ocsp.dcocsp.cn/
47.246.44.224 471 B IP 47.246.44.224:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 64cc40ac66c75d8547247a82383d6e67
1278a35ec4ab9b8a095872cf282768cddf9507b2
8aa93f6a0e5f93033fa38d1843415dfac7afbb27459048c01a9bcc9f398474e9
POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Sat, 05 Aug 2023 10:14:13 GMT
Ali-Swift-Global-Savetime: 1691230453
Via: cache21.l2de2[0,0,200-0,H], cache23.l2de2[1,0], cache1.se1[27,26,200-0,M], cache1.se1[29,0]
Age: 962
X-Cache: MISS TCP_REFRESH_MISS dirn:4:172624521
X-Swift-SaveTime: Sat, 05 Aug 2023 10:30:15 GMT
X-Swift-CacheTime: 2638
Timing-Allow-Origin: *
EagleId: 2ff62c9516912314152115723e
www--wellsfargo--com--d649329d48d6c.wsipv6.com/
163.171.134.56200 OK 19 kB URL User Request GET HTTP/1.1 www--wellsfargo--com--d649329d48d6c.wsipv6.com/
IP 163.171.134.56:443
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (731), with CRLF line terminators
Hash a1717ce2a06967a7783dd3adfb3fa543
c4d551346c15ba4c82561fa1a05dceed3d801b02
c4deb87b5962d62323fbd614b4f05fcb824f25b676718fbc0f5e4650b6a1f2f8
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
GET / HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:15 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 19038
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nuance.com https://resources.digital-cloud-prem.medallia.com; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://*.mworld.com https://*.postrelease.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nuance.com; script-src 'nonce-b5b1fddf-6354-4fa1-aaaa-238947a42a8d' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nuance.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Language: en-US
X-Akamai-Transformed: 9 18977 0 pmb=mTOE,1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:07e5a724-f270-4c3e-a6c0-a0dd8faf9c90; Expires=Sat, 05 Aug 2023 10:30:45 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:0|g:07e5a724-f270-4c3e-a6c0-a0dd8faf9c90|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sat, 05 Aug 2023 10:30:45 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sat, 05 Aug 2023 10:30:45 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894; Expires=Sat, 05 Aug 2023 10:30:45 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:70; Expires=Sat, 05 Aug 2023 10:30:45 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=11202308050330152029896804; domain=.wellsfargo.com; path=/; expires=2 Aug 2033 10:30:15 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; path=/; Httponly; Secure
DCID=F+zsNTrL288UDtBj70Qv%2f%2fVmKqXUmPYOWAJrspubQa2B2I5fwWGV4Trb6GU%2fScjP; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:15 GMT;Httponly; Secure
_abck=ECA7734FBE185F50D88317BECF43B3B9~-1~YAAQTpbvUI+i3LuJAQAAPG0/xQpJdzmyk56ufsx0hp40z8BZ8Eo85TWzVOLyq0ol07IyHbtWoNKEuVhrKUBSiJpEm1PKHzFgIJPEL2q96KQRbtQg1UffP/aVt4l1XIZ4TKP8Svo/11B0/dWMIKEIEImjJrjfJ2yzHc2EuaayIpHOX8rvGqJiuozs/+Q8et/PCrp7S0lfC1z2jTLk3pn+cTBjb01ZhHDM6AsmSzMkLQGrqdJCpVA8jjJiXV3FWPdu7WumiFlDOep8r9Y2D7eCKpOduvz+Ostux9hflTsE12SC6ohGtUdCfe2mM0nTjRXWaG/VSEg2E7WjyJs/sxOrmpmjw6NkH4FBDERmIcOPQL9tWeCtiULXVWM3X+Ow854y~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:15 GMT; Max-Age=31536000; Secure
bm_sz=976EF048978E61C1419E4D9608612817~YAAQTpbvUJCi3LuJAQAAPG0/xRQzvRR12pirpI1JuZECOqKJrVx3Qbj5L0Tm9Bhor5B2mP4Bw+osdlUlK9ItBxBv3uEQn2PJjZhMjLT1g3lp+HaKaMVXGieQ8CUyGuKFSz254kAQRAnbfVtLeAVbkIp1PT7893/f1wK8YSIFyHolgGDCvytcCs/lmpw+2mFVRyOemq9pCBtZVyQC6dectI1dhgkZCXGW+ROANggti2mDLp2gGjY8j3vAwSugp3HpuQd+VDU+j/HkSy1SioRfROzl9JhjyTR+5+4AboQApFRih6t2N/YV~3422004~4468784; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:15 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b7_VM-ARN-01cnE31_28198-18165
static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
23.36.79.26 901 B URL static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
IP 23.36.79.26:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (1952), with no line terminators
Hash e7cf4c458b327ab7ed31e0936ccd404f
970bf05073f91ad6b8f21521f7c9886f71f2af1d
52b687a685d2239142be0db5335c5710951ba8c2b39a44431a40f156b4d9312d
GET /assets/js/wfui/appdynamics/appdEUMConfig.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 20 Jan 2022 02:38:25 GMT
Vary: Accept-Encoding
ETag: W/"61e8cb21-7a0"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 901
Date: Sat, 05 Aug 2023 10:30:15 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=4VjAlOWuEepvqDwywgs5iw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
104.110.27.78 26 kB URL www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
IP 104.110.27.78:0
File type ISO Media, AVIF Image\012- data
Hash 1f8dadb2c78b667abbb3e1869fb823fd
7ac507de2102b9198b6590d339ed4ebbe5a4db27
c19b0b9b383a1efa5a50fe1c6e48fa46e03512e47666e17cfab1c7bb77c182ef
GET /assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "62057fd1-14ef3"
last-modified: Thu, 20 Apr 2023 01:31:58 GMT
server: Akamai Image Manager
x-serial: 1294
x-check-cacheable: YES
content-length: 25648
content-type: image/avif
cache-control: private, no-transform, max-age=313186
expires: Wed, 09 Aug 2023 01:30:01 GMT
date: Sat, 05 Aug 2023 10:30:15 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/choice-privileges-card-79x50.png
104.110.27.78 1.4 kB URL www17.wellsfargomedia.com/assets/images/rwd/choice-privileges-card-79x50.png
IP 104.110.27.78:0
File type ISO Media, AVIF Image\012- data
Hash 723ea3757b670b62e78a271262f7a226
0eaa5d0a1bde4446a39f3d9c60a2719581c38837
ce9903039a68a570fa3787c621e9ea79efd40f4b24afd194c4025d085d48abed
GET /assets/images/rwd/choice-privileges-card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "64396a1c-1f52"
last-modified: Thu, 20 Apr 2023 01:30:29 GMT
server: Akamai Image Manager
content-length: 1441
content-type: image/avif
cache-control: private, no-transform, max-age=309302
expires: Wed, 09 Aug 2023 00:25:17 GMT
date: Sat, 05 Aug 2023 10:30:15 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
104.110.27.78 1.7 kB URL www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash c939da49d435a33b6da79639dd7b449e
b5c908f157d240c4b78f1e7a6c0808aa898c9c23
60088561eb43fca42fc2f9c996af43347355642872eabfa97a943d2f28ee474d
GET /assets/images/rwd/wf_logo_220x23.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61bcfcce-10c2"
last-modified: Thu, 20 Apr 2023 01:30:26 GMT
server: Akamai Image Manager
x-serial: 853
x-check-cacheable: YES
content-length: 1712
content-type: image/webp
cache-control: private, no-transform, max-age=313135
expires: Wed, 09 Aug 2023 01:29:10 GMT
date: Sat, 05 Aug 2023 10:30:15 GMT
X-Firefox-Spdy: h2
www--wellsfargo--com--d649329d48d6c.wsipv6.com/mxS10a_HjJ8dh/FrAo/iOwD1lFgfU/iY5OcfDrSV/L1c7Ag/TkM3YBM7/Yng
163.171.134.56 74 kB URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/mxS10a_HjJ8dh/FrAo/iOwD1lFgfU/iY5OcfDrSV/L1c7Ag/TkM3YBM7/Yng
IP 163.171.134.56:0
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 48142dedc74cb9e4f20d364073815994
eaa5c96f8f44fae35616dc6af03c98121d2d3fcd
814d02d8c99bd2f6fa5aa759a9e367b12c50e4201d1c5a8dbb793da6f30c3ac5
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
GET /mxS10a_HjJ8dh/FrAo/iOwD1lFgfU/iY5OcfDrSV/L1c7Ag/TkM3YBM7/Yng HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:07e5a724-f270-4c3e-a6c0-a0dd8faf9c90|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:15 GMT
Content-Type: application/javascript
Content-Length: 74070
Connection: keep-alive
Stored-Attribute-Sha-Checksum: 814d02d8c99bd2f6fa5aa759a9e367b12c50e4201d1c5a8dbb793da6f30c3ac5
Last-Modified: Tue, 27 Jun 2023 17:14:29 GMT
ETag: "dbf881c7602f8671d977bb348201c8e830df8ab5fdd7795850bd762a38857ef8"
Content-Encoding: gzip
Cache-Control: max-age=21600
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=6v04AUWxxNCYM+UeGb7O6Q%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=05CD2CBC562BEBE2ECE14A78D4FCA37D~-1~YAAQTpbvUJOi3LuJAQAAY24/xQr2t//lm8ANiwtjwdpKVe7oUUMwVyJIjOzdwjvCJgNk46By50EJ/nsnHnvy4IRY8tZol3HJ/CrkP92qtnYxzEyXD6tJqz4TbgEljBd7f6PnQRENNQ4apqyVq1qAVfX80qUGAEmqrRTKVe/Eevh/f0x0GpqiLS+YzQ6O+J7YDLHyP/7nOwStdIJ3nGfQfw9bqSll+Teu3g7ef8v/Y3zYka1oE6YtNHzRPig5+F4bkwNsB+T4RviKfmfRp+5mGfZ7y4dfNWPX/jaNlerX0BZUgU0apJcy7uLKUKdRPmSqu4IX7F8GEo0EPuRxKcXUQ+ihz9jJDgr9hGmtfbtf3jgHV5WWylEomR4fIrBXNsXt~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:15 GMT; Max-Age=31536000; Secure
bm_sz=CBC23135F26C013FE1EE17A038BECB12~YAAQTpbvUJSi3LuJAQAAY24/xRR3w3W++jjxwCT6efjswoV+GPMFx1rmwYf68ZTnNP90eLmeIy/4Y111GXrUxKR0m2tu2JDLQq26KxVQZObe1cXUdX+xtJALhQ0s6u7lPv+m4Z1Zr8FclUvEKCNkHVchv4TYtl9yeAacUW6qtKxIfHaSrQCQDhn1cninhbUKPWzGAml2bhRqEUg85gjMzFpvhb/NI3x0tt7HU4Yn8xD1WJCTxCFoD97NtZ2RDJeAt3QEWXAnOZI+5TcxS6VnVNMIOWlrhApJb5tC9NgOw/f8Ilsl3W5I~3422004~4468784; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:15 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b7_VM-ARN-01cnE31_27980-22138
www--wellsfargo--com--d649329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.b96c0ba7c6b812a5f95f.css
163.171.134.56200 OK 24 kB URL GET HTTP/1.1 www--wellsfargo--com--d649329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.b96c0ba7c6b812a5f95f.css
IP 163.171.134.56:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 8883c399a7c9534762502912a3eb9adb
b93c27c4041cda428a4cf494f13fb4b423fa1a15
97caf056980a6ba130a246874637fd83818d7301248a3444e59ca5d3fa32bae3
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
GET /ui/css/homepage-ui/ps-homepage.b96c0ba7c6b812a5f95f.css HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:07e5a724-f270-4c3e-a6c0-a0dd8faf9c90|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:15 GMT
Content-Type: text/css
Content-Length: 23822
Connection: keep-alive
Expires: Sat, 05 Aug 2023 11:00:15 GMT
Last-Modified: Thu, 15 Jun 2023 14:52:58 GMT
ETag: "648b25ca-2aa1f"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-FRA-01Pl0187:1 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b7_VM-ARN-01XDr43_24912-10731
www--wellsfargo--com--d649329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
163.171.134.56 4.3 kB URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
IP 163.171.134.56:0
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (9269)
Hash 1ef6ac990964157bcce052a01126b1d5
4cd8e88646d48965030cb1f7e80e653601a7e075
334e2b259e6f66f683cb2f326eba42ac04247624e85174ad13050b28782d0ff3
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
GET /auth/login/static/js/general_alt.js?single HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:07e5a724-f270-4c3e-a6c0-a0dd8faf9c90|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:15 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 4284
Connection: keep-alive
Content-Encoding: gzip
Expires: Sat, 05 Aug 2023 10:30:15 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A15uP8WJAQAAxUxmhjOVXx8t3yliN3dQ9xqFwfV3G1ELbe8UT5RuFW4qD2nuAaOrhiucuNk0wH8AADQwAAAAAA|1|0|70c331ffd9b800233b2973d45faa43bf42da679b; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=WEgHD6vaqMf26A54swqfnC0GI4YMiiqOCG9NEEwzC0iu8+tKiK818y637PTkn4k4; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:15 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b7_VM-ARN-01cnE31_28198-18196
www--wellsfargo--com--d649329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.041c8faa44edf732dd5f.js
163.171.134.56200 OK 17 kB URL GET HTTP/1.1 www--wellsfargo--com--d649329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.041c8faa44edf732dd5f.js
IP 163.171.134.56:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (40828), with NEL line terminators
Hash 7558dd36a5a3d8d44bb1a04601ae6560
c703af3f738020a778d4c67bde5181147e8d2b10
1975e599ce211ec13716b9ba70636a011421d0aa38052be6a00302f6b9e15586
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
GET /ui/javascript/homepage-ui/homepage_iaoffer.041c8faa44edf732dd5f.js HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:07e5a724-f270-4c3e-a6c0-a0dd8faf9c90|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:16 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 17289
Connection: keep-alive
Expires: Sat, 05 Aug 2023 11:00:16 GMT
Last-Modified: Thu, 15 Jun 2023 14:52:58 GMT
ETag: "648b25ca-cc01"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-FRA-01Pl0187:1 (Cdn Cache Server V2.0), 1.1 VM-ARN-01XDr43:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b7_VM-ARN-01XDr43_24756-18436
static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
23.36.79.26 16 kB URL static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
IP 23.36.79.26:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (45298)
Hash 308e427d5e59a148900bf524ecd5829a
73baa209d84f2d15c88606b28280d2121efd878c
c15cbdeb4d6f20c36afa165203fc74d9ee00c6d77954971b0e1ba2e5ec222b07
