ocsp.dcocsp.cn/
47.246.44.229 471 B IP 47.246.44.229:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 3d25d4accc054841904c210030f2765b
5586a01c7f26c3f1b55ffe41fe5ae219492a5334
733dd1e500076a819ae487f05161dd050d436d49a72c1d11e5c58760ef008bcf
POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Fri, 02 Jun 2023 10:49:47 GMT
Ali-Swift-Global-Savetime: 1685702987
Via: cache21.l2de2[5,5,200-0,M], cache11.l2de2[7,0], cache2.se1[0,0,200-0,H], cache2.se1[1,0]
Age: 839
X-Cache: HIT TCP_MEM_HIT dirn:3:166987796
X-Swift-SaveTime: Fri, 02 Jun 2023 10:49:47 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: 2ff62c9616857038269334354e
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
163.171.132.220200 OK 19 kB URL User Request GET HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (731), with CRLF line terminators
Hash 0517841619a4c1b6dbf922fa55ce701e
0d5976ec4a480a2fb48ee9b1a95fb3a5ac50b67e
a3eecc26bc195e0cb6fe4f71adb98a7c53611cb0561c5cc32c291a8097c782f2
Analyzer Verdict Alert openphish Wells Fargo & Company
GET / HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:47 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 18840
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; prefetch-src 'self' *.wellsfargo.com *.wellsfargomedia.com; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://resources.digital-cloud-prem.medallia.com https://www.knotch-cdn.com https://www.units.knotch.it https://*.knotch.it/; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.ads.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://www.linkedin.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://*.mworld.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://www.units.knotch.it; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-6f72d183-2ebf-4c01-8e50-c72d6c355b36' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.ads.linkedin.com https://www.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Language: en-US
X-Akamai-Transformed: 9 18772 0 pmb=mTOE,1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:f7c50581-df30-4f0e-8d3b-95af28d800c7; Expires=Fri, 02 Jun 2023 11:04:17 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:0|g:f7c50581-df30-4f0e-8d3b-95af28d800c7|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 11:04:17 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 11:04:17 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894; Expires=Fri, 02 Jun 2023 11:04:17 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:80; Expires=Fri, 02 Jun 2023 11:04:17 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=11202306020403471867562096; domain=.wellsfargo.com; path=/; expires=30 May 2033 11:03:47 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=; path=/; Httponly; Secure
DCID=qmrY7cGYRQ6OsbG6SWWiJNOp9kpShbPla32lFs9O+Eg%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:47 GMT;Httponly; Secure
_abck=80BBC93769DFF6EEF5CD06DA7F5FCDEE~-1~YAAQ4KDVFzFBuXiIAQAAYh/Hewm1TeCRlMGa+YpnT3hWM5C6rBg765q6w14U3kxQA2RXy2fpT1amyok/L0Cee3Ub432UNo3DLm353Ux63eU0Cr3MVW05EaSaXGD06ijH/yA4yR8ifGLcUKfPAPcEUCcPB++3OQqVvesZGWlPs65CZyB9aXixO0JsnBC0sGuz8rZHBRNt8D18Y2b6W+JjjP1osZF5lmQANOvYsJMBmcax8Hs0AOPolITRYBIF/qfohx3Az4kaRhIKJkRGCOZWBJzoPMcLoUL5qmHIZ+4VA8tJvwzp74gzrtjqNlE76l5vsfWiNxAoCzffImbZMonHqeD0AfO05mn0e2EbZ8nLLyNRRbuUzeSboA4B3LycgSRv~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 11:03:47 GMT; Max-Age=31536000; Secure
bm_sz=B59C362C7AB1CF1DD6B0A39C14D9E541~YAAQ4KDVFzJBuXiIAQAAYh/HexNKdCJ724kmiJhd71MEfMRUngo6eHnjm03i7KBl4w918L0cMIS9gFBai1Fd4H8rCvFIglMP6hjXwofk12rPBj4Ow4jSI7/wuGGVwUlB35US7XssbK4wuzvVJ6hJ1CJhfDSO2zXY+ymi8bkMRynxw9eGrBF0Xkbdl8ms7eN5FBuKvt9qKqWJ7v0GiJCNRN7SbR0y/njt4MlCXnWuA2zuhZO+y1xTCtGD4chPf9EOasumpOoDhmBhC00ik86NdPvbyC3iloXeFXkTsqtzl4N9m2i05zbx~3293746~4539698; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 15:03:46 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:6 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc92_kf175_11844-57667
static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
23.36.79.26200 OK 16 kB URL GET HTTP/1.1 static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
IP 23.36.79.26:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (45298)
Hash 308e427d5e59a148900bf524ecd5829a
73baa209d84f2d15c88606b28280d2121efd878c
c15cbdeb4d6f20c36afa165203fc74d9ee00c6d77954971b0e1ba2e5ec222b07
GET /assets/js/wfui/container/wfui-container-bottom.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 07 Mar 2023 21:05:06 GMT
Vary: Accept-Encoding
ETag: W/"6407a702-b125"
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15731
Date: Fri, 02 Jun 2023 11:03:47 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=+s+7TtuapsT2EQmzEhkIRQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www17.wellsfargomedia.com/assets/images/rwd/choice-privileges-card-79x50.png
104.110.27.78200 OK 1.4 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/choice-privileges-card-79x50.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 723ea3757b670b62e78a271262f7a226
0eaa5d0a1bde4446a39f3d9c60a2719581c38837
ce9903039a68a570fa3787c621e9ea79efd40f4b24afd194c4025d085d48abed
GET /assets/images/rwd/choice-privileges-card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "64396a1c-1f52"
last-modified: Thu, 20 Apr 2023 01:30:29 GMT
server: Akamai Image Manager
content-length: 1441
content-type: image/avif
cache-control: private, no-transform, max-age=1175048
expires: Fri, 16 Jun 2023 01:27:55 GMT
date: Fri, 02 Jun 2023 11:03:47 GMT
X-Firefox-Spdy: h2
static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
23.36.79.26200 OK 901 B URL GET HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
IP 23.36.79.26:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (1952), with no line terminators
Hash e7cf4c458b327ab7ed31e0936ccd404f
970bf05073f91ad6b8f21521f7c9886f71f2af1d
52b687a685d2239142be0db5335c5710951ba8c2b39a44431a40f156b4d9312d
GET /assets/js/wfui/appdynamics/appdEUMConfig.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 20 Jan 2022 02:38:25 GMT
Vary: Accept-Encoding
ETag: W/"61e8cb21-7a0"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 901
Date: Fri, 02 Jun 2023 11:03:47 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=mCe6g1QYufvyjD1n+eHI2Q%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
104.110.27.78200 OK 1.7 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash c939da49d435a33b6da79639dd7b449e
b5c908f157d240c4b78f1e7a6c0808aa898c9c23
60088561eb43fca42fc2f9c996af43347355642872eabfa97a943d2f28ee474d
GET /assets/images/rwd/wf_logo_220x23.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61bcfcce-10c2"
last-modified: Thu, 20 Apr 2023 01:30:26 GMT
server: Akamai Image Manager
x-serial: 853
x-check-cacheable: YES
content-length: 1712
content-type: image/webp
cache-control: private, no-transform, max-age=1175077
expires: Fri, 16 Jun 2023 01:28:24 GMT
date: Fri, 02 Jun 2023 11:03:47 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
104.110.27.78200 OK 26 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 1f8dadb2c78b667abbb3e1869fb823fd
7ac507de2102b9198b6590d339ed4ebbe5a4db27
c19b0b9b383a1efa5a50fe1c6e48fa46e03512e47666e17cfab1c7bb77c182ef
GET /assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "62057fd1-14ef3"
last-modified: Thu, 20 Apr 2023 01:31:58 GMT
server: Akamai Image Manager
x-serial: 1294
x-check-cacheable: YES
content-length: 25648
content-type: image/avif
cache-control: private, no-transform, max-age=1175237
expires: Fri, 16 Jun 2023 01:31:04 GMT
date: Fri, 02 Jun 2023 11:03:47 GMT
X-Firefox-Spdy: h2
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
163.171.132.220200 OK 19 kB URL GET HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (33363), with NEL line terminators
Hash 1f9ca16f9fc2bfd6185aa57f8e9e1996
9a32e9cd41b9f7e4ebf0cb2364a333414f1f3e52
f1f5d2d31133a2c5bd964ef6422e45e1d1c5741d98b605d6a2cbf7257092d1ab
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /ui/javascript/homepage-ui/homepage_iaoffer.js HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:f7c50581-df30-4f0e-8d3b-95af28d800c7|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:80; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:47 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 19159
Connection: keep-alive
Expires: Fri, 02 Jun 2023 11:33:47 GMT
Last-Modified: Tue, 18 Apr 2023 15:19:30 GMT
ETag: W/"643eb502-e805"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01hzl162:0 (Cdn Cache Server V2.0), 1.1 kf175:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc93_kf175_11914-30714
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
163.171.132.220201 Created 77 kB URL POST HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
Hash 3b2227177307401f0ad66f16a01dfd5e
098aee523bc90b9abd2658dc3cad2b8d984c148c
f9fce767b48efa5ba940f180d7210d6f9d5c1569743951fb756e574c8e8ce86e
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34 HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:f7c50581-df30-4f0e-8d3b-95af28d800c7|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:80; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:47 GMT
Content-Type: application/javascript
Content-Length: 76583
Connection: keep-alive
Stored-Attribute-Sha-Checksum: f9fce767b48efa5ba940f180d7210d6f9d5c1569743951fb756e574c8e8ce86e
Last-Modified: Wed, 26 Apr 2023 15:12:23 GMT
ETag: "5b8f9de7319f5214c46d203ee7c78f9bf749d0b7eaa059e3b1056741a3d903ac"
Content-Encoding: gzip
Cache-Control: max-age=21600
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=djv6umU57V%2f01UOMV8OeYA%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=342AF7C7F2B2B3AE3872921DDA3B67C7~-1~YAAQ2qDVF+5tmDmIAQAA1CDHewnvKxjRGzz0uwnxrgkRUfWSZwFhKdgIClYNpmGSOOX5FRDHFtHU+bL9F6EGestSWXlCQ58qq4dpdPRPLcOZ0Rh0kQwH11vybmRS4V3ezIjsR+JWfCMPMqhOdsYFCNkCEO5fFd+pJIfwcv+/kVUAjR5vt/Z5QZz82aDvyco7P0sI6BKUE9Mp6jzqnHETUfWRjhZhWom/r96qYeshCy1+wNimd59FgBfarUH5poGqiQbR8dXziBDiTgUayCwMxUGN8AM4fJarc2UH0lUuE9T9rQLL/Ex6pCMwnpVd3UB4EG+OFA0HkZ65/Pl2bb8NY+7fiKOIez1DbihOyRvdVROGXnFzXAPzIDjYpSrbWZWs~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 11:03:47 GMT; Max-Age=31536000; Secure
