW84bG1YSW1YUEhDQ3VoejYraUxRVytzSW9neHpheXU3VVl5VUhXbWt3PT0ifQ%3D%3D.11319f06af7f89e4.MTA5ZjM5YWQzM2MxMGNhNmYwNDAwYTAwOGUxMDNiNjc1ZGMyZTdiMWM4NTQ4ZTMyMjY5YTc0N2UxNWI0MmYyNg%3D%3D; _ga=GA1.2.1408923311.1674981397; _gid=GA1.2.1508063849.1674981397; _gat_gtag_UA_107148943_1=1; ndsid=ndsabgfqng1aykfldh4oe4f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 08:36:32 GMT
Content-Type: text/plain
Content-Length: 265
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=mo3j%2ft8jAynj488u2BBcIBXTN%2fgnqJwQaQm8CuFWND5otZZ4MRC7kyLSr6DEJtoZ; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:32 GMT;Httponly; Secure
_abck=C85B53D4527E2E9F37924C7A032D404A~-1~YAAQJmgRYGSdgtKFAQAAucGr/AlXiutBsrmnTkmScQsaE+1btCvqzkTSxfvgMPpwatG26GOx0uWepQLB/GUaeQ+B9px5uXnT0TF13RtauMCIzoZaQb2fHhP3lKUkNFmDaWsJTjh5ZGnloE7BpYivkQe9r8eSZVNUTzBS/DLr+c826R2FIJ5Rop9V2gMxp/QCU5IwmdK5jcan+2YoKWsOtCNSTy7erzRhuVuKhyCjsWRrPyMNJ78mfPXMmGoSRVrkn19gnRNvUAZU0mHPjAiCjfsfDFHBPg6Fl15VvLZkzoPGLCMFOyo9tnCadiWCwXSAP5qEpbR8qosPZZG4mB9pHDdwoQR9HoYiYaTdJsC+zAmOFYXKViLg3+zUFrBrnfyhEg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 29 Jan 2024 08:36:32 GMT; Max-Age=31536000; Secure
bm_sz=584C5919C8B4FB54B114299FFC34BB95~YAAQJmgRYGWdgtKFAQAAucGr/BKdFXtMYYrfFEqeADH85UTnctI0haiJ4OKekNgeUCoDAiXhC0v+FMSfZRSpxq2Ksp7pm+QPAtqIxBFRugN6a9fX8cWxK8xnywSA4oVyd2ZJTVXBR8ORZ+rXwrOnk6XaJyDTdIv82Lci2lnJwI0m1ZhfY05nHhbOn3jVXDxE7y3qW2kxF7kcz49gGMnp2YK0AH32FJFiiJOtRCEyKCL4zPCLJcaD4lzRzPoIpDiIt3EFYQ97ePLSDXy7M8puTuF8iESJrDOG4wFwSQ5rM1KdDnMLoqnF~3683637~3359553; Domain=.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 12:36:32 GMT; Max-Age=14400
X-Via: 1.1 bl22:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d63010_bl22_20330-57024
www--wellsfargo--com--5m49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
200 OK 134 B URL HTTP/1.1 www--wellsfargo--com--5m49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash 71980aa4dcfc1faee32d99f7de1409db
e3a5f2087d3642624792ce67a402c7027c013518
5ccd118ac9ee4dc9b1cdf60d30965922c2f04159e0b3e6c7ba47bc620b63f016
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
quad9 Sinkholed
POST /dti_apg/api/dip/v1/dip HTTP/1.1
Host: www--wellsfargo--com--5m49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
ADRUM: isAjax:true
Content-Length: 2010
Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!yDqA9xgsmuDecpb3y5H3Mr4eY+e13UexDHonCGki9+bqqr6H5mVyBJajgF+TmOHUDbVX2MmbLNZw0A==; utag_main=v_id:0185fcabca0d001e979148b3bd4f00050003700900918$_sn:1$_se:2$_ss:0$_st:1674983196785$ses_id:1674981394958%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTcPZZEb4g3K8CmqmRq3p%2F9MKJPr8Aai5lEEhWysqdE%3D%22%2C%22_s%22%3A%22RhsNfelD%22%2C%22c%22%3A%22cnAyYWxjVWVHYkhTSGpKTQ%3D%3DfNAMi6pF1-v2iBMtq1i3QjSMA8JxLsWUojDJ5TIJzqIQwAQFV4sczXq00m36nK8d5Zved2_zWX4GZt7-L_65uCE6p2DqH4Y11Ac%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; _cls_v=cfb58a1f-0eb6-460b-8f29-bddd2e081166; _cls_s=a9cf8a87-531d-425d-ad39-94b0169ca16a:0; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C06756965873028448203540435689102604430%7CMCAAMLH-1675586196%7C6%7CMCAAMB-1675586196%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C-410170382%7CMCOPTOUT-1674988596s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _gcl_au=1.1.1455797698.1674981397; ISD_WCM_COOKIE=!XZuZzPCaF6FJdNgCM1DtwKm8Wrr89zVegR8YjL6Av+drUgHcsowmx70ZeU1o2keE/4PqPQOS24UYlsA=; ADRUM_BTa=R:27|g:032de214-66bd-46fa-928e-be42c0db3b73|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206915|e:10|d:0; LSESSIONID=eyJpIjoiYUJQZmVpd1RsZUNJaXlYd3dod2k5Zz09IiwiZSI6IjBcLytSZWdtSDZHRyt2RDcrOEtFTEZlYVBzZzhXQko1Rnd3NnljK09vODZPZUVyK2U2RnJOM1dSRHJkS1RqWnBHWmp2TEtIcnVURW5lTk1USnNLUnVleTE4ZTZCdVJKM3d5bENLV1wvTnIwMGZtRW84bG1YSW1YUEhDQ3VoejYraUxRVytzSW9neHpheXU3VVl5VUhXbWt3PT0ifQ%3D%3D.11319f06af7f89e4.MTA5ZjM5YWQzM2MxMGNhNmYwNDAwYTAwOGUxMDNiNjc1ZGMyZTdiMWM4NTQ4ZTMyMjY5YTc0N2UxNWI0MmYyNg%3D%3D; _ga=GA1.2.1408923311.1674981397; _gid=GA1.2.1508063849.1674981397; _gat_gtag_UA_107148943_1=1; ndsid=ndsabgfqng1aykfldh4oe4f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 29 Jan 2023 08:36:32 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 134