GET /assets/js/wfui/container/wfui-container-bottom.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 07 Mar 2023 21:05:06 GMT
Vary: Accept-Encoding
ETag: W/"6407a702-b125"
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15731
Date: Sat, 05 Aug 2023 10:30:16 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=b81MGYmQKIjZuA7yWX%2fa4w%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--d649329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.f0a4069fdc0c14e21993.js
163.171.134.56 53 kB URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.f0a4069fdc0c14e21993.js
IP 163.171.134.56:0
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65439)
Hash f2ae2cf4b00792fee38e84e6509f2c9c
ae395db86d01bcef9ac60e4ea5a2052cea2c02a2
1688b00b03e64170c61df02ad73c82a064176cd24d13459323fef810f1d9d2f7
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
GET /ui/javascript/homepage-ui/ps-homepage.f0a4069fdc0c14e21993.js HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:07e5a724-f270-4c3e-a6c0-a0dd8faf9c90|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:16 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 52760
Connection: keep-alive
Expires: Sat, 05 Aug 2023 11:00:16 GMT
Last-Modified: Thu, 15 Jun 2023 14:52:58 GMT
ETag: "648b25ca-2a7da"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-FRA-01Pl0187:1 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:2 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b7_VM-ARN-01cnE31_27983-37434
www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
104.110.27.78200 OK 49 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type PNG image data, 1187 x 406, 8-bit colormap, non-interlaced\012- data
Hash 4576998e5446061faba47c4c609823e0
3beff60a8beab6ef65403e7bc02f996509c737a2
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39
GET /assets/images/sprite/responsive-sprite-v7.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 48569
last-modified: Thu, 21 Jul 2022 20:05:23 GMT
etag: "62d9b183-bdb9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=10256111
expires: Sat, 02 Dec 2023 03:25:27 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
104.110.27.78 22 kB URL www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP 104.110.27.78:0
File type Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Hash 0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=10259993
expires: Sat, 02 Dec 2023 04:30:09 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
104.110.27.78 23 kB URL www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
IP 104.110.27.78:0
File type Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Hash 83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
GET /assets/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5848"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=10152281
expires: Thu, 30 Nov 2023 22:34:57 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
104.110.27.78200 OK 22 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Hash f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704
GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=10260875
expires: Sat, 02 Dec 2023 04:44:51 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
104.110.27.78 22 kB URL www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
IP 104.110.27.78:0
File type Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107\012- data
Hash 1a2740c8df445989e4ee5f5396b6474c
a3f8545619fdd5b2a481952cd9e2c7b169bb43a6
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc
GET /assets/fonts/wellsfargosans-lt.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 21636
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5484"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=10152285
expires: Thu, 30 Nov 2023 22:35:01 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www--wellsfargo--com--d649329d48d6c.wsipv6.com/mxS10a_HjJ8dh/FrAo/iOwD1lFgfU/iY5OcfDrSV/L1c7Ag/TkM3YBM7/Yng
163.171.134.56 18 B URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/mxS10a_HjJ8dh/FrAo/iOwD1lFgfU/iY5OcfDrSV/L1c7Ag/TkM3YBM7/Yng
IP 163.171.134.56:0
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
POST /mxS10a_HjJ8dh/FrAo/iOwD1lFgfU/iY5OcfDrSV/L1c7Ag/TkM3YBM7/Yng HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2759
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:07e5a724-f270-4c3e-a6c0-a0dd8faf9c90|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 201 Created
Date: Sat, 05 Aug 2023 10:30:16 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=94O3cGs9eXNi5UHnpBVNtg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=94O3cGs9eXNi5UHnpBVNtg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=39C577247CA8FA7941EB56884D8AE4F3~-1~YAAQVZbvUL4xnLyJAQAAGHA/xQpTuax03AmWtmheM1ZK1xzWHj59k0AYRAe6yK6QTk5xjfBSkv9xuGNrmEjrgGC5DnpNi+lE5hvPYwwfgRp/YMOjUq31mLP+PfpNiQyS0zMIuDUOYHiMAs6dcQR72quniHxvbzWj3WtFIRoCC8VtwreYDpsIyV50lfdUbULXNuzqK9sZncjo18cxgYIA+JmS3u/6vfBeGAj2BM7ULTq5QnHqaZvNe52huVDl2OMHyYFqiKRxEnL6Tj4yAQqzaLWWWebc832fEgkqVvBxnX3AxUFtAfQy9EVDJx72kzRQbbR8YfSB7cpmb6zjfrcAzDFG5OPOuPeGz9c/qginByaRljweD03PNvzTN9NBpbEf~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:16 GMT; Max-Age=31536000; Secure
bm_sz=0CD8B6FF1A4F8C14350979D50F38857F~YAAQVZbvUL8xnLyJAQAAGHA/xRSA4IY8ppfeSoFisV8TBJmZQUp48bHG9HTAU1wbMikUsDE79S9zGlDYycPuIRSRaNs9mfko93YdEydOAd/PmwqAtIpvuupy7flbuw3FVoERR7Xu7wIN0AZE3N5ftNN66vh055qvRxNHZkRO66bHrjml1Nora07UaNBt3HoXZZPzI0bWewkRt5E+Aq3DP8K/MVlCX3BQhBgBY0Kf+0LPYIB6DdEKd+QIDR/u3prebxl6scYTPPdB+TVug0AWgYPo8P1j1Eh+K8wqE4xBG9NsTNw08JtN~3618886~3224112; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:16 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b8_VM-ARN-01cnE31_28198-18204
www--wellsfargo--com--d649329d48d6c.wsipv6.com/target/offers/conversations
163.171.134.56 2.3 kB URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/target/offers/conversations
IP 163.171.134.56:0
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (11063), with no line terminators
Hash 0dbd56d6aada75e6ea9b343f4fce736a
48ff333eb56383c46b7e80d392a4f0eead1e33a9
9224f71c05d98e0b142a4256c303aa263c76a2d28b0398bca79aeefb56a679d9
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
POST /target/offers/conversations HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 105
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:07e5a724-f270-4c3e-a6c0-a0dd8faf9c90|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:16 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 2283
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nuance.com https://resources.digital-cloud-prem.medallia.com; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://*.mworld.com https://*.postrelease.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nuance.com; script-src 'nonce-7eff4c3c-cdbc-4d13-b184-ef1cdcb6dc29' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nuance.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:07e5a724-f270-4c3e-a6c0-a0dd8faf9c90|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:70; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0; Expires=Sat, 05 Aug 2023 10:30:46 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sat, 05 Aug 2023 10:30:46 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sat, 05 Aug 2023 10:30:46 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893; Expires=Sat, 05 Aug 2023 10:30:46 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:100; Expires=Sat, 05 Aug 2023 10:30:46 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=11202308050330161659443586; domain=.wellsfargo.com; path=/; expires=2 Aug 2033 10:30:16 GMT; secure=true; SameSite=Lax; HttpOnly
wcmcookiehp=460EE98463AB44B9E788AB056460E9DF; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
DCID=ioxODnmqeXm4pqAzJDqWo8eLnsa7dVIXR94%2fGuvtlhVUIBxZEb+gPQ4v5%2fsCXHw0; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:16 GMT;Httponly; Secure
_abck=D08162FBE66C428605EC0D5B0F6FAC9E~-1~YAAQTpbvUJWi3LuJAQAAXnA/xQoxo22w+Z/9Lowpdwch+x19oGMQeJ9uasJ1/07DiADwCPoKsEWkdU7m4ADB+GQOFnrMdaRiQ7wAqpEuZ9B68d72mDeH5LU79UliqJNkH9GThfl19cjWS1nxFod9T1nU/DVFyE0ZeJJd0yDvMm1dZWX64CRFGG0UztMOwjtHIEAB/oXtPP9qbZP1XZz12Y47y1l2KiLSmwuiHS0dOCqKf9draHb4cIieSl0PQDFJMTFjU4gv/V/9hU/EyaIOdol1QzAzLL/ahODZZgO1/Wqz7Kvjk8hHI0TQMnJvTAejYpxWfqjKRMJVzPraKSbTkuSQtDFrRgR6hfQHDkJBrD7pNQQaNrw176hflcqT9HL7~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:16 GMT; Max-Age=31536000; Secure
bm_sz=DC4A268E5BEED36C38945FC69973062D~YAAQTpbvUJai3LuJAQAAXnA/xRSM92wU+Z6I/blPiG+1+52hfSKBlqwscg1yh9dOlcUWUEWXWF7qbKnBoaEGpJJAfqesJC5MQjjttGK4OGju177G+6f6/ek7t78HkLr7jp50XxOn3x2ST4NlJZh54GL9RzhJtmV5IFMiwvM5iQvA3A/3M0WrRgbrOYHowgututupeIHbBfR46J1lG0JCAXrQa9ja9Djo2m3rv82/yW69r3oK+9ssshIZwCeTjxCvTNT4NJHrs2tc3lihGH7jnuC5O7TRG8DuVmtyaDwooGonL34fsd/8~3618886~3224112; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:16 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b8_VM-ARN-01XDr43_24912-10732
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_o_enjoy300_1700x700.jpg
104.110.27.78200 OK 1.6 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_o_enjoy300_1700x700.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash f4ea54d2de3587734104a7fe6ac34593
abb69048123b667ad90dcba04da4f08a4a4aeeb7
e802f40411f32bc8331100de87c647c70071bbd2e29a44befcd52e48c6020205
GET /assets/images/contextual/responsive/hpprimary/wfi_ph_o_enjoy300_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63f63d12-aabe"
last-modified: Thu, 20 Apr 2023 01:43:32 GMT
server: Akamai Image Manager
content-length: 1646
content-type: image/avif
cache-control: private, no-transform, max-age=314004
expires: Wed, 09 Aug 2023 01:43:40 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1305630454_616x353.jpg
104.110.27.78 18 kB URL www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1305630454_616x353.jpg
IP 104.110.27.78:0
File type ISO Media, AVIF Image\012- data
Hash 4d74f6d202bf00523871f6380d9da158
511af47b1ce2a77f5c27cf3addfd80f289bb76ba
8932b18f9d89396f9292d507904d01306b97c8ae75165c93005b04aa7d9853ce
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1305630454_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "635162e8-d177"
last-modified: Thu, 20 Apr 2023 01:30:30 GMT
server: Akamai Image Manager
content-length: 18075
content-type: image/avif
cache-control: private, no-transform, max-age=2464289
expires: Sat, 02 Sep 2023 23:01:45 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_135975483_616x353.jpg
104.110.27.78 39 kB URL www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_135975483_616x353.jpg
IP 104.110.27.78:0
File type ISO Media, AVIF Image\012- data
Hash 5d115cb30ce945de0d431748aa0b6073
e1af15a87872a93c56598fe21c82c252a7c82345
8f0441ba6cd327f630ce1653262816ae3fb9abf2db73b70c50be3e66c51dfd8f
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_135975483_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63505859-e2ce"
last-modified: Thu, 20 Apr 2023 01:30:34 GMT
server: Akamai Image Manager
content-length: 39415
content-type: image/avif
cache-control: private, no-transform, max-age=299931
expires: Tue, 08 Aug 2023 21:49:07 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_piggy-bank_color-gradient_64x64.png
104.110.27.78200 OK 1.4 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_piggy-bank_color-gradient_64x64.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 965f76605b195f4ccfe05353f99ec406
7cc5b65bebc32a1835e778bf984d202fe472bd30
7bb20bbccd8f33fc25b907e8fcbefb0d73b1a9ae7076f8e688fc633f09690de6
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_piggy-bank_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "64501bd4-10f8"
last-modified: Tue, 16 May 2023 13:54:43 GMT
server: Akamai Image Manager
content-length: 1420
content-type: image/avif
cache-control: private, no-transform, max-age=2423308
expires: Sat, 02 Sep 2023 11:38:44 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg
104.110.27.78 25 kB URL www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg
IP 104.110.27.78:0
File type ISO Media, AVIF Image\012- data
Hash bf978a151ba3f10a7412e8cd5fbdb863
2af8e9c16c4f1e96ba1e86beee63521c802c2cce
ac555d446e447b4c8cf2bf2dd377d53c3b21faf83da3259dc8839c782eba1d9e
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6350580a-d82f"
last-modified: Thu, 20 Apr 2023 01:30:23 GMT
server: Akamai Image Manager
x-serial: 1019
x-check-cacheable: YES
content-length: 24880
content-type: image/avif
cache-control: private, no-transform, max-age=2345562
expires: Fri, 01 Sep 2023 14:02:58 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
104.110.27.78 1.1 kB URL www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
IP 104.110.27.78:0
File type ISO Media, AVIF Image\012- data