bm_sz=639C56E1758FC2A90E11E0C3454A7D52~YAAQ2qDVF+9tmDmIAQAA1CDHexOPi6ivLa85C+YG45pvlKHRPIkTK3M7X1wfW4hIMOsUJIugNy015HLYY8LiLfl8J/wyQqJko0ZhNkD1TQZS0q66Q5Sn9aXGxSWVx9eOwfvZIfG0ND/uB3WJa30E7QZsNkj+cVBfybEjIHbm5DBpAFtjBZeP2NZ8mTTQepE+KLPTaOczkvPHJ0Cplx2LDHBJTOoF21ODAfjr+z2f+/nu1qquVXsXtmfiFnsTdge4iAl6nO+mNywxpFDDr+h5DAWR/138kFUYBoy28N6+FKzq388MZpMw~4469301~4337734; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 15:03:47 GMT; Max-Age=14400
X-Via: 1.1 kf182:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc93_kf175_11808-41870
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
163.171.132.220200 OK 24 kB URL GET HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash faeacce8b6ad342cd86a6a8d5e4b52c7
818f0301128768ed137adc0a80759721b57027c8
befa04abc1ca69b01f6d8b97af7399611e49e69b541bf33554ab37f5b6b776c7
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /ui/css/homepage-ui/ps-homepage.css HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:f7c50581-df30-4f0e-8d3b-95af28d800c7|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:80; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:47 GMT
Content-Type: text/css
Content-Length: 23837
Connection: keep-alive
Expires: Fri, 02 Jun 2023 11:33:47 GMT
Last-Modified: Tue, 18 Apr 2023 15:19:30 GMT
ETag: "643eb502-2a973"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01hzl162:2 (Cdn Cache Server V2.0), 1.1 kf182:9 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc93_kf175_11874-34747
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
163.171.132.220200 OK 4.3 kB URL GET HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type ASCII text, with very long lines (9269)
Hash eca074dba8cdd780c466b7ca2e1e4dfb
bb719678719f22e7e307627543f36ae0a2870aea
095fc630361a9d2751847109af0a35c1d5e4bd36ab8ef0055312e4a6162e1b31
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /auth/login/static/js/general_alt.js?single HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:f7c50581-df30-4f0e-8d3b-95af28d800c7|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:80; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:47 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 4281
Connection: keep-alive
Content-Encoding: gzip
Expires: Fri, 02 Jun 2023 11:03:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A7Agx3uIAQAAgD03WQbHE3dHEz58iKd9vKcBZESFGzeHH_jSy8oaHUdW6VU7AaOrhK-cuNk0wH8AADQwAAAAAA|1|0|8e7a32ba3405d77d42ea8dad748ae28ce4cacece; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=GFZUE%2fZua2yOVJVwsjoX9EGME5nE9qCyhZao0Y0zOE1tYd4QyhBMC8Z64pvPWStn; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:47 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc93_kf175_11844-57675
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
163.171.132.220200 OK 58 kB URL GET HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65500), with no line terminators
Hash 817137481b98432168705ff99aa7ca57
9049c9adaa1e735f5e8c1b17f72a88f8fad3994c
884b8a0cdadbb630b742a414622856e833532ecf5eb3ba87b6066bceb521f086
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /ui/javascript/homepage-ui/ps-homepage.js HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:f7c50581-df30-4f0e-8d3b-95af28d800c7|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:80; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:47 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 58231
Connection: keep-alive
Expires: Fri, 02 Jun 2023 11:33:47 GMT
Last-Modified: Tue, 18 Apr 2023 15:19:30 GMT
ETag: W/"643eb502-2c686"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01cV0174:4 (Cdn Cache Server V2.0), 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc93_kf175_11914-30715
www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
104.110.27.78200 OK 49 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type PNG image data, 1187 x 406, 8-bit colormap, non-interlaced\012- data
Hash 4576998e5446061faba47c4c609823e0
3beff60a8beab6ef65403e7bc02f996509c737a2
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39
GET /assets/images/sprite/responsive-sprite-v7.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 48569
last-modified: Thu, 21 Jul 2022 20:05:23 GMT
etag: "62d9b183-bdb9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=6456846
expires: Wed, 16 Aug 2023 04:37:53 GMT
date: Fri, 02 Jun 2023 11:03:47 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
104.110.27.78200 OK 22 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Hash 0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=13994597
expires: Sat, 11 Nov 2023 10:27:04 GMT
date: Fri, 02 Jun 2023 11:03:47 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
104.110.27.78200 OK 23 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Hash 83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
GET /assets/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5848"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=13994597
expires: Sat, 11 Nov 2023 10:27:04 GMT
date: Fri, 02 Jun 2023 11:03:47 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
104.110.27.78200 OK 22 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Hash f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704
GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=13841424
expires: Thu, 09 Nov 2023 15:54:11 GMT
date: Fri, 02 Jun 2023 11:03:47 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
104.110.27.78200 OK 22 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107\012- data
Hash 1a2740c8df445989e4ee5f5396b6474c
a3f8545619fdd5b2a481952cd9e2c7b169bb43a6
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc
GET /assets/fonts/wellsfargosans-lt.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 21636
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5484"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=13994564
expires: Sat, 11 Nov 2023 10:26:31 GMT
date: Fri, 02 Jun 2023 11:03:47 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
c1.wfinterface.com/tracking/hp/utag.js
23.36.79.32200 OK 55 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/hp/utag.js
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (14989)
Hash 9c21270445d8d24ac6f6cd64ba2d2b87
9b6efc3ccfdefe0993369d64c73d1adb15420700
d0a902bf3de91f273513b56ce62fff64de0a89e4c8e05446546c99ab4a1910b9
GET /tracking/hp/utag.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 28 Mar 2023 20:08:18 GMT
Vary: Accept-Encoding
ETag: W/"64234932-31f01"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 54703
Date: Fri, 02 Jun 2023 11:03:48 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Uqrnor1VWEyizJV5RTe7ig%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
163.171.132.220200 OK 313 kB URL GET HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type ASCII text, with very long lines (65357)
Size 313 kB (313270 bytes)
Hash 86b0428bd52fbfeaf6fc736f21b79f1e
357a952f524df35ccf680ecc30ed8764444266bb
fe4623c9de643567800b8518f0a5163d4d6d634f87d93ab792b221834592d5ab
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /auth/login/static/js/general_alt.js?1js HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:f7c50581-df30-4f0e-8d3b-95af28d800c7|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:80; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:48 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Fri, 02 Jun 2023 11:03:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: DCID=efGENuLS8KwcvRAjf7xgpIDiDVfvjQkaC9+7gAy0Us+CeV7harHZuKzk4njbxInd; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:47 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc93_kf175_11914-30719
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
163.171.132.220201 Created 18 B URL POST HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
POST /DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34 HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2866
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:f7c50581-df30-4f0e-8d3b-95af28d800c7|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:80; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 201 Created
Date: Fri, 02 Jun 2023 11:03:48 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=wf49dYOWI3pygju2qGVfnQ%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=wf49dYOWI3pygju2qGVfnQ%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=7FACFCFCCF41EE4C0D46311FBCE71C79~-1~YAAQ2qDVF/FtmDmIAQAAtSLHewmdbuIKUeYtl1w+W8eA8sNKxJexmEpIJ6M9kolk6ZZ6rz6IBGGAYqAHi+gQkqHEjl9Fy1PkieeUPz6Utx/TxkFV/Cy0RGJslVUiXgwgN+8pDbHwrs7V1hlDSCPRqRcgAYHFsD06ELcv83Ki4L6yf9ICszAI5d+Dm076jxGs7eLrSCObqns4eZ1Bf1WM0QUXN5IetHd8bUVmr1pvio+mfXyiYbCwfL3i9Y3gdBF5apwIkesKnXC0b4A4x+i3EhaAhkuK1Jf2biiZ75iVJD2d6HkNTJm+jGAyG1AJ/zPft6S2sZRLcy//z0y8v9yFVgM8GyNjWetQGmmeaVCpImjwmc2tQCT/czyC3cJUmhw4~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 11:03:48 GMT; Max-Age=31536000; Secure
bm_sz=53FC450F19E51274D5D535C77E06EDEB~YAAQ2qDVF/JtmDmIAQAAtSLHexP/4VqGZKhIgwdnQbf+47/Ls8kOzigMwryF+5kiE1jzcc1sURMDyq2ux7vKw5em92gBeLaSQy21myAXmMpZd/2XMjS9NpMHBY3NBpIdkTIWkLwAaQ33TZBFS9gzoQDbrOVjp/J17JWAuRa5EaBuRlVH1De2SyfUNS3pH/wB+hijx1Cpmttf9TZrceRATW2sKY+m97yzYpU1hHSudh21m5mRVeSKVoImWw/zYUWajGn7qy4Fbhc+glKaKEqOsX8ZtPT4tSBd+sTMWqooaKFmW7mH2qfF~3294001~3163461; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 15:03:48 GMT; Max-Age=14400
X-Via: 1.1 kf182:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc94_kf175_11914-30728
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/target/offers/conversations
163.171.132.220200 OK 2.0 kB URL POST HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/target/offers/conversations