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
x-envoy-upstream-service-time: 12
X-Akamai-Transformed: 9 206 0 pmb=mTOE,1
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=ZkhJn+O4vkB6Unv+Im6UKB8QJziCPi9bxsXgrj8APk8If7hBE2ieBWByvOb%2fLTqT; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:32 GMT;Httponly; Secure
_abck=A4265B1135A3C605B72447ACEE82452E~-1~YAAQHWgRYLOp6/eFAQAA/sGr/Amo4YiXKH+P2CcM5AOen5stpNICfr0UCGLfakP+n2EEGsEJD1bmpI47fV4WRBwmiWbgwftD1pOpwLAR7ZTUfYFv9PEYnHvDyEK99HJQfChyZC3E7ZMVIdn1qFBw++IXb9cIJskm8t/F9G6B4f1fCNcxMLNDlyjNwQsLNkM9qtuJiLmscTSH1ZuhB3C0Mcbjsq6ndZ7K+irWXEu3UQyoDxvT1jnJG2uAhfnibWt1qwzhtqemNrehSWlbNFsoBLjIErILWF4XXCYqo/rcqe4LobpUzNEzrQ3r5VLHGbI+OpEP6AoamyNGlVrdWvmioGSG+KDIf7jLMUbMPJtPn+dBHZOVDGPd/RsoxANd8KJLZQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 29 Jan 2024 08:36:32 GMT; Max-Age=31536000; Secure
bm_sz=585654B554F956F9CE5DB1293A0E3AB7~YAAQHWgRYLSp6/eFAQAA/sGr/BIbGxp7xA48X70I+AE+4BddM0GB2WxqdOCEPXpu0L/RwWzlg9LvyVEUZ/NcJMvKYuY8tbCTWNL9oQlwjKy6JMIXzzpvFZX2gD3QJ5km9MIs7pLq9aHqykZqKAK4WdjLfzRV7mje6oY4IzrnGmu3OR5i9XJbsc44NT3oxNPeUQlrQoYwdYHtAEpMf8eKqrN+aaOug/dlmlME00KY9ea7euBQ8FVf8vQjUmTrHOcnzSuZ2BBBGY1WQHhQg1anYahLpdk+suwfGIdnhIbmVBmb1SY+hWLP~4408889~4340038; Domain=.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 12:36:31 GMT; Max-Age=14399
X-Via: 1.1 bl22:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63d6300f_bl22_20685-2521
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
200 OK 0 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
IP
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 08:36:31 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
200 OK 0 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
IP
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 08:36:31 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
200 OK 0 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP
POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 11386
Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 08:36:32 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:55|g:31f19f8f-91c4-47ee-a9f5-464ec7f684ff; Path=/; Expires=Sun, 29-Jan-2023 08:37:02 GMT; Max-Age=30
ADRUM_BTa=R:55|g:31f19f8f-91c4-47ee-a9f5-464ec7f684ff|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e; Path=/; Expires=Sun, 29-Jan-2023 08:37:02 GMT; Max-Age=30
SameSite=None; Path=/; Expires=Sun, 29-Jan-2023 08:37:02 GMT; Max-Age=30; Secure
ADRUM_BT1=R:55|i:559461; Path=/; Expires=Sun, 29-Jan-2023 08:37:02 GMT; Max-Age=30
ADRUM_BT1=R:55|i:559461|e:8; Path=/; Expires=Sun, 29-Jan-2023 08:37:02 GMT; Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.8f9cf4ffa67837217dd4.chunk.js
200 OK 0 B URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.8f9cf4ffa67837217dd4.chunk.js
IP
ASN #20940 Akamai International B.V.
GET /accounts/static/7M/accounts/public/js/wfui.8f9cf4ffa67837217dd4.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 310941
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-4be9d"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Sun, 29 Jan 2023 08:36:30 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=Dw9GFBw4F0P8R42PCtYwSzGR9Fp25SprQjrSfPWV4czknwe8%2fQPYZ0LvVF7MyKhK; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.c4eb3419682ffa818284.chunk.js
200 OK 0 B URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.c4eb3419682ffa818284.chunk.js
IP
ASN #20940 Akamai International B.V.
GET /accounts/static/7M/accounts/public/js/main.c4eb3419682ffa818284.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--5m49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 299256
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-490f8"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Sun, 29 Jan 2023 08:36:30 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=y2jRWboiDAWuMRfQ5NUVrts73XoKRoF6ZMwP%2ftWRaTs%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 29 Jan 2023 08:51:30 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
163.171.131.129
34.120.237.76
104.110.27.78
3.248.39.194
47.246.44.229
93.184.220.29
157.240.205.35