Hash 89a0759ff4f79071f11a1f90bffd9337
2d734cb1eda293788a673c1fae36b2c1d7e92bae
2223c16db671322ea90112c50128563ee80413e33769d718bd92b99da094712c
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "633eedd3-e69"
last-modified: Thu, 20 Apr 2023 01:30:30 GMT
server: Akamai Image Manager
content-length: 1131
content-type: image/avif
cache-control: private, no-transform, max-age=313188
expires: Wed, 09 Aug 2023 01:30:04 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/creditcard_color_gradient_64x64x.png
104.110.27.78 526 B URL www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/creditcard_color_gradient_64x64x.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash ca743053bce3493b932876555f9bacc5
89fb52f6517d4f2fa07fe71c33eeb2aa1676bcb7
9dc0e3746d9af9d06d8d135150885a3154037b7c4afb65a8118cf4df083a1c29
GET /assets/images/contextual/responsive/smlprimary/creditcard_color_gradient_64x64x.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "62572c9d-1250"
last-modified: Thu, 20 Apr 2023 01:31:15 GMT
server: Akamai Image Manager
content-length: 526
content-type: image/webp
cache-control: private, no-transform, max-age=305281
expires: Tue, 08 Aug 2023 23:18:17 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/autograph_20k_hplp_1600x700.jpg
104.110.27.78 6.8 kB URL www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/autograph_20k_hplp_1600x700.jpg
IP 104.110.27.78:0
File type ISO Media, AVIF Image\012- data
Hash ff9a335cbdabb82c5c45e599aaede02f
d9d9caa1e81ca61408e4804a48ac1c37f23a6c18
f3327507c7327c8a0b7e2777392cb742d54561b12e8850da60e75bee26c2292d
GET /assets/images/contextual/responsive/lpromo/autograph_20k_hplp_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63acaeb0-18517"
last-modified: Thu, 20 Apr 2023 01:30:24 GMT
server: Akamai Image Manager
content-length: 6818
content-type: image/avif
cache-control: private, no-transform, max-age=313063
expires: Wed, 09 Aug 2023 01:27:59 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
104.110.27.78 463 B URL www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
IP 104.110.27.78:0
File type ISO Media, AVIF Image\012- data
Hash 4ba6a57b8c9f52ede1b958bd4b63700b
22a693eb43a2a76ab994782bc50cc262f986a240
c13a85df86fed8e3d77b952a59a1736743127f1422873b47b4d0a59092c62de2
GET /assets/images/homepage/position-1-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-9f2c"
last-modified: Thu, 20 Apr 2023 01:30:38 GMT
server: Akamai Image Manager
content-length: 463
content-type: image/avif
cache-control: private, no-transform, max-age=313210
expires: Wed, 09 Aug 2023 01:30:26 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
104.110.27.78 831 B URL www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
IP 104.110.27.78:0
File type ISO Media, AVIF Image\012- data
Hash 026f5e731899c436dbbec268e870905a
160ed7b7fe9a30e81aae6f1136db6ce939113a7e
2a242450947c5c9d9496cd2d4acb67d50b269f5ce36070c3b98c4f88db3307db
GET /assets/images/homepage/position-2-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-cf3e"
last-modified: Thu, 20 Apr 2023 01:33:02 GMT
server: Akamai Image Manager
x-serial: 1447
x-check-cacheable: YES
content-length: 831
content-type: image/avif
cache-control: private, no-transform, max-age=313219
expires: Wed, 09 Aug 2023 01:30:35 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
104.110.27.78 405 B URL www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
IP 104.110.27.78:0
File type ISO Media, AVIF Image\012- data
Hash 08e3eec615bb3f7d07a95e1e79f96189
c05ef7184eedcb31aee442ad8c474ff306b1d473
89026cd6ac7b7314c1a5b075471d09a9b672ac011254541c9d2b521b90c6cb3e
GET /assets/images/homepage/position-3-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-7b35"
last-modified: Thu, 20 Apr 2023 01:33:39 GMT
server: Akamai Image Manager
content-length: 405
content-type: image/avif
cache-control: private, no-transform, max-age=313417
expires: Wed, 09 Aug 2023 01:33:53 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2
www--wellsfargo--com--d649329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AEAwP8WJAQAAHWHlZMz1ntCYREQcWVLQYGMFJG2iXY9Cs9mnLMYXlS1hdabj&X-G2Q3kxs3--z=q
163.171.134.56 149 kB URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AEAwP8WJAQAAHWHlZMz1ntCYREQcWVLQYGMFJG2iXY9Cs9mnLMYXlS1hdabj&X-G2Q3kxs3--z=q
IP 163.171.134.56:0
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 149 kB (149015 bytes)
Hash 3826ad0a7fbfcc24f49f4adc99026b9e
35b2f1afe255388f6061405cbc1a5a8eab0909b7
6826efa76117acf6efe3ef4424b88aa7b1b3e4e277cbadcadc90fdca7ba18837
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
GET /auth/login/static/js/general_alt.js?async&seed=AEAwP8WJAQAAHWHlZMz1ntCYREQcWVLQYGMFJG2iXY9Cs9mnLMYXlS1hdabj&X-G2Q3kxs3--z=q HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:07e5a724-f270-4c3e-a6c0-a0dd8faf9c90|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:16 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Sat, 05 Aug 2023 10:30:16 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A4NvP8WJAQAAyU_YJNc7jt-AjvUB6SZ7B-cLlTKGsWqqQd8Wuj84dmu1Ker0AaOrhiucuNk0wH8AADQwAAAAAA|1|0|dc535f9d0de22fc358a9af88743745c03ae9eb21; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=y2UEZC1GMtLEzYJCUZtHNlYRkYKJrotCBzpjQK2SSZcKqHRN%2fapLy2QRnhUYb7JS; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:16 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b8_VM-ARN-01cnE31_27980-22141
www--wellsfargo--com--d649329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
163.171.134.56 313 kB URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
IP 163.171.134.56:0
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (65357)
Size 313 kB (313270 bytes)
Hash 86b0428bd52fbfeaf6fc736f21b79f1e
357a952f524df35ccf680ecc30ed8764444266bb
fe4623c9de643567800b8518f0a5163d4d6d634f87d93ab792b221834592d5ab
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
GET /auth/login/static/js/general_alt.js?1js HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:07e5a724-f270-4c3e-a6c0-a0dd8faf9c90|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:70; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:16 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Sat, 05 Aug 2023 10:30:16 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: DCID=%2fNAzJ9AYHbdMKETr9wrHXbWyrbWd%2fKPe0OfG6jNgUTI%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:16 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b8_VM-ARN-01cnE31_27983-37438
c1.wfinterface.com/tracking/hp/utag.js
23.36.79.32200 OK 55 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/hp/utag.js
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (11638)
Hash d08a65b05061f1255f422b7221f06b1c
78c6dc01eb858c5b652eeb161a398dfef3efad14
28c8b8933a093b6bc2df9d132810b339b54b35c7025452c0982df6d91ad58dc6
GET /tracking/hp/utag.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 13 Jul 2023 20:02:10 GMT
Vary: Accept-Encoding
ETag: W/"64b05842-32c18"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; font-src https: data: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Content-Encoding: gzip
Content-Length: 55332
Date: Sat, 05 Aug 2023 10:30:16 GMT
Connection: keep-alive
Set-Cookie: DCID=y5K541eWlB7cQm0q2Vov3oGATn7ppVtmNIVlYLSvb%2fESxRgrGQDVupILsevnObKv; Domain=c1.wfinterface.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:16 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
104.110.27.78 9.2 kB URL www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
IP 104.110.27.78:0
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash cd112f1acb59ef6e59e09c0effd8ce2a
bc104cd92adc32a8f695300d2b0cc69c2776f6af
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c
GET /assets/images/icons/ico/favicon.ico HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/x-icon
content-length: 9198
last-modified: Fri, 17 Dec 2021 21:10:38 GMT
etag: "61bcfcce-23ee"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=62594
expires: Sun, 06 Aug 2023 03:53:30 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
104.110.27.78 964 B URL www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
IP 104.110.27.78:0
File type ISO Media, AVIF Image\012- data
Hash 7f9f34586bf809f8eb21ceb6b46045d7
90691768aff809a00ce2b33df7e37e34dcdbcbe0
dca86ff9007564cbcb0515ec84dfc727fd8648005a8f12eb0bf5a3278431d6e0
GET /assets/images/icons/icon-hires_192x192.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6116f9a6-dcf"
last-modified: Thu, 20 Apr 2023 01:32:50 GMT
server: Akamai Image Manager
content-length: 964
content-type: image/avif
cache-control: private, no-transform, max-age=313318
expires: Wed, 09 Aug 2023 01:32:14 GMT
date: Sat, 05 Aug 2023 10:30:16 GMT
X-Firefox-Spdy: h2
www--wellsfargo--com--d649329d48d6c.wsipv6.com/mxS10a_HjJ8dh/FrAo/iOwD1lFgfU/iY5OcfDrSV/L1c7Ag/TkM3YBM7/Yng
163.171.134.56 18 B URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/mxS10a_HjJ8dh/FrAo/iOwD1lFgfU/iY5OcfDrSV/L1c7Ag/TkM3YBM7/Yng
IP 163.171.134.56:0
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
POST /mxS10a_HjJ8dh/FrAo/iOwD1lFgfU/iY5OcfDrSV/L1c7Ag/TkM3YBM7/Yng HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2604
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 201 Created
Date: Sat, 05 Aug 2023 10:30:17 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=pgcYkhpyZ51xENGIpWQqFw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=pgcYkhpyZ51xENGIpWQqFw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=F91D889586725085C8B782B95DBCFB3D~-1~YAAQTpbvUJui3LuJAQAAa3M/xQq8P9MWlVjbhb2M3Drb33c4jBLlncTCPPBB/uLZop5071aUtQ5iZw4TZPkrGdZZG8qIdjYa4Xv8oNzE0I/HGKhqr5RVYjYOGqFNBlzazmJUZ4n0a8bJCmq3RO9rF4sSjUzP/ctsd55/h2ZGGbB6B6+IUvQkMXqQdReMuls/Nbyrz40O0V4x2BngHIxPjBFUP/W5JyVi893um1dTrS/T2qGeOrOKlM24h91oGdn+0o/DlkaVGYqt7QCp5P4u05ixFQMuJwj0awh4XHeFy5YSAXpIVK+QjN85f8E83K7xTYnijS/g8xV80hHJxijOdoR6WyzFhOvJMKOA3CBnpSt6GtYrBGnSBRxJyeXLovDR~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:17 GMT; Max-Age=31536000; Secure
bm_sz=AA11DE0422174815479FD3DB3D4CD372~YAAQTpbvUJyi3LuJAQAAa3M/xRRO+Whfb/0xOywcWbNqGCXpkioty7bJJ7kbHsohJiBN+qgOVRsyzbmofqjNTfOxNV/rhV8IiSsKmO0L0BDP7q5UO06CHeCeiSbzjcK8ADjr3AzzVyFaEwQ2O1rUoe/ISSQo8QIEgULBvB/iIEqOXfbNrSAyDEjU8UHlVX3qqJ2LKzaBmeBpZvrRkN5NHr/DyyWSc1rkw/ZiwFY5klisqL8BKoNEr6cRTZEnGW8HxHIxQQh6c22vxLbO2NoCBQG2BFaIEyoBZa661aq2XWV1ss0nWa0E~3225396~3158328; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:17 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b9_VM-ARN-01cnE31_27983-37449
www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
104.110.27.78200 OK 840 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 6ec98f68003e2c6714282b232614e8d1
2e159a3a6e6796d1cc201770ac015f96f905ef56
f9c237c7739705ea404e9682f13e557a1d984f2493f6f619bdfce44c9a71445d
GET /assets/images/rwd/Active-Cash-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-1d25"
last-modified: Thu, 20 Apr 2023 01:31:18 GMT
server: Akamai Image Manager
x-serial: 1153
x-check-cacheable: YES
content-length: 840
content-type: image/webp
cache-control: private, no-transform, max-age=2479927
expires: Sun, 03 Sep 2023 03:22:24 GMT
date: Sat, 05 Aug 2023 10:30:17 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
104.110.27.78200 OK 962 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 699a91c4d536a60f1a4bd48622194f70
91b303fbf65778043ddd2fe6f39f4798f207f320
8c456a47b3f97fa54853761f544146ab5b5277a11603a18f080947d76e31d54a
GET /assets/images/rwd/wf_autograph_card_79x50.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-81c"
last-modified: Thu, 20 Apr 2023 01:32:43 GMT
server: Akamai Image Manager
content-length: 962
content-type: image/avif
cache-control: private, no-transform, max-age=2440065
expires: Sat, 02 Sep 2023 16:18:02 GMT
date: Sat, 05 Aug 2023 10:30:17 GMT
X-Firefox-Spdy: h2
www--wellsfargo--com--d649329d48d6c.wsipv6.com/mxS10a_HjJ8dh/FrAo/iOwD1lFgfU/iY5OcfDrSV/L1c7Ag/TkM3YBM7/Yng
163.171.134.56 18 B URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/mxS10a_HjJ8dh/FrAo/iOwD1lFgfU/iY5OcfDrSV/L1c7Ag/TkM3YBM7/Yng
IP 163.171.134.56:0
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
POST /mxS10a_HjJ8dh/FrAo/iOwD1lFgfU/iY5OcfDrSV/L1c7Ag/TkM3YBM7/Yng HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2658
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 201 Created
Date: Sat, 05 Aug 2023 10:30:17 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=YauWa9Ws76i59kMMjCylow%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=YauWa9Ws76i59kMMjCylow%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=ACEC52D86DE179C84D072F831A732CE3~-1~YAAQTpbvUKGi3LuJAQAAfXU/xQpNpV2OdkFSNAm+rrdKc9nMTfHwhjeTdV95JEEf73eT31tRB/Z1/B5XGeWf7FoPFlnGRMFRrphcmQlrOkiWkP19qCG4BmCci6YgWLefgaO0Gi3mn9SgMKkq5GaISB5ZYxSTUyjWCgH1KYMt3zU3ym6K5eUYWTHWO1nOGSKBvebIodlPG/Fi+41jqPpSdBLOvXpoT8dykH7TqZOSAy7aRgxcU6wxFj3RERRd/AJBMmEof3Vi3TTOGiEc7pU8WKuXi9lpBu6ICmxX1PMjvbUowWOdYUVTyJIIdg5K95ZaHo92zkwdLxMvnlJUo1+wkoVB0BzuxrCocYFGxaontsM5vbFu0IbMBCa3iyxlFZdK~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:17 GMT; Max-Age=31536000; Secure