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (10606), with no line terminators
Hash bd5e76a8281aef02d2563677aa6d5dce
590cd0005916f632ce027162abe4fd9a82f801a3
157c508c4730049e2a4c2c07afed5ce12ecf3d45386105c82c28975a582e5751
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /target/offers/conversations HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 105
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:f7c50581-df30-4f0e-8d3b-95af28d800c7|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:80; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:48 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 2029
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; prefetch-src 'self' *.wellsfargo.com *.wellsfargomedia.com; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://resources.digital-cloud-prem.medallia.com https://www.knotch-cdn.com https://www.units.knotch.it https://*.knotch.it/; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.ads.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://www.linkedin.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://*.mworld.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://www.units.knotch.it; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-9b5bacd9-309f-4129-a475-9169db5ea737' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.ads.linkedin.com https://www.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:f7c50581-df30-4f0e-8d3b-95af28d800c7|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:80; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:5c117992-ace5-4306-8fd9-4f075f03996f; Expires=Fri, 02 Jun 2023 11:04:17 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:5c117992-ace5-4306-8fd9-4f075f03996f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 11:04:17 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 11:04:17 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893; Expires=Fri, 02 Jun 2023 11:04:17 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:137; Expires=Fri, 02 Jun 2023 11:04:17 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=1120230602040347478568902; domain=.wellsfargo.com; path=/; expires=30 May 2033 11:03:47 GMT; secure=true; SameSite=Lax; HttpOnly
wcmcookiehp=5FFA964560617CED8510681DA89B646F; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
DCID=Tku3Z%2f0egh%2fF5POIZjjc29qeo0391+NKyqo8LL2TAR%2fkQiU4%2fttFqOsPlGIiaEpA; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:47 GMT;Httponly; Secure
_abck=9D390380DFA1F6E4C7E3FA21AAB46C2C~-1~YAAQ4KDVF0RBuXiIAQAAIiPHewnewhAaZIsHpyiNBdrSZhnWyFWDExIGDDcrxSm8Pge9oO2zztGsUMIEg52oeSO9RL1xKBLeXGW963e3WZLHdB46WFaBMMxLGqEXQKyMxDTPZexYxmy0a9efCyts59eBH/hqO2UfnStK5FCfXqnkRz6OJmGSTipOCRV49ai/yjJfi04asjD1ImHJHZ1CNF98fFu+PrPYcxLGD/cFgU/CnDOo8UHJYY3fwYSEfvSe4iOOKHsCoSEWoKso97Jr3YCO0H6hAUyAgg/kJmypOfhX2b+JyTTj+NrDN3zS0nD+xzsF28FK8cFvpdBjOEvibgXU7gcSN4kYDXyAs9zJDFMG+OgEL8G3j0gRhzPpaM+W~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 11:03:48 GMT; Max-Age=31536000; Secure
bm_sz=01AC5BA9D5185F45650238DEC7D258A4~YAAQ4KDVF0VBuXiIAQAAIiPHexPsDRroX4vB4hvLdfOtymS/lfQPm7rfr6LcZgFuAquK79HQATYm7TcL/w2e+fSJsFumx6gwhLMi0KuSCCcMHDZ6zWProeJyt0FUo57gyKUqL7ohQpO94sMwijv4Ss2nTfLQC6Ge77ouVKi/Ga0NEp/jyzpuE2AFmOQ9Y7NBYgsSByfyHQDNPY15X/jS2qW5XmwNPqeoT0AW0FTGPdZ4j/Lbhr2aJnTjXaA7/hlJ33qFC6BVGCQlDL4t09ajh/xYAi6XqmVRAT+TIrm5fiWoj+KwGXbs~4469301~4337734; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 15:03:47 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf173:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc93_kf175_11874-34753
www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
104.110.27.78200 OK 9.2 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/icons/ico/favicon.ico
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash cd112f1acb59ef6e59e09c0effd8ce2a
bc104cd92adc32a8f695300d2b0cc69c2776f6af
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c
GET /assets/images/icons/ico/favicon.ico HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/x-icon
content-length: 9198
last-modified: Fri, 17 Dec 2021 21:10:38 GMT
etag: "61bcfcce-23ee"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=8925
expires: Fri, 02 Jun 2023 13:32:33 GMT
date: Fri, 02 Jun 2023 11:03:48 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
104.110.27.78200 OK 964 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 7f9f34586bf809f8eb21ceb6b46045d7
90691768aff809a00ce2b33df7e37e34dcdbcbe0
dca86ff9007564cbcb0515ec84dfc727fd8648005a8f12eb0bf5a3278431d6e0
GET /assets/images/icons/icon-hires_192x192.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6116f9a6-dcf"
last-modified: Thu, 20 Apr 2023 01:32:50 GMT
server: Akamai Image Manager
content-length: 964
content-type: image/avif
cache-control: private, no-transform, max-age=1175223
expires: Fri, 16 Jun 2023 01:30:51 GMT
date: Fri, 02 Jun 2023 11:03:48 GMT
X-Firefox-Spdy: h2
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AICnw3uIAQAAizJ1e16SXtEfXOsHbtq5M9ZS5XHjNpH6rq2pl_OLT50NNSzx&X-G2Q3kxs3--z=q
163.171.132.220200 OK 151 kB URL GET HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AICnw3uIAQAAizJ1e16SXtEfXOsHbtq5M9ZS5XHjNpH6rq2pl_OLT50NNSzx&X-G2Q3kxs3--z=q
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 151 kB (151219 bytes)
Hash 7b1dce6a1fe90d0acdc438f00b02e05f
36fec2e96ca7601a520b0212ecaad21689a0848e
2331e691394f76aeb8406fb790ef29b55641c156f99aeb2e796d7e7969c26581
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /auth/login/static/js/general_alt.js?async&seed=AICnw3uIAQAAizJ1e16SXtEfXOsHbtq5M9ZS5XHjNpH6rq2pl_OLT50NNSzx&X-G2Q3kxs3--z=q HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Cookie: ADRUM_BTa=R:0|g:f7c50581-df30-4f0e-8d3b-95af28d800c7|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; SameSite=None; ADRUM_BT1=R:0|i:206894|e:80; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:48 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Fri, 02 Jun 2023 11:03:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A-8hx3uIAQAA0vO4c218AbacuOBs852AfL2RQk9U5vei_a6fLrzpG9l13WXSAaOrhK-cuNk0wH8AADQwAAAAAA|1|0|d96d40ffbde4fa4a1deda3e0f0209d3386a1559d; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=GMTjLpQ0Nz0358Q1yF5r%2fgWEc3KAheIhgMUnYBG6qg1BVJAG3zlLjsEu8D9VvMFG; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:47 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:8 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc93_kf175_11808-41875
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
163.171.132.220201 Created 18 B URL POST HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
POST /DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34 HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2144
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=; utag_main=v_id:01887bc72131000e04f6f78c007f05046003700900918$_sn:1$_se:1$_ss:1$_st:1685705627762$ses_id:1685703827762%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:5c117992-ace5-4306-8fd9-4f075f03996f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:137
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 201 Created
Date: Fri, 02 Jun 2023 11:03:48 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=goo3kta9B1aDJkQOiAq3Cw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=goo3kta9B1aDJkQOiAq3Cw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=AE0D4C3C8A202E3B8D813444A938884A~-1~YAAQ2qDVF/dtmDmIAQAA7CTHewmGlYLuIWACRmOO5E84ukIomfvq4OKV3a6hrWbed7F5nf3AGqX5k6vE7gWT66vQXbZgUC4UmOJ3vFzlZX1WYfCoFb/ZsKVPU6J1evJq+DVkoGGTyzLYF6MH0wHi8ooNpSb4O7jwZ7usKuwH7QNwZt73lIg5rhZMTzLFlnBdYikxSldvNghvp6yTWfTbvKzKFet3d62nuPUc9jLwx0WFFJWoSROGfcMqBuquUnWgalChERdh8pG59q/EDghUz/BvvkfXWAGPXzBVpsEYsKRzunQhCmdgwnVp0dr71f7E5sEyT2EMlb82PK0onPlW3fkYDWIxwr8nmJuRyl78iqq66FdM5WCvaiHaZIq6Zn4y~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 11:03:48 GMT; Max-Age=31536000; Secure
bm_sz=29616321D9B3B88C8530695CC454671E~YAAQ2qDVF/htmDmIAQAA7CTHexPU4x55ccmwLgK7svyxaO2wstHPift5V09ubHSo6oP+is8UmeYFzfEfgRZrxAtPIbX2SHmJ20o7dWQ7cTsT8/VjTTONpGBCq3O3a70in/p8pqG5fdXskrzMS1fTdbdQLHrB/1DE8lvp7t7XApPiuPngZp4GaEZoTSKuyEfU6LFjkGOBaRTmW7Ct2OAB6ACNichdatDG/tszEz9jY64HXfTq0kM6GmtKPF83irBCaA5yrDYmTj13BmuwxrPmpZo6eZsvAIZmzHbaN8f+Dslox+ApJnOW~3294001~3163461; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 15:03:48 GMT; Max-Age=14400
X-Via: 1.1 kf182:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc94_kf175_11914-30742
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_557715963_616x353.jpg
104.110.27.78200 OK 16 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_557715963_616x353.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 093dc61fd7b0036526bf39ae69597887
a27c677f83b0554434422c99b5519ace95ddb23a
f5a1bee943c64e915cc0223d3cc7e402b70794950377eb8ef040c835fad7e156
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_557715963_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63cb7c4a-ce5a"
last-modified: Thu, 20 Apr 2023 01:31:11 GMT
server: Akamai Image Manager
content-length: 15941
content-type: image/avif
cache-control: private, no-transform, max-age=1175152
expires: Fri, 16 Jun 2023 01:29:41 GMT
date: Fri, 02 Jun 2023 11:03:49 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_900217040_616x353.jpg
104.110.27.78200 OK 24 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_900217040_616x353.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 87b3f9d652a18e74ea8ef53a99b251d6
8773c9b3a11fb9247039d731888724ccfb74bb5d
86e522c61649a3fd7b76ea8d8304d88fa1b86d029a349c64a2e4ee3683d019c4
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_900217040_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63cb7c49-e902"
last-modified: Thu, 20 Apr 2023 01:30:31 GMT
server: Akamai Image Manager
content-length: 23508
content-type: image/avif
cache-control: private, no-transform, max-age=1175159
expires: Fri, 16 Jun 2023 01:29:48 GMT