bm_sz=2911944AA38ADBB2EB1DEDABBC9FD1A8~YAAQTpbvUKKi3LuJAQAAfXU/xRRRNhaGhm15myQZwm65DrlX6/VfYjPX3n3iDXrvfJvlMhbZW69zX+fwZltaZMjvfE8k+fp8E+rOeGhMnCSeJE1Wqpa28yHhezP2jS3iDFhKp8YtsKY7LIeiEitK3sDs5jBEVdl9r3Zj9fmgMcFQarOGJMQFu6MuvxV268DcrM1BzOEu97VjpiPgr+pZJiz/uz4I4j6fSeJADH5AJfzTWHgzTfWMyqd2k5XQkj0cUeyC1UQZUWRir5Wfga5nFtYRJOhF40lIjme2AfvAMJVcjWLqrA3d~3225396~3158328; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:17 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b9_VM-ARN-01cnE31_27983-37454
www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
104.110.27.78 712 B URL www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
IP 104.110.27.78:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 89489c444f1ee92b133eb97304e31020
62ea0737595301aabcda8a6dbe95184ba9a75558
e06b14ec84ac8651fc009b444e0560a78c1919f45df8106a9c14cd708d5b804e
GET /assets/images/rwd/Reflect-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-1c20"
last-modified: Thu, 20 Apr 2023 01:30:55 GMT
server: Akamai Image Manager
x-serial: 1166
x-check-cacheable: YES
content-length: 712
content-type: image/webp
cache-control: private, no-transform, max-age=313210
expires: Wed, 09 Aug 2023 01:30:27 GMT
date: Sat, 05 Aug 2023 10:30:17 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
104.110.27.78 1.1 kB URL www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
IP 104.110.27.78:0
File type ISO Media, AVIF Image\012- data
Hash 21385ee55bb1e5a680bb48257446fb86
9639eb9d1c5805fa350013eaa2f11c08835459e0
cfcc50571ad947e067c5a0853534d3016eaaef2fd98ffdb9b0d4d3c1bdda0273
GET /assets/images/rwd/bilt_card_79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fc445-1be6"
last-modified: Thu, 20 Apr 2023 01:31:08 GMT
server: Akamai Image Manager
content-length: 1083
content-type: image/avif
cache-control: private, no-transform, max-age=312940
expires: Wed, 09 Aug 2023 01:25:57 GMT
date: Sat, 05 Aug 2023 10:30:17 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
104.110.27.78 1.7 kB URL www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
IP 104.110.27.78:0
File type ISO Media, AVIF Image\012- data
Hash e218a28576f6620622d48155284b5551
d189e371b0ce3dac93f0b9e660c426d932da9274
f990b81e77666bac79e3f1f9399b7763ca7eb64b1d70acea21cbe954413cc0c3
GET /assets/images/rwd/first_time_experience-account_summary.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "618287e9-14da"
last-modified: Thu, 20 Apr 2023 01:30:31 GMT
server: Akamai Image Manager
content-length: 1662
content-type: image/avif
cache-control: private, no-transform, max-age=313214
expires: Wed, 09 Aug 2023 01:30:31 GMT
date: Sat, 05 Aug 2023 10:30:17 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
104.110.27.78200 OK 7.4 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash c885a0955f4f35b25bceca71830f266d
4bbdc15de0149dee5e6feae4fb32a520a983a1ca
5c18c7230c1e013e39d16af91a84fdedd4a6cb5874e26729f0883978c4ba229e
GET /assets/images/rwd/Native_App_Phone_Personal_v8.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6328cc17-9829"
last-modified: Thu, 20 Apr 2023 01:39:11 GMT
server: Akamai Image Manager
x-serial: 7
x-check-cacheable: YES
content-length: 7363
content-type: image/avif
cache-control: private, no-transform, max-age=2440045
expires: Sat, 02 Sep 2023 16:17:42 GMT
date: Sat, 05 Aug 2023 10:30:17 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/women-in-greenhouse_616x353.png
104.110.27.78 31 kB URL www17.wellsfargomedia.com/assets/images/rwd/women-in-greenhouse_616x353.png
IP 104.110.27.78:0
File type ISO Media, AVIF Image\012- data
Hash 6e75964fb01ae452f65c9fa41cd3326e
1a0909cc3f5290bb291f4d35abdc4df63767ef9e
417df9b440b214aa81b429a205291afb424c1ae8a3c9143dd22e17befaada5e2
GET /assets/images/rwd/women-in-greenhouse_616x353.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6410d4f7-b51b"
last-modified: Thu, 20 Apr 2023 01:30:32 GMT
server: Akamai Image Manager
x-serial: 1698
x-check-cacheable: YES
content-length: 30860
content-type: image/avif
cache-control: private, no-transform, max-age=313248
expires: Wed, 09 Aug 2023 01:31:05 GMT
date: Sat, 05 Aug 2023 10:30:17 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
104.110.27.78200 OK 20 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 87490ccdfd428eee95e906fbce88432a
e1c384061e5aaf77bcf202341510db8cdc2ae350
936c825f599809216670e9444d31e555e587b6f9943a89681cfef3621c5b0843
GET /assets/images/rwd/volunteers_cars_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "618017dd-cd21"
last-modified: Thu, 20 Apr 2023 01:30:41 GMT
server: Akamai Image Manager
content-length: 19628
content-type: image/avif
cache-control: private, no-transform, max-age=2439549
expires: Sat, 02 Sep 2023 16:09:26 GMT
date: Sat, 05 Aug 2023 10:30:17 GMT
X-Firefox-Spdy: h2
connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
23.36.79.24 571 B URL connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
IP 23.36.79.24:0
ASN #20940 Akamai International B.V.
Hash b2228cc3352ba79966a8c37c4282d9e3
7b644cecfc88646cdf6fb5c296ab14326f6d1fc0
50c204ad5821cd89363082627e5ec0fe8cf9abc7a258a6c45b2b9b7375de1475
GET /accounts/static/7M/accounts/short/accounts-cache.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Mon, 10 Jul 2023 06:48:02 GMT
Vary: Accept-Encoding
ETag: W/"64aba9a2-497"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 571
Date: Sat, 05 Aug 2023 10:30:17 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=b4if8BFcGA1XJIPgYy2xf0iQQgVlEHszha1YxrGAXAWAxxS8q1sFJZV31b+fDifG; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:17 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
23.36.79.9 45 kB URL c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
IP 23.36.79.9:0
ASN #20940 Akamai International B.V.
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sat, 05 Aug 2023 10:30:17 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=gZGiqA+9+HpX6df8eW5Ddg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
23.36.79.26 14 kB URL static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP 23.36.79.26:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (32088), with CRLF line terminators
Hash 5f310e2e2a558d76b916e137aee73462
c7ff0190c9c2c414321211f3863e9e27f32b713e
385196f0fce7cea80c2c99d971780ecb73df9dea6e5b2d95d19df3aa849c7b1f
GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 14304
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=EFkm4+f2+mwxgkClHiBHZQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.503a8b321edcff4ec267.chunk.css
23.36.79.24 24 kB URL connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.503a8b321edcff4ec267.chunk.css
IP 23.36.79.24:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 1cf7c1fc34f02c074f01f13b7d71068a
5a415eaf557beb9b8d31f621f80b827ccbe348ba
109d0bc8ba558e23e5f8bcb156514f3f1ff1cec0236d030723eed74bde935961
GET /accounts/static/7M/accounts/public/stylesheets/main.503a8b321edcff4ec267.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 24064
Last-Modified: Fri, 19 May 2023 11:16:12 GMT
Vary: Accept-Encoding
ETag: "64675a7c-5e00"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=xT4aTVTsDXe+HbAbcYugWw%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416470&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32
163.171.134.56200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416470&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32
IP 163.171.134.56:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416470&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 04 Aug 2023 10:30:18 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=PNEhBss2i8pekjViUeu8J%2fAQ8cxY6M5uVkx3gAFeFUc89KFyXl8RxjUu90J4Cfsj; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b9_VM-ARN-01XDr43_24756-18452
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.977fce5e9afe92d4ccbb.chunk.css
23.36.79.24 36 kB URL connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.977fce5e9afe92d4ccbb.chunk.css
IP 23.36.79.24:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 44728bf82124e7d978288b51d29f7247
127bdc80872b827ffd5f4f14219460948feecc5b
e8ab621591e8c7b4b8ed81e5613f0c13d45090c595347fe094f2a7c13ed98b42
GET /accounts/static/7M/accounts/public/stylesheets/wfui.977fce5e9afe92d4ccbb.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 36211
Last-Modified: Mon, 10 Jul 2023 06:48:02 GMT
Vary: Accept-Encoding
ETag: "64aba9a2-8d73"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=pvczS%2fYVDylaw4WMaAZNAA%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
23.36.79.9 45 kB URL c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
IP 23.36.79.9:0
ASN #20940 Akamai International B.V.
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=9PdlJr9ky0%2fFzVdx9Vgkww%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416467&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
163.171.134.56 43 B URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416467&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
IP 163.171.134.56:0
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416467&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8 HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 04 Aug 2023 10:30:18 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=+7jSjletV%2f1XCrMmglUnRTVs1GZtw3QtNgKeiu%2f9wToU5VlrUKxty7WKOXt33iEc; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b9_VM-ARN-01cnE31_28198-18230
c1.wfinterface.com/tracking/gb/detector-dom.min.js
23.36.79.32 138 kB URL c1.wfinterface.com/tracking/gb/detector-dom.min.js
IP 23.36.79.32:0
ASN #20940 Akamai International B.V.
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65434)
Size 138 kB (138549 bytes)
Hash c71e354b6a3fbb7e60e42b5cd392761e
b0abcc1cda4144fb29550225f7c3dd0342d11fbf
c5efd80b0945674f1ffbb895395fb45f44b6030a3d2c6380b03202e667c51923
GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 28 Mar 2023 20:08:12 GMT
Vary: Accept-Encoding
ETag: W/"6423492c-7049c"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 138549
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=mvgOZ2caFJtDecOxa16fkw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416464&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
163.171.134.56 43 B URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416464&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
IP 163.171.134.56:0
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416464&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32 HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 04 Aug 2023 10:30:18 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=ORYRjuxE0uHmPgk9WKNTq8rb2%2fRQXmy82tH8wwMCH3pDAbLSNhXaemO45WDbWwMB; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b9_VM-ARN-01XDr43_24912-10751
www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416427&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
163.171.134.56 43 B URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416427&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
IP 163.171.134.56:0
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416427&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 04 Aug 2023 10:30:18 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=BXdGq4OrxHKRu7LiscJn7eNKp0DA%2fUUhU5d+um2gjSi%2fJ1XcQJlS01hok6+QUArT; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b9_VM-ARN-01cnE31_27983-37455
www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416474&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_chk_digitalcashbonusrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32
163.171.134.56 43 B URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416474&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_chk_digitalcashbonusrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32
IP 163.171.134.56:0
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416474&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_chk_digitalcashbonusrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 04 Aug 2023 10:30:18 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=ADnm7H9yd6rkxqMlXWeUFvkrL8v9WXeZwImhznhNo6xkH5n7a3+fiTuDUvgaFQMX; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b9_VM-ARN-01cnE31_27980-22162
c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
23.36.79.9 45 kB URL c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
IP 23.36.79.9:0
ASN #20940 Akamai International B.V.
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?t=AW-984436569 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=9e7oSiNdXQuN+UHOlb+xXQ%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.11d8ad2657d343ccd76c.js
23.36.79.24 3.8 kB URL connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.11d8ad2657d343ccd76c.js
IP 23.36.79.24:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (7626), with no line terminators
Hash 197b7a7fb6f902fc2a4eb5ff978b89b4
c3881a2744c14817af138f88d98676d18b4588c8
38e0b8e6ac4f55b41a4ff32e31c8fca12b7893c42b92b6ba5d98cff1500a82eb
GET /accounts/static/7M/accounts/public/js/runtime.11d8ad2657d343ccd76c.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Mon, 10 Jul 2023 06:48:02 GMT
Vary: Accept-Encoding
ETag: W/"64aba9a2-1dca"
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Content-Encoding: gzip
Content-Length: 3789
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=ZawF6mWFhxGHfkM0JMCtePL3C+K1pRMhirioJZmpNz0%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--d649329d48d6c.wsipv6.com/as/jsLog
163.171.134.56200 OK 0 B URL POST HTTP/1.1 www--wellsfargo--com--d649329d48d6c.wsipv6.com/as/jsLog
IP 163.171.134.56:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
POST /as/jsLog HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 166
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:2$_ss:0$_st:1691233216787$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTYyYYgt2y%2FG8CmqtBqni%2FRkJq3d%2BgKb50YT%2BxWlpag%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C81449951351949728815155355947144261027%7CMCOPTOUT-1691238616s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Length: 0
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com https://*.postrelease.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nuance.com; script-src 'nonce-e2c6f801-71b3-4de0-84c9-e0de1830b4e9' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Set-Cookie: ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:100; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:2fa2fc11-a2e9-4099-a05b-e468c86b0919; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:2fa2fc11-a2e9-4099-a05b-e468c86b0919|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=4B1DA17AB1069F8C8F9020E64E56AF3A; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sun, 04 Aug 2024 10:30:18 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120230805033018217160170; domain=.wellsfargo.com; path=/; expires=2 Aug 2033 10:30:18 GMT; secure=true; SameSite=Lax; HttpOnly
ADRUM_BT1=R:27|i:206915; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206915|e:57; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206915|e:57|d:1; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ISD_WCM_COOKIE=!eJrpdA+Hpufc8C3Xcg3V8rzrEPW+Gfc5rsbP/AdFVqi4jP2YliR2vR31v/0JAWpe7WeB7sGK0k6gqCM=; path=/; Httponly; Secure
DCID=UknMhXs%2fp7N5EqPxxJh7+GgTK2VyGceCvC3yj5uYFwKPCUO98JOvbCU+t85nTByt; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
_abck=C582E7EFB5971D83D6406CB37EE400A5~-1~YAAQTpbvUKai3LuJAQAAJng/xQrG1VpsvOEMesTzwPDnitUTjwxgHDTohAqY2pSfGoDW62X0lFvgWimPgPTNG6Nhs88O84RlGBHrGAW299i8DunPiXN2fh+Nh5mOrpn1iodH2wIG+x70B/lvrrHbslqVvC9SDsxn7Fe2UmbkdlDOd0ffPtjEqhrDFrLQJi7MBG9VmbWNMQqjdy+sUwhAuDiv7X9/dUPxZLxGYeMYokiqSdsBWc1Bj1WAl5IvbL0YC/k7dI9eUe59ClgwrpY9oBDE5aaDygervt85LmXzbHnAFBfbu125ms164E3qOLcrGI3zllKSVZJ5F+X4q1sjWRSgYPcL2+VyITnW8u9S1KSwB9Ghi0sPM36w0xiH0I/w~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:18 GMT; Max-Age=31536000; Secure
bm_sz=16C1E8DA400A4D4D639BF1AAF4E4AC72~YAAQTpbvUKei3LuJAQAAJng/xRRK4vxDvgPK0IGHDLrtqUGtTc7yXHxLeLgMsmwWDSM6h9UVBHu+wKrc/bU/LseHRu/qrkmbhPovOAPmKEo/71ehhieDrcaSpQs325A4DqPO6qLAqNghON3wBd8n+jiEyWpA/kXoeIoknEBF0/4xoDVZMkZ+nBmvOuxY6ryz+5DQWYxDYkfp+ODEynT3WY1fuheONSEpbxJhS2eFSeBJJqyYbRe0aFowVerFUVMLU2oNSQbhZCZGT7nzsSNX+h/r/RLpY2AjKRD2hHJchStKH9r7ztgz~3289649~3163206; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:18 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24ba_VM-ARN-01XDr43_24756-18454
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.cb957977cb3cf8924da3.chunk.js
23.36.79.24 190 kB URL connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.cb957977cb3cf8924da3.chunk.js
IP 23.36.79.24:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65445)
Size 190 kB (189880 bytes)
Hash 197a0531454004e6e7769c5300c746b7
30a2a33795f7aeb49211b640256357e521829e42
86d9df808b65994cb555bb1c9d9ee93e79b5598dd8fd5bdd848eea1ec5fdfc15
GET /accounts/static/7M/accounts/public/js/vendor.cb957977cb3cf8924da3.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 189880
Last-Modified: Mon, 10 Jul 2023 06:48:02 GMT
Vary: Accept-Encoding
ETag: "64aba9a2-2e5b8"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=9USElwbNfsDGeqqetQPL46rg+uTDOQSqZybrO3Tc65oivCByxyFI94cHiz+JvaiF; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.7a759df3119e0b9c531e.chunk.js
23.36.79.24200 OK 307 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.7a759df3119e0b9c531e.chunk.js
IP 23.36.79.24:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 307 kB (307189 bytes)
Hash eb5dab90a5f6fb32cb1044e07da243be
e0d3df44fff06faae85253afa56397e077437bfb
900c079a3158efc5792092de56fca68a5bd8fcea88a6ed2d6bd33551bba9c4a7
GET /accounts/static/7M/accounts/public/js/main.7a759df3119e0b9c531e.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 307189
Last-Modified: Mon, 10 Jul 2023 06:48:02 GMT
Vary: Accept-Encoding
ETag: "64aba9a2-4aff5"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=3DG5%2fbYLWYdf9bkzvUnPKtTA%2fm2Q86il2xV7Co2yXbAWfjWkLjSjMr6boRwFM9gc; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416477&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32
163.171.134.56 43 B URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416477&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32
IP 163.171.134.56:0
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416477&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 04 Aug 2023 10:30:18 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=Mkx%2f03GqrRNHYs6n4HpvlBN3w0zdXl96z3vnZMPGyleP1LClWImbKzuDYQsTkqiC; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24ba_VM-ARN-01cnE31_28198-18234
www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416481&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_sav_savingsprospectrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32&promoSlot=1
163.171.134.56 43 B URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416481&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_sav_savingsprospectrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32&promoSlot=1
IP 163.171.134.56:0
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416481&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_sav_savingsprospectrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32&promoSlot=1 HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 04 Aug 2023 10:30:18 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=KoYX49NBNBI8VF3vW2YoStvHTx3J8sFkPyDcWmebSqR6IpPgPRJxM7LRu+4Bg1B3; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24ba_VM-ARN-01XDr43_24912-10754
www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416484&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-242364-16%7Etcm%3A91-228643-32
163.171.134.56 43 B URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416484&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-242364-16%7Etcm%3A91-228643-32
IP 163.171.134.56:0
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416484&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-242364-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 04 Aug 2023 10:30:18 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=TqQLQmFkUZkkY7OJXTZm0Xd0eCmO2T3yak1rF8GmFDhhOPljfX8nJxjjz5E6+7Sc; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24ba_VM-ARN-01cnE31_27983-37458
www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416459&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
163.171.134.56 43 B URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416459&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
IP 163.171.134.56:0
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416459&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32 HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 04 Aug 2023 10:30:18 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=9StsPVweUO0%2fGenRdqoEb5IvQaRGBRS%2fm1e2318wvqqLSMwHwJld2ftXGrJAfHyJ; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24b9_VM-ARN-01cnE31_27980-22161
c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
23.36.79.9 45 kB URL c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
IP 23.36.79.9:0
ASN #20940 Akamai International B.V.
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?t=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=YwluvD55iYAMfbdrXZ%2fcEw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416487&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_tk1biltcardlaunchrspv_smlpromo&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-242364-16%7Etcm%3A91-228643-32&promoSlot=2
163.171.134.56 43 B URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416487&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_tk1biltcardlaunchrspv_smlpromo&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-242364-16%7Etcm%3A91-228643-32&promoSlot=2
IP 163.171.134.56:0
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416487&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_tk1biltcardlaunchrspv_smlpromo&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-242364-16%7Etcm%3A91-228643-32&promoSlot=2 HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 04 Aug 2023 10:30:18 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=oeWTSaMXc7+9uoSTVkeitAPo0fMuvlO1lmx7bj6UcthARbx9hzON89ZBDvcM3Jjg; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24ba_VM-ARN-01cnE31_27980-22165
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
23.36.79.26 16 kB URL static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
IP 23.36.79.26:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (599)
Hash aeccb854b0a76aa9f478e466c8011b29
625d31cbeb8978cf2419f58d14bba92a42dbb45c
7f0d10bc282c3d7b0eb4d7527303490f8d3b86a1c65e293c2d9f0793006441e6
GET /assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 Mar 2021 23:46:24 GMT
Vary: Accept-Encoding
ETag: W/"60401fd0-bbed"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15970
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=zGyTReUvWwuVVpEIULIcMw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416490&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32
163.171.134.56200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416490&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32
IP 163.171.134.56:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416490&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 04 Aug 2023 10:30:18 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=VoJG81GjqXwu%2fjS9zIJvaorgeuy2kOct+iVPuJ3Js%2fqCw2SQwqOtT4ghdekE6buL; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24ba_VM-ARN-01XDr43_24756-18455
c1.wfinterface.com/tracking/ga/ga.js
23.36.79.32 20 kB URL c1.wfinterface.com/tracking/ga/ga.js
IP 23.36.79.32:0
ASN #20940 Akamai International B.V.
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (49163)
Hash 8402e9ebdf9290c018b0617018227681
2d840fcd6c3008d9aca747ba0ce056b496db8e1b
0b2af045acafbdf14516bf55f310568036ace959946d16edb1acebcd58029d22
GET /tracking/ga/ga.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-c025"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 19477
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=22sN4YMFevuePuLyLXBN1g%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416494&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3
163.171.134.56200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416494&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3
IP 163.171.134.56:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416494&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3 HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 04 Aug 2023 10:30:18 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=pdksRfb8z1x1Ce9ALTfiYlmhSPdJxDQvnu9qU+tiNZB305x3i0c7CT7rcqZGfuXc; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24ba_VM-ARN-01cnE31_28198-18239
c1.wfinterface.com/tracking/ga/ga_conversion_async.js
23.36.79.32 14 kB URL c1.wfinterface.com/tracking/ga/ga_conversion_async.js
IP 23.36.79.32:0
ASN #20940 Akamai International B.V.