date: Fri, 02 Jun 2023 11:03:49 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_o_enjoy300_1700x700.jpg
104.110.27.78200 OK 1.6 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_o_enjoy300_1700x700.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash f4ea54d2de3587734104a7fe6ac34593
abb69048123b667ad90dcba04da4f08a4a4aeeb7
e802f40411f32bc8331100de87c647c70071bbd2e29a44befcd52e48c6020205
GET /assets/images/contextual/responsive/hpprimary/wfi_ph_o_enjoy300_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63f63d12-aabe"
last-modified: Thu, 20 Apr 2023 01:43:32 GMT
server: Akamai Image Manager
content-length: 1646
content-type: image/avif
cache-control: private, no-transform, max-age=1176048
expires: Fri, 16 Jun 2023 01:44:37 GMT
date: Fri, 02 Jun 2023 11:03:49 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
104.110.27.78200 OK 562 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2bcde1c3190b4af34b91259d18dcc641
3e6b6735a8876b4a326648142fab032a8bc57999
de658330c0f53de61d10240f572508c31ee9db580f34b856430724f2e499104c
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63cb7c4d-769"
last-modified: Thu, 20 Apr 2023 01:30:29 GMT
server: Akamai Image Manager
content-length: 562
content-type: image/webp
cache-control: private, no-transform, max-age=1175097
expires: Fri, 16 Jun 2023 01:28:46 GMT
date: Fri, 02 Jun 2023 11:03:49 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_482407060_616x353.jpg
104.110.27.78200 OK 27 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_482407060_616x353.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 45a212ca9acc61f0bb2570fad9b1ef6d
0766da6abe3d736412ceba81a699a55110feb6b5
99dade4264e8d662c215bf128f8911bf7e53123d661d9783c0a4260970fd51fb
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_482407060_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "63505838-e489"
last-modified: Thu, 20 Apr 2023 01:30:25 GMT
server: Akamai Image Manager
content-length: 26587
content-type: image/avif
cache-control: private, no-transform, max-age=1175114
expires: Fri, 16 Jun 2023 01:29:03 GMT
date: Fri, 02 Jun 2023 11:03:49 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
104.110.27.78200 OK 1.1 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 89a0759ff4f79071f11a1f90bffd9337
2d734cb1eda293788a673c1fae36b2c1d7e92bae
2223c16db671322ea90112c50128563ee80413e33769d718bd92b99da094712c
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "633eedd3-e69"
last-modified: Thu, 20 Apr 2023 01:30:30 GMT
server: Akamai Image Manager
content-length: 1131
content-type: image/avif
cache-control: private, no-transform, max-age=1175139
expires: Fri, 16 Jun 2023 01:29:28 GMT
date: Fri, 02 Jun 2023 11:03:49 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_piggy-bank_color-gradient_64x64.png
104.110.27.78200 OK 1.4 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_piggy-bank_color-gradient_64x64.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 965f76605b195f4ccfe05353f99ec406
7cc5b65bebc32a1835e778bf984d202fe472bd30
7bb20bbccd8f33fc25b907e8fcbefb0d73b1a9ae7076f8e688fc633f09690de6
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_piggy-bank_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "64501bd4-10f8"
last-modified: Tue, 16 May 2023 13:54:43 GMT
server: Akamai Image Manager
content-length: 1420
content-type: image/avif
cache-control: private, no-transform, max-age=1133486
expires: Thu, 15 Jun 2023 13:55:15 GMT
date: Fri, 02 Jun 2023 11:03:49 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_hplp_savings_1600x700.jpg
104.110.27.78200 OK 2.0 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_hplp_savings_1600x700.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 54e10b9c13d7d34c19657767d4bab80c
e34a8ab8569f015fcc331eb9eea548cffb7466fd
3059d71b7591fed5674007cbfe04627a88397d42cc58f9a107becb0c269d825b
GET /assets/images/contextual/responsive/lpromo/wfi_ph_hplp_savings_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6453c985-8adb"
last-modified: Wed, 17 May 2023 14:04:04 GMT
server: Akamai Image Manager
content-length: 1950
content-type: image/avif
cache-control: private, no-transform, max-age=1220551
expires: Fri, 16 Jun 2023 14:06:20 GMT
date: Fri, 02 Jun 2023 11:03:49 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
104.110.27.78200 OK 840 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 6ec98f68003e2c6714282b232614e8d1
2e159a3a6e6796d1cc201770ac015f96f905ef56
f9c237c7739705ea404e9682f13e557a1d984f2493f6f619bdfce44c9a71445d
GET /assets/images/rwd/Active-Cash-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-1d25"
last-modified: Thu, 20 Apr 2023 01:31:18 GMT
server: Akamai Image Manager
x-serial: 1153
x-check-cacheable: YES
content-length: 840
content-type: image/webp
cache-control: private, no-transform, max-age=1175175
expires: Fri, 16 Jun 2023 01:30:04 GMT
date: Fri, 02 Jun 2023 11:03:49 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
104.110.27.78200 OK 962 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 699a91c4d536a60f1a4bd48622194f70
91b303fbf65778043ddd2fe6f39f4798f207f320
8c456a47b3f97fa54853761f544146ab5b5277a11603a18f080947d76e31d54a
GET /assets/images/rwd/wf_autograph_card_79x50.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-81c"
last-modified: Thu, 20 Apr 2023 01:32:43 GMT
server: Akamai Image Manager
content-length: 962
content-type: image/avif
cache-control: private, no-transform, max-age=1070027
expires: Wed, 14 Jun 2023 20:17:36 GMT
date: Fri, 02 Jun 2023 11:03:49 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
104.110.27.78200 OK 712 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 89489c444f1ee92b133eb97304e31020
62ea0737595301aabcda8a6dbe95184ba9a75558
e06b14ec84ac8651fc009b444e0560a78c1919f45df8106a9c14cd708d5b804e
GET /assets/images/rwd/Reflect-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fb74d-1c20"
last-modified: Thu, 20 Apr 2023 01:30:55 GMT
server: Akamai Image Manager
x-serial: 1166
x-check-cacheable: YES
content-length: 712
content-type: image/webp
cache-control: private, no-transform, max-age=1175047
expires: Fri, 16 Jun 2023 01:27:56 GMT
date: Fri, 02 Jun 2023 11:03:49 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
104.110.27.78200 OK 1.1 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 21385ee55bb1e5a680bb48257446fb86
9639eb9d1c5805fa350013eaa2f11c08835459e0
cfcc50571ad947e067c5a0853534d3016eaaef2fd98ffdb9b0d4d3c1bdda0273
GET /assets/images/rwd/bilt_card_79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "636fc445-1be6"
last-modified: Thu, 20 Apr 2023 01:31:08 GMT
server: Akamai Image Manager
content-length: 1083
content-type: image/avif
cache-control: private, no-transform, max-age=1175183
expires: Fri, 16 Jun 2023 01:30:12 GMT
date: Fri, 02 Jun 2023 11:03:49 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
104.110.27.78200 OK 1.7 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash e218a28576f6620622d48155284b5551
d189e371b0ce3dac93f0b9e660c426d932da9274
f990b81e77666bac79e3f1f9399b7763ca7eb64b1d70acea21cbe954413cc0c3
GET /assets/images/rwd/first_time_experience-account_summary.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "618287e9-14da"
last-modified: Thu, 20 Apr 2023 01:30:31 GMT
server: Akamai Image Manager
content-length: 1662
content-type: image/avif
cache-control: private, no-transform, max-age=1175202
expires: Fri, 16 Jun 2023 01:30:31 GMT
date: Fri, 02 Jun 2023 11:03:49 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
104.110.27.78200 OK 7.4 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash c885a0955f4f35b25bceca71830f266d
4bbdc15de0149dee5e6feae4fb32a520a983a1ca
5c18c7230c1e013e39d16af91a84fdedd4a6cb5874e26729f0883978c4ba229e
GET /assets/images/rwd/Native_App_Phone_Personal_v8.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6328cc17-9829"
last-modified: Thu, 20 Apr 2023 01:39:11 GMT
server: Akamai Image Manager
x-serial: 7
x-check-cacheable: YES
content-length: 7363
content-type: image/avif
cache-control: private, no-transform, max-age=1175421
expires: Fri, 16 Jun 2023 01:34:10 GMT
date: Fri, 02 Jun 2023 11:03:49 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
104.110.27.78200 OK 463 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 4ba6a57b8c9f52ede1b958bd4b63700b
22a693eb43a2a76ab994782bc50cc262f986a240
c13a85df86fed8e3d77b952a59a1736743127f1422873b47b4d0a59092c62de2
GET /assets/images/homepage/position-1-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-9f2c"
last-modified: Thu, 20 Apr 2023 01:30:38 GMT
server: Akamai Image Manager
content-length: 463
content-type: image/avif
cache-control: private, no-transform, max-age=1175236
expires: Fri, 16 Jun 2023 01:31:05 GMT
date: Fri, 02 Jun 2023 11:03:49 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/women-in-greenhouse_616x353.png
104.110.27.78200 OK 31 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/women-in-greenhouse_616x353.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 6e75964fb01ae452f65c9fa41cd3326e
1a0909cc3f5290bb291f4d35abdc4df63767ef9e
417df9b440b214aa81b429a205291afb424c1ae8a3c9143dd22e17befaada5e2
GET /assets/images/rwd/women-in-greenhouse_616x353.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "6410d4f7-b51b"
last-modified: Thu, 20 Apr 2023 01:30:32 GMT
server: Akamai Image Manager
x-serial: 1698
x-check-cacheable: YES
content-length: 30860
content-type: image/avif
cache-control: private, no-transform, max-age=1175092
expires: Fri, 16 Jun 2023 01:28:41 GMT
date: Fri, 02 Jun 2023 11:03:49 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
104.110.27.78200 OK 831 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 026f5e731899c436dbbec268e870905a
160ed7b7fe9a30e81aae6f1136db6ce939113a7e
2a242450947c5c9d9496cd2d4acb67d50b269f5ce36070c3b98c4f88db3307db
GET /assets/images/homepage/position-2-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-cf3e"