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (35846)
Hash 0a40602db7616a31c9da4548ee920190
878e01cb0c90cb247aabc137327655a6fcffcbd5
6c771bd1c269646a76015f2f6410a40c031e5adea88f665bfe9ae15a972ab6ab
GET /tracking/ga/ga_conversion_async.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-8c31"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 13593
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=jfj8lEL4Oob7ibua4J9VRQ%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--d649329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
163.171.134.56 175 B URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
IP 163.171.134.56:0
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 222cb740997b9572016e61aa46127ab8
8333d7b0ab287b8f209c22e6418599de2a10b6b2
995016111c9f14d0a1d010df3c505cb81c3f558dc9178c7c21b330dcbd956e01
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
POST /dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Content-Type: multipart/form-data; boundary=---------------------------20094031832844111177135306962
Content-Length: 169
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTYyYYgt2y%2FG8CmqtBqni%2FRkJq3d%2BgKb50YT%2BxWlpag%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C81449951351949728815155355947144261027%7CvVersion%7C5.2.0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: application/json
Content-Length: 175
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
x-envoy-decorator-operation: ingress DeviceCategoryPost4
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Cwmj2tWimOtTenPnBEnCcGsM3HUtChlZm8pLnOyVj0PpPMtw+7LZ7F463EnBv4MH; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
_abck=4A7A35349C72613BFABE57126D0CC02A~-1~YAAQVZbvUBoynLyJAQAAtHk/xQqhH8erROGxIID7M0pLllGKyeCM6TMcCaCnn7GJNA7nK/yOd5wXh21k3/Mw2R+hPiBsC7xjjTkt07cgVm0uZgV0oQhVUeFuvOZwE1oWED3ZzSL2ZleUmZl4slglHz5faVms76EnP8ap5sneLHUJjlhriqVShtb6YxlQiIb3Bsj43ghcMTHp/BNieZokQOFIKl47ctjq+kJGHsAbkACd3J5uXSauYKhG+0WloBVKYhOkUaHVtLAV1FDB3GV8YFgNJaazz5dpnKydOAR8ky+gXIVxfbSRYNZtOaRwFTm7ePFg2HDkqaGsJuq5G3HjWi0QjvNZvWgo7FZjObPwTDgAHR49gcaQp84JMFGopkcD~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:18 GMT; Max-Age=31536000; Secure
bm_sz=822FF6D4FE9724B15CE34432E6E824DF~YAAQVZbvUBsynLyJAQAAtHk/xRTSqNm2nJLLY2x+MV4RVCtReN/74k3dpBD1wWB8Wb1MTSNv5Y3L5Kk28BwqE2yan2DU/oXmV4661YOgE78E6qcqnbTj4+tethxJSvrC9eIva3H+5gcC23Cy7hKCwqgQb/yYMq1DzZlrhSCA6+LWd5IFHZ+Sex88WYKXUSZx1VvksTrp/N5zY/fVBEAawE5m9IYHnFN5tMXf9DOvSkqCspPPllabapkh2SJkPZyrCYY7ZuqbRrelxD8ywyLvxrLLJnMNbMOvVBfXNoN1XxIMJ9c2i74l~3289649~3163206; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:18 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01XDr43:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24ba_VM-ARN-01cnE31_27983-37461
www--wellsfargo--com--d649329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.134.56200 OK 974 B URL POST HTTP/1.1 www--wellsfargo--com--d649329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.134.56:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2440), with no line terminators
Hash 6513e6650c56d1d2121386d8a91132fb
16e09b2318b5439ef6dd383794833e372edfbcb9
0dd231a17ffddefdbfcde38f9f749b5be2fd7a2241177bfcb7c37353c141953b
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 265
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTYyYYgt2y%2FG8CmqtBqni%2FRkJq3d%2BgKb50YT%2BxWlpag%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C81449951351949728815155355947144261027%7CMCOPTOUT-1691238616s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 974
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com https://*.postrelease.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nuance.com; script-src 'nonce-fb825ac3-57cc-45fe-8f9d-0ffaee717ddd' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:100; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:c0851d48-1ad7-43c5-bdbe-b04a5315fbf2; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:c0851d48-1ad7-43c5-bdbe-b04a5315fbf2|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:60; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=8D39265615B633A89C091CC48F08B390; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sun, 04 Aug 2024 10:30:18 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202308050330181695912665; domain=.wellsfargo.com; path=/; expires=2 Aug 2033 10:30:18 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!MmgJ+yiKtfgB4akMntjHYqEj2JIOPKv0SkBvzBTEvR5zg2S3vu+c5SBKjhDoPtNpqnOi3pX+Be1Ss7g=; path=/; Httponly; Secure
DCID=wRXY4bDlHETrzH2INBNZeTu0FU0H%2fLUHn3hzX+G5jLH%2ffb%2fIpJJzsOKDEj%2f25BE+; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
_abck=C06913FC2B506047701B861D11F15971~-1~YAAQTpbvUKqi3LuJAQAA5Hk/xQod7aelJV9xwDiGDawgK/41rMf36uPeIgLOtnBqxb2jwmSw3QiXCa+0rSiOrBISqvQXKunifNSGA5c2iO2VU+HCLcLkCpacb5GvEKNIaOVW6pd/0WzLS6T4/mMlj2GswwiooyUoiU0R7Ptu+oBT4mN8DAMMod9t+SQkWrOZZ05AWTm3Fehgq8PoBswrlgUqy0tqmAYHcVLGaYb/0KDen2xPRE/uCEDDJwukiwloDVXueSB9pI+rLn6kJBAzSaNYptpNo2xihcxcCIyYifhPaJDjTnSfyIocvGJbCe9x/nPrpMdAmafURvmlXfgkotV9r6nXNoJAN1HP5JSkorxPRvPwHmJ5eDeFUZkUV7fP~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:18 GMT; Max-Age=31536000; Secure
bm_sz=7CB387A3B69EEA6599F72FDC9626EF7F~YAAQTpbvUKui3LuJAQAA5Hk/xRTKO26SuyMcNMlphC8F/DlHpCA9vFgoy3qxfJfjZDh9yenZIuDiw10pjCxppeXZcbiAt7t6h0UIKOzIdMIPI2YGPboap+p1sImGVdZ+0xPaVQlbPhJ35iICi4ZNKx0wDvtiHFb+h2DAWuqDIiCDbZFhWUa9itjjFBJFnK5tEqDP5XVpzhyqzIzD6aFQIa7sn6N1FrnWnO6XoKPvTuTwHRt1/4LnC7mG3lhPaO9F0VX20LBF3mwqLsc3Ckolwu7JCDM+6srd/sOsG/xa3KUuZr5lh/ub~3289649~3163206; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:18 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01cnE31:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24ba_VM-ARN-01cnE31_27980-22168
www--wellsfargo--com--d649329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.134.56200 OK 966 B URL POST HTTP/1.1 www--wellsfargo--com--d649329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.134.56:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2438), with no line terminators
Hash 3cc5da33d7c89002d0bbc5c47d9efe8c
bc5a610481fceba2451345d4f2dbff9b7f0ac27c
043a8cb72f2d1a32919e19d4363b0789381f7114696cb8e6735bd7a4714e3edf
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 265
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTYyYYgt2y%2FG8CmqtBqni%2FRkJq3d%2BgKb50YT%2BxWlpag%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C81449951351949728815155355947144261027%7CMCOPTOUT-1691238616s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 966
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com https://*.postrelease.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nuance.com; script-src 'nonce-66cba0be-a6c7-40be-97f4-913c06700436' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:100; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:20fc340f-42bc-42ea-b3ce-76e69a64aecf; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:20fc340f-42bc-42ea-b3ce-76e69a64aecf|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:54; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=2D99377F52908A857A2A607302D88446; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sun, 04 Aug 2024 10:30:18 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120230805033018889417941; domain=.wellsfargo.com; path=/; expires=2 Aug 2033 10:30:18 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!D0rKh9ez+qS7dNoMntjHYqEj2JIOPE2lXtsR3EQzf7sgKE6aNGolffWvBTf4UvRWlicIo6pj1LhS184=; path=/; Httponly; Secure
DCID=Lk9RS3Z%2f9bEmA0tP04DSmHjLae4xZ%2f8gJtyJE%2fB4scu+2js3RNCEaorLMJ63kObm; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
_abck=46C29B47D24864A133301208A0291D66~-1~YAAQVZbvUCMynLyJAQAA83k/xQq2mxTEfLPMIJYgwcrG1cZF6mP2KbnezJj8CWuJ/0DA7amdjn0at5k9Fl6sMCcivrtTCpuYWONIi7Dt9WwMWPdwZPgHUqO975rlnLO0nYwqoxU9GJrt7BXwqr1DBog/GSw8plw3UGi8Kulsx56AU5VokuPlSNNmwUNEHdW5zZvjd4OiIb+dwIby0Yv2Rz1Hnqf6+KkMS/2oa1YhVY/LMURfmRKZKZ+KMX85jOTfgF38XYWIFURCGaktf/OG6XhM+KF5OIwpqkNfHSeVfFblR+1kpEHFCHUWJHphyxWuUR+gy1y2qk25BUdWZQItlz7wThYKomayaYkk5jucJ6JEIjXQ6Fw7HKDIX9hGcCG4~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:18 GMT; Max-Age=31536000; Secure
bm_sz=DAF84FD8E3BFC305AADF380D59464DAB~YAAQVZbvUCQynLyJAQAA83k/xRTx9ZzZeVUDs9zcWvnXcX4NH5GYfeMaom9Y2obwk6Pb6Og2ayV6QkeEvgMWmQpFbV4VyZN1ZEQYIJYkdnSkGvAnDrxhTZYPS+B70f51sUrVcZqcINh2uDgESjMouyc960KM/+tWHZs+xw5zk2fKacSak5rvqbqDo7dKlYlSjw228wYtQJR9VdOkw44+bQBMrChdIN7mmBeQgqLKQCAvmS/f2zcmB/gtw00i+BZT65h3HlNzOUNMl+G7uuH8l7sNnag5icWNUY4DBngru38fPuXm2jgA~3289649~3163206; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:18 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01cnE31:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24ba_VM-ARN-01cnE31_27980-22169
www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416496&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
163.171.134.56 43 B URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416496&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
IP 163.171.134.56:0
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--d649329d48d6c.wsipv6.com%2F&cb=1691231416496&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32 HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Fri, 04 Aug 2023 10:30:18 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=UlEcqlFVC%2fIDw%2f9nO6Ap6Kl4ffrATZW1PIgHhiq4CjHf8drJXArrtdgrL6VWWjaY; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24ba_VM-ARN-01XDr43_24912-10759
c1.wfinterface.com/tracking/ga/ec.js
23.36.79.32 1.3 kB URL c1.wfinterface.com/tracking/ga/ec.js
IP 23.36.79.32:0
ASN #20940 Akamai International B.V.
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (2771)
Hash 0ae62a83927125e9b9dfa97f89af9d3f
efb68f49f2b9b6b5567bf26a17015ede289e429d
618688d9849fef712931832c71e01be145d1791d6da917a702ab86a74ce66089
GET /tracking/ga/ec.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-aed"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1313
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=yTWFbcRxgeOXxJLH476fNg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5%3A0&_cls_v=53ffcf32-88c7-487e-858d-b712f3828a78&pv=2&f_cls_s=true
23.36.79.18200 OK 1.0 kB URL GET HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5%3A0&_cls_v=53ffcf32-88c7-487e-858d-b712f3828a78&pv=2&f_cls_s=true
IP 23.36.79.18:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (4264), with no line terminators
Hash 0a3de1fc6e459863851ae3073c903407
ae7dd2ee0b1fedb980d9504bce8df3f266193b0e
bc80bb07b77b4f492f5d02984c16bbc07d7ea019ea49ccc0000ec1ede25419cd
GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5%3A0&_cls_v=53ffcf32-88c7-487e-858d-b712f3828a78&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1042
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sat, 05 Aug 2023 10:30:18 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=c31911bd; Secure; SameSite=None;HttpOnly;Secure
_cls_v=53ffcf32-88c7-487e-858d-b712f3828a78; Secure; SameSite=None;HttpOnly;Secure
_cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!Ko5x65vgkP/SzUnpnNE5eVRfS7HzYxotOTF6pxGEqJ2bTcCDTsZ9GCtvCAE1D6pmoNA445Z2KiJ8zA==; path=/; Httponly; Secure
DCID=8R7KRBTpUWYMYlCcUxXUXnwvypGCyjxPLBj+7eIrFXaehYdDHxpVOjRySAy9GU+s; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--d649329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.134.56200 OK 970 B URL POST HTTP/1.1 www--wellsfargo--com--d649329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.134.56:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2438), with no line terminators
Hash 988db0af8d9a8aafbd8bd703c2a5a4ba
c9ad5a892ed054b084ea07fb69f578a0aeadb3f8
dbfef2a537f87900256a1e776a49ce0cf5d88fbe6acf3a0b8cc0878fc9bca38e
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 265
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTYyYYgt2y%2FG8CmqtBqni%2FRkJq3d%2BgKb50YT%2BxWlpag%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C81449951351949728815155355947144261027%7CMCOPTOUT-1691238616s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:19 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 970