last-modified: Thu, 20 Apr 2023 01:33:02 GMT
server: Akamai Image Manager
x-serial: 1447
x-check-cacheable: YES
content-length: 831
content-type: image/avif
cache-control: private, no-transform, max-age=1175199
expires: Fri, 16 Jun 2023 01:30:28 GMT
date: Fri, 02 Jun 2023 11:03:49 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
104.110.27.78200 OK 405 B URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 08e3eec615bb3f7d07a95e1e79f96189
c05ef7184eedcb31aee442ad8c474ff306b1d473
89026cd6ac7b7314c1a5b075471d09a9b672ac011254541c9d2b521b90c6cb3e
GET /assets/images/homepage/position-3-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "61619278-7b35"
last-modified: Thu, 20 Apr 2023 01:33:39 GMT
server: Akamai Image Manager
content-length: 405
content-type: image/avif
cache-control: private, no-transform, max-age=1175488
expires: Fri, 16 Jun 2023 01:35:17 GMT
date: Fri, 02 Jun 2023 11:03:49 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
104.110.27.78200 OK 20 kB URL GET HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
IP 104.110.27.78:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectwww17.wellsfargomedia.com
Fingerprint34:8E:D5:B0:07:9F:99:05:97:81:77:30:96:DA:E2:A7:69:E6:4E:C1
ValidityFri, 14 Apr 2023 00:00:00 GMT - Sat, 13 Apr 2024 23:59:59 GMT
File type ISO Media, AVIF Image\012- data
Hash 87490ccdfd428eee95e906fbce88432a
e1c384061e5aaf77bcf202341510db8cdc2ae350
936c825f599809216670e9444d31e555e587b6f9943a89681cfef3621c5b0843
GET /assets/images/rwd/volunteers_cars_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
etag: "618017dd-cd21"
last-modified: Thu, 20 Apr 2023 01:30:41 GMT
server: Akamai Image Manager
content-length: 19628
content-type: image/avif
cache-control: private, no-transform, max-age=1175091
expires: Fri, 16 Jun 2023 01:28:40 GMT
date: Fri, 02 Jun 2023 11:03:49 GMT
X-Firefox-Spdy: h2
c1.wfinterface.com/tracking/gb/detector-dom.min.js
23.36.79.32200 OK 138 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/gb/detector-dom.min.js
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65434)
Size 138 kB (138549 bytes)
Hash c71e354b6a3fbb7e60e42b5cd392761e
b0abcc1cda4144fb29550225f7c3dd0342d11fbf
c5efd80b0945674f1ffbb895395fb45f44b6030a3d2c6380b03202e667c51923
GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 28 Mar 2023 20:08:12 GMT
Vary: Accept-Encoding
ETag: W/"6423492c-7049c"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 138549
Date: Fri, 02 Jun 2023 11:03:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=8WQrM7eGi%2f3%2fE7Qz5Txjmw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
23.36.79.32200 OK 45 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?id=UA-107148943-1
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 02 Jun 2023 11:03:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=f1EAhWDgB6d+Ajulf4Zwcw%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
23.36.79.34200 OK 571 B URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
Hash 6497c4493a39dde646c25ba77769bdff
a274bf8eeb1162704dffb48a94fa7984257d5bb0
87539e9903c436b134e3eedeb2fba22286fbca83cfd766afd62e6de9d10167aa
GET /accounts/static/7M/accounts/short/accounts-cache.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: W/"645c0402-497"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 571
Date: Fri, 02 Jun 2023 11:03:49 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=l3JokbHIZXN%2fsdFueLu8qxdn6S++gqyDOoCjz9bucXY%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
23.36.79.34200 OK 151 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 151 kB (151049 bytes)
Hash ab12d029125c09eb8112141ad7179589
b21c5d3742075a989cf9e7ac67180bbb329ae587
0bad44d97595add5154c18c311b38d87e7834353dc2a778d8147cc1b9418aef9
GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Allow: GET, POST, OPTIONS
Access-Control-Allow-Methods: POST
X-Frame-Options: SAMEORIGIN
ETag: W/"645d3f60-1854"
Last-Modified: Thu, 11 May 2023 19:17:52 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Fri, 02 Jun 2023 11:03:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
WesdAksn=A2wmx3uIAQAAato9Y6b0bAdPRyCL5x5gu3A7dnXI5n4HyIAGsyqTY-T0NxfyAVtaKpqcuNk0wH8AADQwAAAAAA|1|0|ac17bd713551432e6807f80a8ae6da8debf7afae; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=HpmLAmhX%2fmwcv7KCPEU0J6sqbGw4g6NFwDleIvE%2frUjp6wQtAPKr+nQaSWj%2fbOV%2f; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
163.171.132.220200 OK 175 B URL POST HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 5de00a65f0e69c57854b812bdd432d98
fa84207cf92d9388e455885cd116b016d5e2240e
cfd5109b1d2253b6cafc40801cf53e1a2670f2c9ca97c55925c441e6551d345b
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Content-Type: multipart/form-data; boundary=---------------------------33787367465708178541271712313
Content-Length: 169
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=; utag_main=v_id:01887bc72131000e04f6f78c007f05046003700900918$_sn:1$_se:1$_ss:1$_st:1685705627762$ses_id:1685703827762%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:5c117992-ace5-4306-8fd9-4f075f03996f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:137; dti_apg=%7B%22_rt%22%3A%22DQ47TLwO8g7F8CmqyXGSnMNMA9mcxiSKkGUclQbv6aY%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:49 GMT
Content-Type: application/json
Content-Length: 175
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
x-envoy-decorator-operation: ingress DeviceCategoryPost4
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Q9Afic41+jpUmLQ7C90ngpUEq9KjGW9zMT+nAEjo4mQ%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:49 GMT;Httponly; Secure
_abck=6530A7EB542D7599A0A200A321DFC205~-1~YAAQ4KDVF1tBuXiIAQAAmCfHewkxG1cHKStDIupjxRbPuICEKroJtftSVXsQdZFWigAWWWJ07CzAgRBM1tHNLg/+U225uOoy9tSGy5srJaeoQaPZUmlNiwKioxzSN9yvWewpvp57GShFljIcz4B+f/0DXp+/bWLxotFtkK8GMmGhnYb+AC2ovxIk6Ckypf7UbpmcVz1av0zFd6JcLv/oFJlUEX9n9o67ISoEkqFvmbPtelgNRtXhitgToMTxbWf2CjGybcEkAX8S+Tb1zEiSyTLYerZz3Z4tP/QvHseBIcxyn2KdSY3zk0Kfu9pKzGnPZh/JHqWoM26O0avY7nMYB8/R/SwdeX4oLjgjxMNKuBQHjG0kzfaF4bgrqcWh9k0g~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 11:03:49 GMT; Max-Age=31536000; Secure
bm_sz=9C041374764F51699D954490FEBDF6D9~YAAQ4KDVF1xBuXiIAQAAmCfHexMJZ4yMHN1nVHm1iEZZKCc09K7yg5dw1hUukB3u+aR7fLT/lrL2yZOb91WyPIDgGXAjNTeba1xCucMv6pUe6o+wTKR7GQGpxRSqQM1cxooBtCe4OzTE7V7zRB70ysPMngNfBSBGbzIV5AgZC9cuDNye6H6Tx8tH06E2HxR/5n44Jg3GgFs34THdKfLQHz6pJt8n1xzq/DVH/rOnlS45U+GbwTIwpT2k29mzBtAA7xvz4yGxT0nTB9rkwhAuKg+sGOc9KZGW+GGsM89CX+bDra0l7WwZ~3421749~4338997; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 15:03:49 GMT; Max-Age=14400
X-Via: 1.1 kf175:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc95_kf175_11914-30759
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.6f78b5133f378c92c1b9.chunk.css
23.36.79.34200 OK 24 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.6f78b5133f378c92c1b9.chunk.css
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 7761c210936c5ffbc16bf3a859c5c649
30b0294e872a612bbb44fef185397b20839a6a7f
5b306356aae0365e64f0f2aeb36e88aaebcfad3cede0791f87a2cd3d8fbbe9af
GET /accounts/static/7M/accounts/public/stylesheets/main.6f78b5133f378c92c1b9.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 23979
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-5dab"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Fri, 02 Jun 2023 11:03:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=vzI7wqOgi53YaJwZOi1o9A%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.df910294345cedd2922e.chunk.css
23.36.79.34200 OK 39 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.df910294345cedd2922e.chunk.css
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 1415f9572acbb3f9c9b735caa721379c
b028e1c6270ffbbeaaad4df08669a519dabef72c
38526f61faf9a7f3f0612e909fb6f786a7ffba9b899c4d37ee66a7f08dd8f69d
GET /accounts/static/7M/accounts/public/stylesheets/wfui.df910294345cedd2922e.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 39080
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-98a8"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Fri, 02 Jun 2023 11:03:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=ziE2rM6Is0FZTa6dv4ldKg%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.77e559b79db575fffbe9.chunk.js
23.36.79.34200 OK 331 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.77e559b79db575fffbe9.chunk.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65446)
Size 331 kB (331228 bytes)
Hash 6ef479c44379f2b9baec883c473a53dd
6d971f4dc64d2a685ca927c90021ebaa601c2726
11b00cbc413cf23b0f7d71dd7f65469d1eae548afbeaa034f0261307093d1d24
GET /accounts/static/7M/accounts/public/js/wfui.77e559b79db575fffbe9.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 331228
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-50ddc"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Fri, 02 Jun 2023 11:03:49 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=erJCfS+81VnMeJthbsdk7KCEhdktx8H+AHBZUOVUVahP6OptBNuBX87TpuXS6Zpf; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.0b407b6e491f76ce3813.js
23.36.79.34200 OK 3.8 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.0b407b6e491f76ce3813.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (7626), with no line terminators
Hash 376eecf5abc22210cbcec8dc18f21cf6
be2406fc2ef24c86c85eb04a9c36559ef1fa3d7b
a56f4f80c32f2fd3a8d47679dfd0456765d23a853a0f12c5bdf7e8bae4c65a20
GET /accounts/static/7M/accounts/public/js/runtime.0b407b6e491f76ce3813.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: W/"645c0402-1dca"
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Content-Encoding: gzip
Content-Length: 3788
Date: Fri, 02 Jun 2023 11:03:49 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=VZJLkpOQCbDojTriuPM+VqAeGwESLbzN6hcCVcXnxvGafI9Q9lPlg6vnRIdptukg; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.e50d6f2958b549874d2c.chunk.js