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com https://*.postrelease.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nuance.com; script-src 'nonce-4a083659-75be-4d1a-b8b6-1d552052825a' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:100; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:a90b1c45-9641-409e-a6de-472167e87ea0; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:a90b1c45-9641-409e-a6de-472167e87ea0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:69; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=EFAE568E3CDAE6B65F5ECFDBC1A1A404; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sun, 04 Aug 2024 10:30:18 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120230805033018531659355; domain=.wellsfargo.com; path=/; expires=2 Aug 2033 10:30:18 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!tb8Kt/jKN5twx28MntjHYqEj2JIOPKmjdW69oWqwKV7BarVo5dqMRfFUN96s4UzqbAiWBNewxL2AqzE=; path=/; Httponly; Secure
DCID=Q4dYdrDbZ%2fAqP1emH%2fVUHD0o6ba+OosCL5hqiG+8tEkVBqyQ5vnD+MGyv4Ux29fc; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
_abck=C709143BF69B36BEEF1D024A9CB5A027~-1~YAAQVZbvUCsynLyJAQAAhHo/xQqUXLpOvxrnqDr9aYIl9gjF4hVzp8GTwwhzEQIOqUWfqcUioQ84qp0JajSMUz4m/5jBOz2+4fHVHVF2G50MUxrxBkZUQZO/hQ1A+lFadSJxWktqKnCTify68PJqXRhk//Ws28iDWf4OEWT0kbsUkxvJD050HpXiktE+EqBXTKnxDoeasWx+NkhCSziAr7WPpfLCUQe4V9SxaU9fO0ug+A2Ilq/u60ncho8HFuW02K/fVTIl/IFX6Rphg18o4m8gBlC1Kr6A99ABZhQdPDAnKK9EMIRIPk9u/TQJeFSOX7ZXMEKlWwrEdjG2oXf+wbtAnDXNxCugCHNtWTeJ59TKERS/hXhmDYIvC4R0EJ4u~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:19 GMT; Max-Age=31536000; Secure
bm_sz=2845B805366B4D98DC7394B03735B098~YAAQVZbvUCwynLyJAQAAhHo/xRTpxPl+cGvOw50GicLoRO9UvrAdUOAoQqb+PrJuxWry6iRJVL0umaEUa++VCzkq2/F8pk6KKgvRCtwoW2c8TntZiOBdEx276/elXrKHbVBBZx6tmjMJjedihIzV8Q2M4ECZg/IUt63mOPJgr6+yHt0U4DaDJ1yYcQceg3y+WneWhGF1cvFYKcrl/74BdG1cDt9m7xAywTx5Npinfbxo8+l+WLkeqbjWdkZzBAwLv6L/iS+91Ln4KjO+tM1acdRcD30e+OKvx9EokwMYS1CSTPewBwha~3289649~3163206; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:18 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01cnE31:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24ba_VM-ARN-01XDr43_24756-18459
www--wellsfargo--com--d649329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.134.56200 OK 969 B URL POST HTTP/1.1 www--wellsfargo--com--d649329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.134.56:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2437), with no line terminators
Hash 665fe9448492418abcd46d180117d46c
1ea365cfb1ad6b42ea7656a32d66e2d5bf7bf9cc
67d5ac116e8ccc63c130a790b70395457332c551bac00472d09962db92f08e52
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 262
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:100; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:1$_ss:1$_st:1691233216280$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTYyYYgt2y%2FG8CmqtBqni%2FRkJq3d%2BgKb50YT%2BxWlpag%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C81449951351949728815155355947144261027%7CMCOPTOUT-1691238616s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:19 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 969
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com https://*.postrelease.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nuance.com; script-src 'nonce-76a45a02-e4f2-4440-bde1-4590de643804' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:31b2664b-d777-4c2b-bfde-2f36bfe1d9f0|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:100; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:6af3f1bf-f2ba-4fd1-b88f-8e0b2f9c7419; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:6af3f1bf-f2ba-4fd1-b88f-8e0b2f9c7419|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:64; Expires=Sat, 05 Aug 2023 10:30:48 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=8519DD13590A6509BFFC8A649180BDD8; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sun, 04 Aug 2024 10:30:18 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202308050330181487568248; domain=.wellsfargo.com; path=/; expires=2 Aug 2033 10:30:18 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!uXrNF+FWaiBXN5sMntjHYqEj2JIOPHw4E7R4zCQRpCwbvjHmXhrf1YA0jsXmwf7GIz2jgZwIUbi4hm0=; path=/; Httponly; Secure
DCID=Ov0YVn+ixaPFJfYA76fzozAmruD%2f6TxHVFnHYs1aFKoPspY2C3WTvG8Dan3%2fZUJa; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
_abck=833327FCBD3A41C0BC412197380B99BB~-1~YAAQTpbvULCi3LuJAQAApHo/xQrumBj4Bjiwpz33+Gix3HFmyFi/32lE4iAELX4XSWNo3omOUuPWgD3oxqf8m62x7NL665/zzHMRNVoXZPNff/AtVXYu7LYC3hXyjujLYPgO5wJkRaNsq8USzGW6Vz5+esStR1S6Pf4rwPMZzHTzKRVLbX5CEi7t+m37ANPw2pU/+h11oqdUIgLyaFPVwUjjg+S7oEF6SmbVOEtNTifvKAMHrWYCKVxs5VrjdafxDLbsdlctBXhkdUg95FzsD4g4oW9TAz/GAxqGdKGFvgT0jWK0tzlJ6n8qMdg/pb6fdEhPxBYqn3RbhtTcatKvvjQ+1oEOoehLUclV3smWsEa4p3gltRGttlh2cvZ14C8o~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:19 GMT; Max-Age=31536000; Secure
bm_sz=2E6A352FBFB16CA96DC4AB45C198DB08~YAAQTpbvULGi3LuJAQAApHo/xRSttxa/1pGveon/qWYylcZBgW5EjAQllxjtnpKHktQv7ApAabUUvLTxcs2M3nd8LyReqh/+3QPWzofv0mQzwdGjiaw7v8L2wOYswa4X0uDxsu4sL5iAFmj9N8+Ne+W+zy0J9n+e22OcTT5ZjhOcsc/hMlaeiR4gNxEPbc/XLUnUorDjLw0CwMl48ab3jDa+GIHnGUaqhGEm5bloN/XAVaHURjGaemtg7hnpSkwz+eM+3DomMCJX/LsP6KrPkpHXpmdkk3Vny6VydqPz/eiixqZb+J99~3289649~3163206; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:18 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01cnE31:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24ba_VM-ARN-01cnE31_28198-18241
connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
23.36.79.24 152 kB URL connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
IP 23.36.79.24:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Size 152 kB (151908 bytes)
Hash 10e4c9b8cb6d1b9b01139293788df5e9
40b0f9473b0f0ba1eaf4eacbdf0433efbda73aea
f3dd8735950dd65aa073b7fadd451a227c3856425042c3f5fdb4a09b0980544c
GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Allow: GET, POST, OPTIONS
Access-Control-Allow-Methods: POST
X-Frame-Options: SAMEORIGIN
ETag: W/"649daaaa-f4e"
Last-Modified: Thu, 29 Jun 2023 16:00:42 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Sat, 05 Aug 2023 10:30:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
WesdAksn=A8t3P8WJAQAANkdH0rJj9GaiMxsN3YALSZtruzBbqu3K-M9sj49oqyJiUh7aAVtaKpqcuNk0wH8AADQwAAAAAA|1|0|80564de810e1904998a21408164bd0804ce6acab; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=JimrVCEF8XpgDCXYckt06VsPP44HBY%2fgx9SwCjQAD3KhpN7C3hqe8FsUxeVJJjvb; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:18 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ort.wellsfargo.com/securereporting/reporting/v1/csp
23.36.79.25 0 B URL ort.wellsfargo.com/securereporting/reporting/v1/csp
IP 23.36.79.25:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /securereporting/reporting/v1/csp HTTP/1.1
Host: ort.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 3083
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Length: 0
X-Vcap-Request-Id: 694fbe9b-6496-4a62-4963-ec0e240b37f4
X-Xss-Protection: 1; mode=block
Date: Sat, 05 Aug 2023 10:30:19 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:0|g:a127d1c6-3741-440f-9871-21bed70bb80f; Max-Age=30; Expires=Sat, 05 Aug 2023 10:30:49 GMT; Path=/; Secure
ADRUM_BTa=R:0|g:a127d1c6-3741-440f-9871-21bed70bb80f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Max-Age=30; Expires=Sat, 05 Aug 2023 10:30:49 GMT; Path=/; Secure
SameSite=None; Max-Age=30; Expires=Sat, 05 Aug 2023 10:30:49 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766; Max-Age=30; Expires=Sat, 05 Aug 2023 10:30:49 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:2; Max-Age=30; Expires=Sat, 05 Aug 2023 10:30:49 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:2|d:2; Max-Age=30; Expires=Sat, 05 Aug 2023 10:30:49 GMT; Path=/; Secure
DCID=VsZKcZ1H8wJ6mSiITv5%2fiBHDJ6Rwhha%2f2IjM2NF5wbuVsS9bcKyZvGuEUA2R5BzE; Domain=ort.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:19 GMT;Httponly; Secure
_abck=4B7D694E3955D6CEDBCFCFBA645B4A05~-1~YAAQFU8kF3KkJrWJAQAAOns/xQpHaycmlS0eEeqGZAuXfC+7hW5u67tV3xVWfEpwR4bVY628cyQy5+XggALBHgCQjRQe0RIhTB8GHlQb97BaNz3lVqQQsbnr95iLuX0qNN4ohmtVV2/sKd5nZv03TjWtB4eWkq1Buf3HiBdkpANaNCtKBtkFJx2UBi2W5bfJw6VTnmx7s7Q12vk8wwPKrz6awkRwuJ3dl9mpvHFN2mBUcFFbagIDnyk1bzwNmBQLYrTqAsT4IInfHTz8+IaLlrMDphOd2VmeZERgDsKDSmaFc7XhzCU3KORwwuZFi2/FcdUXs6L/tKJpNQOznj7aBfty5tW8p+2NF9QfO/vShXKUx/q7ME4WzuNKTMdvk1q/~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:19 GMT; Max-Age=31536000; Secure
bm_sz=2607DBF58FE19702A70E20BF8C0DAFFC~YAAQFU8kF3OkJrWJAQAAOns/xRSU9eYQyt3XX39jMjRxydDR1NYOQjOX0XGMoBGHl9kVNvPbuure4ozw0obyGoZ+u0LSF8gBZCIAPxj8E8ElYkyAcGvCnn8HeF6Is90NdM6xNh8XZuBiO5jWym+KAFrD54p8G0UHsV9L4vlbl6BCeVqIMVC5cgb/KQMYUC7yDvIWo53v49iv/izeHiAOJa4eJ2+elWWgEBOdtBMw6+1MfnzY+FhkDlhU79Gf69+sMAsVmVreS/lsSYED2Z5/jWKli0cQc4PBh/gjtzn0aIPGrRIzF/jv~4605505~3420739; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:19 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
23.36.79.24 607 B URL connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
IP 23.36.79.24:0
ASN #20940 Akamai International B.V.
File type ASCII text, with CRLF line terminators
Hash 566dda94252f1860a7a28665c715b530
6aa0455dc8ea41441b1f3a733985758dc40af736
43dd833f33570535401d009e6b6f9cde54bdac4e210fc6c89cfdcfcbaa9fc903
GET /auth/static/prefs/atadun.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 29 Jun 2023 15:53:03 GMT
Vary: Accept-Encoding
ETag: W/"649da8df-4a0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Content-Encoding: gzip
Content-Length: 607
Date: Sat, 05 Aug 2023 10:30:19 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=JH6YivQHCVdJzSwa6JH35+S+0hSMVTWx+krjKAjHS6A%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:19 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/jenny/nd
23.36.79.24 18 kB URL connect.secure.wellsfargo.com/jenny/nd
IP 23.36.79.24:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2293)
Hash fabd69acad9198d99b681a1c76b97a61
95d0306f68de42da077d330d8bea8ce0a347d52c
b7218dd742456f2a2a46ef91b8d193f2c8f53bce46deafefbf7fc46df1007089
GET /jenny/nd HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/javascript;charset=ISO-8859-1
Content-Length: 18049
Date: Sat, 05 Aug 2023 10:30:20 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:55|g:96ae62ed-87dc-48cc-ac56-89a89c374432; Expires=Sat, 05 Aug 2023 10:30:50 GMT; Path=/; Secure
ADRUM_BTa=R:55|g:96ae62ed-87dc-48cc-ac56-89a89c374432|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sat, 05 Aug 2023 10:30:50 GMT; Path=/; Secure
SameSite=None; Expires=Sat, 05 Aug 2023 10:30:50 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812; Expires=Sat, 05 Aug 2023 10:30:50 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812|e:2; Expires=Sat, 05 Aug 2023 10:30:50 GMT; Path=/; Secure
ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=Q9wXRYwdDZ4cyUmL3XPhnOIaWWO2Qa11%2fWD5%2fY9vScQyqCkag+Za0oKOaIoufD%2f2; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:20 GMT;Httponly; Secure
_abck=2EE1053C1B99A274E38F3D11B1806B74~-1~YAAQFE8kF8MQC7uJAQAAIH8/xQr3QFDlZoqR4ecuLmh7LAiw0ovduX3VWkEzjZjhUkkVWF5xD+UWa2JIIfgAMMFbBNyNUZIw2+ufBl70Lev3e4iIKcwDY+P1DUGAT3LULg3Gh/fjlFoItCtdyIx17mlFoQLexSb5/xvdvht3uCxhIbckjPml2prq6k3eGnO61cOVk8+7IH8NsP8vKl276sXNJaymVAcPkvFoiYumzwHBt+62EWMF6w1glT4fKrfjprdQSxQVBx7yrqNf1hDJv8Qd8SGtpgqbsdmVICe4g2nRsEqiY4xl/9FzFSWzz9T32ysQuf6NxFRDdpuwtOKbGwfa/ewclNa5pFoO8lL/eu4ABn4w6/I9ISqjFWdNY0Qy~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:20 GMT; Max-Age=31536000; Secure
bm_sz=1698C9BEA7E6E942EEB582C2C83545B4~YAAQFE8kF8QQC7uJAQAAIH8/xRSN1IddBp/Zp4Ov22ojx4aloz6LiUdxtDwzVRri2HC4JEigx1N7iPFhCyaBVuIQFuDFfnIYJMYLQ9Y6WFu06/NQZRZOnKDtDLXOiv0RfWsKtAxnW1X5vsn54uQljoI/If/dtra9aWA0bNkvuJj8aoDtp89gP9RO6uBzJadFhh7snOcH602384ndoccyq+FcihS+UJAJAWY4lnjpILZu6PZDbctY1zT6CsMWUlDuHpFtwQDofKAKjmtF1YhA0+ri/SuzyGpA0XYHYceAQhEaUTJ3T7uS~3487541~4407619; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:19 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--d649329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
163.171.134.56 134 B URL www--wellsfargo--com--d649329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
IP 163.171.134.56:0
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 792ff569cfae41886213c9ff5823884e
fc7a73a874df458e0bf6691d4f150d6222732b50
2fe42ed1f9b4779c04096d908c652fe0c5bbac5cef67f1ec3560e210e09d9d55
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
POST /dti_apg/api/dip/v1/dip HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
ADRUM: isAjax:true
Content-Length: 2048