23.36.79.34200 OK 367 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.e50d6f2958b549874d2c.chunk.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65439)
Size 367 kB (366646 bytes)
Hash ed876d09f51c9e3bf7a72d9cd0c6ba70
1451ebd78f86e66969ac4dd31d52744cc68fd9a1
09d080b8cbf4892422de75f1a0f2ce43e3c9578cf6179674546782dacc6178f7
GET /accounts/static/7M/accounts/public/js/vendor.e50d6f2958b549874d2c.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 366646
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-59836"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Fri, 02 Jun 2023 11:03:49 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=BKZ+R2vrvK3RfKInt+16YMFJvaB1pWY8vp1zryYGssKGljoqZ9WGwy46FqyKx7Sh; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.a939a86ee26c77766c4a.chunk.js
23.36.79.34200 OK 308 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.a939a86ee26c77766c4a.chunk.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 308 kB (307653 bytes)
Hash c85014374233a557bb0c3371506bb5a0
aeb987debdb406b79606440a165a027770ee03c7
79c53c9a2acedfe344e6246a510b6c7a687fb868006a15f7afd5886a1b88abf1
GET /accounts/static/7M/accounts/public/js/main.a939a86ee26c77766c4a.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 307653
Last-Modified: Wed, 10 May 2023 20:52:18 GMT
Vary: Accept-Encoding
ETag: "645c0402-4b1c5"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Fri, 02 Jun 2023 11:03:49 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=JwLLfJz1lSF8FYkZQF%2fQn8e2pzJXn+%2fqwiYiVRWc%2ffgoUSa6FFu4WGl6CBlJhV2c; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
23.36.79.26200 OK 14 kB URL GET HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP 23.36.79.26:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (32088), with CRLF line terminators
Hash 5f310e2e2a558d76b916e137aee73462
c7ff0190c9c2c414321211f3863e9e27f32b713e
385196f0fce7cea80c2c99d971780ecb73df9dea6e5b2d95d19df3aa849c7b1f
GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 14304
Date: Fri, 02 Jun 2023 11:03:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=QS0mxSNZADKDTc91aFOyrg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
23.36.79.32200 OK 45 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?t=UA-107148943-1 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 02 Jun 2023 11:03:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=44PLNsRBvQ%2f4YtAx7Gp0Rg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
23.36.79.34200 OK 607 B URL GET HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with CRLF line terminators
Hash 566dda94252f1860a7a28665c715b530
6aa0455dc8ea41441b1f3a733985758dc40af736
43dd833f33570535401d009e6b6f9cde54bdac4e210fc6c89cfdcfcbaa9fc903
GET /auth/static/prefs/atadun.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 11 May 2023 19:12:37 GMT
Vary: Accept-Encoding
ETag: W/"645d3e25-4a0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Content-Encoding: gzip
Content-Length: 607
Date: Fri, 02 Jun 2023 11:03:49 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=zWVkSsXNKtYfepBvrynassrwwjLdaLS+py%2fU6kexdjQy%2fBEJL4E+REYSdLH89kCC; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
23.36.79.32200 OK 45 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 02 Jun 2023 11:03:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=lcgG2Mbn5gGGrLF8r+yzmg%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
163.171.132.220201 Created 18 B URL POST HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
POST /DdrkOpEh7E5gp/UP7svlzv4G1/TdM/1DEuGftzfLfE/OyhvFgoadAI/Eg/cwXltKV34 HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2801
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=; utag_main=v_id:01887bc72131000e04f6f78c007f05046003700900918$_sn:1$_se:2$_ss:0$_st:1685705629372$ses_id:1685703827762%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:5c117992-ace5-4306-8fd9-4f075f03996f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:137; dti_apg=%7B%22_rt%22%3A%22DQ47TLwO8g7F8CmqyXGSnMNMA9mcxiSKkGUclQbv6aY%3D%22%2C%22c%22%3A%22NDduZk5pbG9sN08xZ1ZPWQ%3D%3D9bzr-Zc3YAn-cUqz_eLAPEpacb6gzqHZniMvs60c1NCKUJ57VhLQF9_i260lzguZXm0M_q9gUrqI3uOTsdW44OIwUlBEQQTQxqY%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C13718350586106930635192995548681066680%7CMCOPTOUT-1685711029s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=6efdfe7e-514b-4931-a849-b355be75366c; _cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 201 Created
Date: Fri, 02 Jun 2023 11:03:49 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=aB96zokRGhnIXASbqH%2fCuQ%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=aB96zokRGhnIXASbqH%2fCuQ%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=923530436F9C24A0C85873152DD71B00~-1~YAAQ2qDVF/xtmDmIAQAAjinHewlAituY6NbY6i5KIYTaJh3Nm3pJ4HwxDlc8zWsRXbEoGlbONOokvQTnD3ilo63W2liyFHhZgMmdPZsevIqw8NJom3RJfCh21WDWxxkzISAsjjJCXVF1d9P51BeBhbksFR8nyIQDqWLZq12EHXDR86P6fEEGzRHtGUgrd230lv51MNED3jZuyWx/UZ/KiPe7sICgx040JcNv6VCDBXQMavwC5yWgFJz89ahzLDv8tY26IzkJcKX5BQia0nfyhQdYgNy1C/344hY0A+ARJh1Xn96tZ3XUmEC/hydLWeCE+OW4nPoZ2PnsIozOwt96IkrrjFEnFa1ACycHOVRCd7J4rkIMQOWKlFTksB8kA0d4~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 11:03:49 GMT; Max-Age=31536000; Secure
bm_sz=2C6BCD3B65E3C19A56B13EB7BBD68393~YAAQ2qDVF/1tmDmIAQAAjinHexMhQ2DZrn75jmbdbuCil+gAJZHfyTvQ82anINMeS8eCxgOnRNd5tdFOAqqI2EbmG+slVSekkH8qaNtr5CdPS8WqAgXSyOd4jZvMrVCQGIRFNnQ63vAMy/QMT+ZTG15hGuUCirDSz5oWE2gLnN3Rwy9Cih/xCJj+mzJGYCvAD5XITFXWRzyNxLGyHYlzyhyf9oULDavlowXHxnc9MjicujTpKNTGSf1VGHT8XLM9DcaiIHNlmIaqoniO5yL5hKzwdnRDHf6Iifc7KN+jxpV7Dsuth6Lk~3421749~4338997; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 15:03:49 GMT; Max-Age=14400
X-Via: 1.1 kf182:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc95_kf175_11914-30803
c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
23.36.79.32200 OK 45 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 91c536ff4d2c8db1822702f866e60b08
3370d3721e28923f099da1985f718a88015975aa
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
GET /tracking/ga/gtag.js?t=AW-984436569 HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:42 GMT
Vary: Accept-Encoding
ETag: W/"638fae6a-1ca3a"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Fri, 02 Jun 2023 11:03:49 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Guw5iD8S%2fqniE2TbVEzADA%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f%3A0&_cls_v=6efdfe7e-514b-4931-a849-b355be75366c&pv=2&f_cls_s=true
23.36.79.33200 OK 1.1 kB URL GET HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f%3A0&_cls_v=6efdfe7e-514b-4931-a849-b355be75366c&pv=2&f_cls_s=true
IP 23.36.79.33:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (4589), with no line terminators
Hash 3210f4073b3447ecee6a2677cf135983
c6313270e65d19dbad0ef86e9cea35c0fa253615
47b8e4b0f9c5bde28bdfa2e38d78c3606a138a276a6e7939102f01701cd1841c
GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f%3A0&_cls_v=6efdfe7e-514b-4931-a849-b355be75366c&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1139
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Fri, 02 Jun 2023 11:03:50 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=32a3f9ce; Secure; SameSite=None;HttpOnly;Secure
_cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0; Secure; SameSite=None;HttpOnly;Secure
_cls_v=6efdfe7e-514b-4931-a849-b355be75366c; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!OqeOkSVV8ocsbWsq/D2JHXmrrcNtC551lgN2iMb77jdwHpmg2U39g6oG8EW0NCR5SOnVlse4ChytRA==; path=/; Httponly; Secure
DCID=G1cCDJWVrLU1DSE6SyzSdv0b5C8meZJxqDiGA5IZwJbXvIr3eGJjMUo%2fvzY84aoL; Domain=rubicon.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
c1.wfinterface.com/tracking/ga/ga.js
23.36.79.32200 OK 20 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/ga.js
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (49163)
Hash 8402e9ebdf9290c018b0617018227681
2d840fcd6c3008d9aca747ba0ce056b496db8e1b
0b2af045acafbdf14516bf55f310568036ace959946d16edb1acebcd58029d22
GET /tracking/ga/ga.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-c025"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 19477
Date: Fri, 02 Jun 2023 11:03:50 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=1+YI2IfQ74nNoL3GUF8nhQ%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
c1.wfinterface.com/tracking/ga/ga_conversion_async.js
23.36.79.32200 OK 14 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/ga_conversion_async.js
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (35846)
Hash 0a40602db7616a31c9da4548ee920190
878e01cb0c90cb247aabc137327655a6fcffcbd5
6c771bd1c269646a76015f2f6410a40c031e5adea88f665bfe9ae15a972ab6ab
GET /tracking/ga/ga_conversion_async.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-8c31"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 13593
Date: Fri, 02 Jun 2023 11:03:50 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=yp5zUB81twzfk%2fqw90smcQ%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829615&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829615&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829615&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32 HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=; utag_main=v_id:01887bc72131000e04f6f78c007f05046003700900918$_sn:1$_se:2$_ss:0$_st:1685705629372$ses_id:1685703827762%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:5c117992-ace5-4306-8fd9-4f075f03996f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:137; dti_apg=%7B%22_rt%22%3A%22DQ47TLwO8g7F8CmqyXGSnMNMA9mcxiSKkGUclQbv6aY%3D%22%2C%22c%22%3A%22NDduZk5pbG9sN08xZ1ZPWQ%3D%3D9bzr-Zc3YAn-cUqz_eLAPEpacb6gzqHZniMvs60c1NCKUJ57VhLQF9_i260lzguZXm0M_q9gUrqI3uOTsdW44OIwUlBEQQTQxqY%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtOWpxz%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C13718350586106930635192995548681066680%7CMCOPTOUT-1685711029s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=6efdfe7e-514b-4931-a849-b355be75366c; _cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 11:03:50 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=wjob8Ovd6g29m7scsjXzOuUJWFDph9lGn5SeD7rdhT4%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc96_kf175_11808-41906
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829587&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829587&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829587&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=; utag_main=v_id:01887bc72131000e04f6f78c007f05046003700900918$_sn:1$_se:2$_ss:0$_st:1685705629372$ses_id:1685703827762%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:5c117992-ace5-4306-8fd9-4f075f03996f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:137; dti_apg=%7B%22_rt%22%3A%22DQ47TLwO8g7F8CmqyXGSnMNMA9mcxiSKkGUclQbv6aY%3D%22%2C%22c%22%3A%22NDduZk5pbG9sN08xZ1ZPWQ%3D%3D9bzr-Zc3YAn-cUqz_eLAPEpacb6gzqHZniMvs60c1NCKUJ57VhLQF9_i260lzguZXm0M_q9gUrqI3uOTsdW44OIwUlBEQQTQxqY%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtOWpxz%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C13718350586106930635192995548681066680%7CMCOPTOUT-1685711029s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=6efdfe7e-514b-4931-a849-b355be75366c; _cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 11:03:50 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=E08oZemp9KLaKfIPyTOQwp1PlzKVhdx41lrzfIUvsu0%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc96_kf175_11914-30807
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829619&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829619&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829619&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32 HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=; utag_main=v_id:01887bc72131000e04f6f78c007f05046003700900918$_sn:1$_se:2$_ss:0$_st:1685705629372$ses_id:1685703827762%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:5c117992-ace5-4306-8fd9-4f075f03996f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:137; dti_apg=%7B%22_rt%22%3A%22DQ47TLwO8g7F8CmqyXGSnMNMA9mcxiSKkGUclQbv6aY%3D%22%2C%22c%22%3A%22NDduZk5pbG9sN08xZ1ZPWQ%3D%3D9bzr-Zc3YAn-cUqz_eLAPEpacb6gzqHZniMvs60c1NCKUJ57VhLQF9_i260lzguZXm0M_q9gUrqI3uOTsdW44OIwUlBEQQTQxqY%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtOWpxz%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C13718350586106930635192995548681066680%7CMCOPTOUT-1685711029s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=6efdfe7e-514b-4931-a849-b355be75366c; _cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 11:03:50 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=66b2nbjfuUqrMxDervvpuxM7To9x6fAS5ZBmbIYp2Wc%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc96_kf175_11874-34780
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829627&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829627&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829627&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=; utag_main=v_id:01887bc72131000e04f6f78c007f05046003700900918$_sn:1$_se:2$_ss:0$_st:1685705629372$ses_id:1685703827762%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:5c117992-ace5-4306-8fd9-4f075f03996f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:137; dti_apg=%7B%22_rt%22%3A%22DQ47TLwO8g7F8CmqyXGSnMNMA9mcxiSKkGUclQbv6aY%3D%22%2C%22c%22%3A%22NDduZk5pbG9sN08xZ1ZPWQ%3D%3D9bzr-Zc3YAn-cUqz_eLAPEpacb6gzqHZniMvs60c1NCKUJ57VhLQF9_i260lzguZXm0M_q9gUrqI3uOTsdW44OIwUlBEQQTQxqY%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtOWpxz%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C13718350586106930635192995548681066680%7CMCOPTOUT-1685711029s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=6efdfe7e-514b-4931-a849-b355be75366c; _cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 11:03:50 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=VB%2fJDOy+O0c79pQgOrJCuGRPc4SlfFFJ8SZM%2fWyRNb4%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc96_kf175_11844-57714
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829623&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829623&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829623&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8 HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=; utag_main=v_id:01887bc72131000e04f6f78c007f05046003700900918$_sn:1$_se:2$_ss:0$_st:1685705629372$ses_id:1685703827762%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:5c117992-ace5-4306-8fd9-4f075f03996f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:137; dti_apg=%7B%22_rt%22%3A%22DQ47TLwO8g7F8CmqyXGSnMNMA9mcxiSKkGUclQbv6aY%3D%22%2C%22c%22%3A%22NDduZk5pbG9sN08xZ1ZPWQ%3D%3D9bzr-Zc3YAn-cUqz_eLAPEpacb6gzqHZniMvs60c1NCKUJ57VhLQF9_i260lzguZXm0M_q9gUrqI3uOTsdW44OIwUlBEQQTQxqY%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtOWpxz%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C13718350586106930635192995548681066680%7CMCOPTOUT-1685711029s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=6efdfe7e-514b-4931-a849-b355be75366c; _cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 11:03:50 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=%2fQAT0N2fZKynqypun0XC3AB%2fJc2S7szqVFHn0kXFNKk%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc96_kf175_11914-30809
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
23.36.79.26200 OK 16 kB URL GET HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
IP 23.36.79.26:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectstatic.wellsfargo.com
Fingerprint2E:FA:45:0C:2B:B4:91:CC:76:B1:F9:EF:4A:58:03:FF:95:E3:A2:CD
ValidityWed, 12 Oct 2022 00:00:00 GMT - Thu, 12 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (599)
Hash aeccb854b0a76aa9f478e466c8011b29
625d31cbeb8978cf2419f58d14bba92a42dbb45c
7f0d10bc282c3d7b0eb4d7527303490f8d3b86a1c65e293c2d9f0793006441e6
GET /assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 Mar 2021 23:46:24 GMT
Vary: Accept-Encoding
ETag: W/"60401fd0-bbed"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15970
Date: Fri, 02 Jun 2023 11:03:50 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=G3ELytkl3ifc3Jn3KlYENA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/AIDO/glu.js
23.36.79.34200 OK 37 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/AIDO/glu.js
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash be72f2c74e2f6a2d3a6d8a02cba1c2d2
5df68382e8e4d5dad25c3d2eda693cc9a53495c1
48b21de9c0039152c9d054db2f36d035a8d4995af591a81b77b83aee261526dd
GET /AIDO/glu.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 37157
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, OPTIONS
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Encoding: gzip
Date: Fri, 02 Jun 2023 11:03:50 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=uUI+YCHQcmsvtTFWXIRNcnHGBO+sPhCrGTx+UpErf0JOXpRNZlG4CH%2fXrBLe+C4H; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:49 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829630&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_chk_digitalcashbonusrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829630&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_chk_digitalcashbonusrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829630&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_chk_digitalcashbonusrspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-251670-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=; utag_main=v_id:01887bc72131000e04f6f78c007f05046003700900918$_sn:1$_se:2$_ss:0$_st:1685705629372$ses_id:1685703827762%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:5c117992-ace5-4306-8fd9-4f075f03996f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:137; dti_apg=%7B%22_rt%22%3A%22DQ47TLwO8g7F8CmqyXGSnMNMA9mcxiSKkGUclQbv6aY%3D%22%2C%22c%22%3A%22NDduZk5pbG9sN08xZ1ZPWQ%3D%3D9bzr-Zc3YAn-cUqz_eLAPEpacb6gzqHZniMvs60c1NCKUJ57VhLQF9_i260lzguZXm0M_q9gUrqI3uOTsdW44OIwUlBEQQTQxqY%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtOWpxz%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C13718350586106930635192995548681066680%7CMCOPTOUT-1685711029s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=6efdfe7e-514b-4931-a849-b355be75366c; _cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 11:03:50 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=udRPphd8F9OPB4ZWp4G%2fjWlBnwXgx3YGELAn2LD+%2fkw%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc96_kf175_11844-57718
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0&_cls_v=6efdfe7e-514b-4931-a849-b355be75366c&pid=45698081-2ad3-4f72-890d-bdcde02a27e7&sn=1&cfg&pv=2&aid=
23.36.79.33200 OK 1.1 kB URL POST HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0&_cls_v=6efdfe7e-514b-4931-a849-b355be75366c&pid=45698081-2ad3-4f72-890d-bdcde02a27e7&sn=1&cfg&pv=2&aid=
IP 23.36.79.33:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (4589), with no line terminators
Hash 3210f4073b3447ecee6a2677cf135983
c6313270e65d19dbad0ef86e9cea35c0fa253615
47b8e4b0f9c5bde28bdfa2e38d78c3606a138a276a6e7939102f01701cd1841c
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0&_cls_v=6efdfe7e-514b-4931-a849-b355be75366c&pid=45698081-2ad3-4f72-890d-bdcde02a27e7&sn=1&cfg&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 2802
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=32a3f9ce; _cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0; _cls_v=6efdfe7e-514b-4931-a849-b355be75366c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1139
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Fri, 02 Jun 2023 11:03:50 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=32a3f9ce; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!3Zzh8pvVJ9c9Kecq/D2JHXmrrcNtC5f+WBMpS0myal+ZQcFXCn6t2Y1BPDkC2QXT22Gos+oxChzLfg==; path=/; Httponly; Secure