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:2$_ss:0$_st:1691233216787$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTYyYYgt2y%2FG8CmqtBqni%2FRkJq3d%2BgKb50YT%2BxWlpag%3D%22%2C%22_s%22%3A%22RhtYaJZE%22%2C%22c%22%3A%22OUt1QTdxVmNuU2ltTEVsQw%3D%3DX6Nv1Qc1fWgGizUeeeMwf8gPqVRSsYpZkoZnWgrvHY7hger_3y05DfRsFbsQoKtyoIGZ82ZZwvJCVzUTAap-MAjDdmzh-NkSZH8%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C81449951351949728815155355947144261027%7CMCOPTOUT-1691238616s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ISD_WCM_COOKIE=!uXrNF+FWaiBXN5sMntjHYqEj2JIOPHw4E7R4zCQRpCwbvjHmXhrf1YA0jsXmwf7GIz2jgZwIUbi4hm0=; _cls_v=53ffcf32-88c7-487e-858d-b712f3828a78; _cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0; _gcl_au=1.1.153719203.1691231417; _ga=GA1.2.943158742.1691231418; _gid=GA1.2.636550239.1691231418; _gat_gtag_UA_107148943_1=1; ADRUM_BTa=R:27|g:6af3f1bf-f2ba-4fd1-b88f-8e0b2f9c7419|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:64
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:20 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 134
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
X-Akamai-Transformed: 9 206 0 pmb=mTOE,1
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=9nxaYPoXfyJmd+qUKsOPs1J6XysxQ+Tzo8syhZe57hs%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:20 GMT;Httponly; Secure
_abck=7135D806F49C559C54D553D2992C11AA~-1~YAAQTpbvUMGi3LuJAQAASH8/xQoWBfcfZsDBoiG6OzDOHIJg717QyDaCpQZSDpNR4AMVnsVgWIEXtufgkguZY9DxdtX3m3Uvl5pir+6MevkvDoQAeAiLp8OL+dkMLBqylBp/3diPk04oMHCUVz4bSi3l/SZIRD7W8huKlOirfFZrsuxwoD2I4OSo+cmqBd4EvsnE8qk+Ey0Sf4uwrA+nhJ5jK3XaEjjixneI7eAeHY70LmkITA8zrnc8joPvGJEQw+WZ+SsFsZGYIIIQ5PpUuQQ+OF2v99HgHL17OT4oUpBH4ttYn3WbvnfbZGRmJ4Y+qdiZbdZyTt4wjw0t/0qh1GHS5UrcAl4MHRDXXsboDHOvkcossMUYCZezfqlfEJue~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:20 GMT; Max-Age=31536000; Secure
bm_sz=69B696CF896CAD96207729BBDDCCB1F9~YAAQTpbvUMKi3LuJAQAASH8/xRTlcqkvMJyciM7ku6oHnQR9Ti73tFHUUnzbNWehI94jTs/UhcTXWoSM1oHxJQgNPtqIUAIzVfOAo9S5D3eq/nldhs2zng0OdG8+HhEvVo8QuuotBmlP5nPHa7q3dxpcnQjSeBacxCVq6dUULxozp86xsM8ck7jdhysmO2K5xw/Z/d0yjNRmsNZ94iT8j9PGC5u9UkuQ9nco3KduqXYwz9yZg2MwQ2VoCYeZrH7awIvDDyhQoTg00D/MKGOX2UmOFVhHd4njnujBBBexD6yI0jSYqF6m~4405552~3487800; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:19 GMT; Max-Age=14399
X-Via: 1.1 VM-ARN-01XDr43:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24bb_VM-ARN-01cnE31_27983-37481
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
44.241.221.162 265 B URL pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP 44.241.221.162:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 2abdb73627a12ed54ad7a19198f2430b
06cdf01a4d8dfde075e986138e5fc0c725189f48
bfcc421a9df20e6146865e9d65546d0c1a137639192c021a502ca81cf0b29dc9
POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 11573
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 05 Aug 2023 10:30:20 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:55|g:758c0660-b3ca-4b77-8abb-1e10b2bf8a1d; Path=/; Expires=Sat, 05-Aug-2023 10:30:50 GMT; Max-Age=30
ADRUM_BTa=R:55|g:758c0660-b3ca-4b77-8abb-1e10b2bf8a1d|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e; Path=/; Expires=Sat, 05-Aug-2023 10:30:50 GMT; Max-Age=30
SameSite=None; Path=/; Expires=Sat, 05-Aug-2023 10:30:50 GMT; Max-Age=30; Secure
ADRUM_BT1=R:55|i:559461; Path=/; Expires=Sat, 05-Aug-2023 10:30:50 GMT; Max-Age=30
ADRUM_BT1=R:55|i:559461|e:1; Path=/; Expires=Sat, 05-Aug-2023 10:30:50 GMT; Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
strict-transport-security: max-age=31536010; includeSubDomains
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
www--wellsfargo--com--d649329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?x
163.171.134.56200 OK 0 B URL POST HTTP/1.1 www--wellsfargo--com--d649329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?x
IP 163.171.134.56:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint86:17:0A:A6:F6:21:B9:DF:71:17:35:00:88:C8:2A:44:FF:96:E3:3D
ValidityWed, 12 Jul 2023 00:00:00 GMT - Tue, 30 Jul 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish phishing Wells Fargo & Company
POST /dti_apg/api/imp/v1.0/report/?x HTTP/1.1
Host: www--wellsfargo--com--d649329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
content-type: text/plain;charset=UTF-8
Content-Length: 296
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!htsOJeqgblHz4qqs0q/LsATxthJGHuQ/pIJXrJhsytdSwOfUCEXJgIgEx8sP6z5GQ8n1Okw6oDeCDw==; utag_main=v_id:0189c53f6fd800167dd60f2d7adc05046003700900918$_sn:1$_se:2$_ss:0$_st:1691233216787$ses_id:1691231416280%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DTYyYYgt2y%2FG8CmqtBqni%2FRkJq3d%2BgKb50YT%2BxWlpag%3D%22%2C%22_s%22%3A%22RhtYaJZE7CrPUQPX5gQRmX7%2B%22%2C%22c%22%3A%22OUt1QTdxVmNuU2ltTEVsQw%3D%3DX6Nv1Qc1fWgGizUeeeMwf8gPqVRSsYpZkoZnWgrvHY7hger_3y05DfRsFbsQoKtyoIGZ82ZZwvJCVzUTAap-MAjDdmzh-NkSZH8%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AbwkzmQAAAAAqXBWD5n0EfFH0BY7rZYQ%22%2C%22diB%22%3A%22AcqJRvpzfD724TiLeTUSJCk5Kh9nDZLN%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22alWL3wBgy-7gOMmdC8pZ1A%3D%3D5z_DAf2DzcmqZwDA35eZKEDK4nICWUAzdsXGNGEVOpdGOgxNHkx9aa30HncXqAACQRfvSUPHFVIKfaAgamFJo3sT_YgcXUQS5r3rKNLk9eQt8-g6O2nZGc36A4YGr-baNzF8niOPnp8iQmiYvmdIGMC_1d3MoMIXzs5_e1TpdZDndcLjDtCc7jqC%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VfB%2FeZ7hmi1nUL8E4%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C81449951351949728815155355947144261027%7CMCOPTOUT-1691238616s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; ISD_WCM_COOKIE=!uXrNF+FWaiBXN5sMntjHYqEj2JIOPHw4E7R4zCQRpCwbvjHmXhrf1YA0jsXmwf7GIz2jgZwIUbi4hm0=; _cls_v=53ffcf32-88c7-487e-858d-b712f3828a78; _cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0; _gcl_au=1.1.153719203.1691231417; _ga=GA1.2.943158742.1691231418; _gid=GA1.2.636550239.1691231418; _gat_gtag_UA_107148943_1=1; ADRUM_BTa=R:27|g:6af3f1bf-f2ba-4fd1-b88f-8e0b2f9c7419|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:64; ndsid=ndsa08grcaem2zvrlkxviqlj; _imp_di_pc_=AbwkzmQAAAAAqXBWD5n0EfFH0BY7rZYQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Aug 2023 10:30:27 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=AvjWu4qW61OlleUPzNNUAmPWK6E7gq8QVzJTaVhqBsGsa7IKVuJnPD9ARL+YD6fq; Domain=www.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:27 GMT;Httponly; Secure
_abck=FB6571CD78DA4F20473D744991286E7A~-1~YAAQTpbvUAej3LuJAQAAcJ0/xQruMIJrXvqJpa1nJFJm6Gaw/S7pGaGcD9f0rG0HwZwBuWscm29iNBABNsZexsx4T97OxVXYxi8v7NGNKLk8YkZRbE1czbktJGSfrsvKM7ndT6lTQuNRuOaOjUV2Aw0+HLvPlBStRlF678mjdxaxZBQVlXq8QmzgZs1gEGS/+objtjRrdIsBFQEiuIRkOQG4fexU0Yc/fzs1SkISXAOKP9eS1vqLDHzt8HOeLrV1FCo1mUtyGPADMwlKwc98r94SaNaBlKWj8O22hl+6C3RZPxswAdmUX1YQGYTH6hM5BeUd3pyw3gj0GXLUoHkcy1hGGhvjGyQUG0nL74NQk6AyCxkDdBsmk/CUPnXYCEtl~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sun, 04 Aug 2024 10:30:27 GMT; Max-Age=31536000; Secure
bm_sz=C306C9E528A488D7D0E3B4B8277770DD~YAAQTpbvUAij3LuJAQAAcJ0/xRSKAAMenL2+MnLEEhzILjnikleI6NUia/uJSrtIJhdbfaYYTxpGApzaQO9Qaf8YMv0QY9Uea/F9tR/Mq6V3eM0EAsSo6jdqKJqCfzIL3w1KChoUSux+IOx3blro3FwDb7KLa9zUo68kVe6vKXmf9qNuC4C6vcg7YK/lC9CRgbcEW1ubdeRt7fkldmjSigeEt7L9hguNuMmglDaI/4SNXiEq4WacrGafgwZgPJn9vETaa5uLb2ypdkb9N3KhtXNrJ8W7wxp9pstzY8dcUhR0prJoI945~3556151~4534596; Domain=.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 14:30:27 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01cnE31:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 64ce24c3_VM-ARN-01cnE31_27983-37582
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0&_cls_v=53ffcf32-88c7-487e-858d-b712f3828a78&pid=a05a020f-95de-4880-a9a5-01f0b6a72321&sn=1&cfg&pv=2&aid=
23.36.79.18 1.0 kB URL rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0&_cls_v=53ffcf32-88c7-487e-858d-b712f3828a78&pid=a05a020f-95de-4880-a9a5-01f0b6a72321&sn=1&cfg&pv=2&aid=
IP 23.36.79.18:0
ASN #20940 Akamai International B.V.
Certificate IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (4264), with no line terminators
Hash 0a3de1fc6e459863851ae3073c903407
ae7dd2ee0b1fedb980d9504bce8df3f266193b0e
bc80bb07b77b4f492f5d02984c16bbc07d7ea019ea49ccc0000ec1ede25419cd
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0&_cls_v=53ffcf32-88c7-487e-858d-b712f3828a78&pid=a05a020f-95de-4880-a9a5-01f0b6a72321&sn=1&cfg&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 2802
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=c31911bd; _cls_v=53ffcf32-88c7-487e-858d-b712f3828a78; _cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1042
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sat, 05 Aug 2023 10:30:29 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=c31911bd; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!sw/0m492wwLkMLnpnNE5eVRfS7HzY3kHVQSyRSa//QwfhcdFk2znRgZ6a0KH7AgX9uv/Fh/Se1IJYA==; path=/; Httponly; Secure
DCID=%2fBTQ+QH+QCQrV7HCSsUpuuOBndL3F197O7LXLWcCa7abUKWa4ksc1AV5TyuSTE0y; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0&_cls_v=53ffcf32-88c7-487e-858d-b712f3828a78&pid=a05a020f-95de-4880-a9a5-01f0b6a72321&sn=2&cfg&pv=2&aid=
23.36.79.9 1.0 kB URL rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0&_cls_v=53ffcf32-88c7-487e-858d-b712f3828a78&pid=a05a020f-95de-4880-a9a5-01f0b6a72321&sn=2&cfg&pv=2&aid=
IP 23.36.79.9:0
ASN #20940 Akamai International B.V.
Certificate IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (4264), with no line terminators
Hash 0a3de1fc6e459863851ae3073c903407
ae7dd2ee0b1fedb980d9504bce8df3f266193b0e
bc80bb07b77b4f492f5d02984c16bbc07d7ea019ea49ccc0000ec1ede25419cd
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0&_cls_v=53ffcf32-88c7-487e-858d-b712f3828a78&pid=a05a020f-95de-4880-a9a5-01f0b6a72321&sn=2&cfg&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 34417
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=c31911bd; _cls_v=53ffcf32-88c7-487e-858d-b712f3828a78; _cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1042
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sat, 05 Aug 2023 10:30:29 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=c31911bd; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!OHZ3/7+8vCDWLyR54TfMmyz5FQ342d7fLqwlg6AShVjFgarziAK5sBNG/cPtgip9ZBFsbn2bb3Z2Iow=; path=/; Httponly; Secure
DCID=6xOFEgLx9qf8EZKmI1E4FM7UzX7mCrkpUtmu0gL5qLs%3d; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0&_cls_v=53ffcf32-88c7-487e-858d-b712f3828a78&pid=a05a020f-95de-4880-a9a5-01f0b6a72321&sn=3&cfg=c31911bd&pv=2&aid=
23.36.79.18 163 B URL rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0&_cls_v=53ffcf32-88c7-487e-858d-b712f3828a78&pid=a05a020f-95de-4880-a9a5-01f0b6a72321&sn=3&cfg=c31911bd&pv=2&aid=
IP 23.36.79.18:0
ASN #20940 Akamai International B.V.
Certificate IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 0b6b0fc93eb33fc21c54360f02f227a8
98b1693d6422093d03c60a8b0a9980d958507356
ebc5094392501fc48f5f86506101a03378945208b9fe42adc003f4b42668a159
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0&_cls_v=53ffcf32-88c7-487e-858d-b712f3828a78&pid=a05a020f-95de-4880-a9a5-01f0b6a72321&sn=3&cfg=c31911bd&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 11437
Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=c31911bd; _cls_v=53ffcf32-88c7-487e-858d-b712f3828a78; _cls_s=b8332ff7-7e09-4786-9fda-dff8388fa0d5:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 163
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sat, 05 Aug 2023 10:30:29 GMT
Connection: keep-alive
Set-Cookie: ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!HPjko885Cdiq8isq/D2JHXmrrcNtC+UMYtRRZ6+3jzS4ZO5jO+zGbsDVXnPvAk0+kWEafkJOTyuD2w==; path=/; Httponly; Secure
DCID=M3Gw2LyiZZQfhyUdIZTbZOpLMNH3mPrFRWdb7H+BNpKdosyqDXju+ZZ95jZwui8E; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sat, 05 Aug 2023 10:45:29 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
44.241.221.162200 OK 26 B URL GET HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
IP 44.241.221.162:443
Requested by https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.eum-appdynamics.com
FingerprintD1:05:1E:84:AD:7B:48:5B:E9:4C:78:9A:8B:60:B4:3D:FA:93:A8:DE
ValidityWed, 14 Jun 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6a43099d5c8fe991a7aa7ebaca53069d
5bce2f0d57305c58c7b05bfce29ebb39a18f5570
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--d649329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 05 Aug 2023 10:30:20 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
strict-transport-security: max-age=31536010; includeSubDomains
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2