DCID=cCx5b3Ok3KKYrWGiaB5DYp1lnUFccN1oZHw9%2fXelkU4lLmgDg98Ud+kGZzfKj%2fDQ; Domain=rubicon.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
c1.wfinterface.com/tracking/ga/ec.js
23.36.79.32200 OK 1.3 kB URL GET HTTP/1.1 c1.wfinterface.com/tracking/ga/ec.js
IP 23.36.79.32:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectc1.wfinterface.com
FingerprintCC:19:D6:44:13:12:B1:50:FD:1F:D0:A3:0E:BA:0D:69:80:6C:7D:4C
ValidityMon, 17 Oct 2022 00:00:00 GMT - Tue, 17 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (2771)
Hash 0ae62a83927125e9b9dfa97f89af9d3f
efb68f49f2b9b6b5567bf26a17015ede289e429d
618688d9849fef712931832c71e01be145d1791d6da917a702ab86a74ce66089
GET /tracking/ga/ec.js HTTP/1.1
Host: c1.wfinterface.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-aed"
Content-Security-Policy: default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self' https://*.wellsfargo.com:* https://*.wellsfargo.com https://www.wellsfargo.com https://*.abbotdowning.com:* https://*.abbotdowning.com https://www.abbotdowning.com; script-src https: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Methods: POST
Allow: GET, POST
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1313
Date: Fri, 02 Jun 2023 11:03:50 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=MFxOPzpP1ZJ2jJxCrsTIlQ%3d%3d; Domain=c1.wfinterface.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.008987996430465994
23.36.79.34200 OK 137 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.008987996430465994
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 137 kB (136577 bytes)
Hash 4ac02dc3de5f7b78119db8036d5218e9
c2d572618c28881b3268e518c8a253ddf8553912
9ea015939bf1b07d1a6b6a22c60265c3c06657a56787823ca0a40b84b28975ed
GET /AIDO/mint.js?dt=login&r=0.008987996430465994 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 136577
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 02 Jun 2023 11:03:50 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=JuFEziYNV8HAgeO4li7NiTADe%2fSWuTc%2fD8INwbHbBFZbGzVJazagkyy6CJUxkE8J; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829641&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_sav_savingsprospectrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32&promoSlot=2
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829641&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_sav_savingsprospectrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32&promoSlot=2
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829641&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_sav_savingsprospectrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32&promoSlot=2 HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=; utag_main=v_id:01887bc72131000e04f6f78c007f05046003700900918$_sn:1$_se:2$_ss:0$_st:1685705629372$ses_id:1685703827762%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:5c117992-ace5-4306-8fd9-4f075f03996f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:137; dti_apg=%7B%22_rt%22%3A%22DQ47TLwO8g7F8CmqyXGSnMNMA9mcxiSKkGUclQbv6aY%3D%22%2C%22c%22%3A%22NDduZk5pbG9sN08xZ1ZPWQ%3D%3D9bzr-Zc3YAn-cUqz_eLAPEpacb6gzqHZniMvs60c1NCKUJ57VhLQF9_i260lzguZXm0M_q9gUrqI3uOTsdW44OIwUlBEQQTQxqY%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtOWpxz%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C13718350586106930635192995548681066680%7CMCOPTOUT-1685711029s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=6efdfe7e-514b-4931-a849-b355be75366c; _cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 11:03:50 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=v5fht7xt8h8Du8xFkvXa+ZpiJaggkFsk2NQEewGyLSw%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc96_kf175_11844-57723
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829635&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=1
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829635&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=1
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829635&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ccd_findcreditcardrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32&promoSlot=1 HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=; utag_main=v_id:01887bc72131000e04f6f78c007f05046003700900918$_sn:1$_se:2$_ss:0$_st:1685705629372$ses_id:1685703827762%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:5c117992-ace5-4306-8fd9-4f075f03996f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:137; dti_apg=%7B%22_rt%22%3A%22DQ47TLwO8g7F8CmqyXGSnMNMA9mcxiSKkGUclQbv6aY%3D%22%2C%22c%22%3A%22NDduZk5pbG9sN08xZ1ZPWQ%3D%3D9bzr-Zc3YAn-cUqz_eLAPEpacb6gzqHZniMvs60c1NCKUJ57VhLQF9_i260lzguZXm0M_q9gUrqI3uOTsdW44OIwUlBEQQTQxqY%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtOWpxz%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C13718350586106930635192995548681066680%7CMCOPTOUT-1685711029s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=6efdfe7e-514b-4931-a849-b355be75366c; _cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 11:03:50 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=M506J3MGYF2Xcy1hkqVSxKg+OIAIV9lJrgxOiye3YnA%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc96_kf175_11914-30814
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829637&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829637&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829637&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-263973-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=; utag_main=v_id:01887bc72131000e04f6f78c007f05046003700900918$_sn:1$_se:2$_ss:0$_st:1685705629372$ses_id:1685703827762%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:5c117992-ace5-4306-8fd9-4f075f03996f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:137; dti_apg=%7B%22_rt%22%3A%22DQ47TLwO8g7F8CmqyXGSnMNMA9mcxiSKkGUclQbv6aY%3D%22%2C%22c%22%3A%22NDduZk5pbG9sN08xZ1ZPWQ%3D%3D9bzr-Zc3YAn-cUqz_eLAPEpacb6gzqHZniMvs60c1NCKUJ57VhLQF9_i260lzguZXm0M_q9gUrqI3uOTsdW44OIwUlBEQQTQxqY%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtOWpxz%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C13718350586106930635192995548681066680%7CMCOPTOUT-1685711029s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=6efdfe7e-514b-4931-a849-b355be75366c; _cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 11:03:50 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=dQ0UIpCfuLS4AYOOZzsHJg3kkAo+iJhNXYazBupZUNo%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc96_kf175_11874-34785
ort.wellsfargo.com/securereporting/reporting/v1/csp
23.36.79.17 0 B URL ort.wellsfargo.com/securereporting/reporting/v1/csp
IP 23.36.79.17:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /securereporting/reporting/v1/csp HTTP/1.1
Host: ort.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 3398
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Length: 0
X-Vcap-Request-Id: e18f4f94-c264-45b3-53c5-eefda7c2bb5f
X-Xss-Protection: 1; mode=block
Date: Fri, 02 Jun 2023 11:03:50 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:0|g:7684f55f-ebfc-4e40-83a4-aa77af789cde; Max-Age=30; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure
ADRUM_BTa=R:0|g:7684f55f-ebfc-4e40-83a4-aa77af789cde|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Max-Age=30; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure
SameSite=None; Max-Age=30; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766; Max-Age=30; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:2; Max-Age=30; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure
ADRUM_BT1=R:0|i:710766|e:2|d:2; Max-Age=30; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure
DCID=%2fq2Ii82RxfW0sMa+vvrdKJgjyJwDojVeY7hosPt32ZI%3d; Domain=ort.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:50 GMT;Httponly; Secure
_abck=670000C4579C02C92655EDD5DF74DA9C~-1~YAAQDU8kF7N2zGyIAQAA+SvHewls5cnuB34dUYz5fgJJjPKdB+2byAcKpgOFmlGMomffAE5gj9YqM6XAqcAbgDr6oIKTZiGiNoTeMqxd1coCUNgjvp8nq1VMpRgwBg6gwlXjmKsUtr5t+pzkggjUXkL741yOLCx0w7yG25yYiDCuYIekz/hGLKBQxuGKBNtL4PlpW5A+HSiV6zLFOouOf8CLR3SIQMlsQgmaI3kEKjChjKhrrMadu5L357rvVvQQdzSlFrhT13PVr2Ej+vlV5Pc7hj0mkbK//CfOHAuUbOcFD5XoY1m1Lxjdh6UP8oHEiXO6pb6NL24P+ARRRT+JBFFvUtrQwLltIBE3XP3/i+9MVJx0iMbGQ6UXlQtjnKZ9~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 11:03:50 GMT; Max-Age=31536000; Secure
bm_sz=B132A33597F3FBFD86C3983B92F73F5B~YAAQDU8kF7R2zGyIAQAA+SvHexMV+dPokmWG21F9FfGtAExK/aZZjRou/cmesZy+InhjKKyc3ABGClHRMuDDl/XqV10eKK37AGCak4RBVoJ0oiQCweEUaeZ5yHEPqhr7MP+emDZ43k97nLjnLubJLbWFMcZTVDq7eBRLndPYY8v5mbnl4xz+fiVqOlV9ejkS7al5d3IAYulIJUWYo6FWmLOChJ4KSCyOf512gUyIWFiW5/Fs1cN8A0gjoiI5dB0nvjZSZndLj08jTMtn5q+PigOPcIwpGOuHhy2OuQBci98T7cLFHIjc~4272181~3748664; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 15:03:50 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/PIDO/pic.js?r=0.5041115217616661
23.36.79.34200 OK 52 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/PIDO/pic.js?r=0.5041115217616661
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash d5a0ff384150ea3daddf06b30afbed41
91bc3de7a544ad0d5ca3f1c60fe1a2063f042c8d
0b2058e24fbd77e6e8e8f5541864e330ac85d2d936fafa1efa788b49c4048915
GET /PIDO/pic.js?r=0.5041115217616661 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 52520
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 02 Jun 2023 11:03:50 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=0CjtM6%2fT4sKOCTQYOjqRPa0EAUnPjD9JzlZFU2xjtFQIsVb27+OhZRPkO3ERBRrp; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829632&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829632&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829632&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-228930-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=; utag_main=v_id:01887bc72131000e04f6f78c007f05046003700900918$_sn:1$_se:2$_ss:0$_st:1685705629372$ses_id:1685703827762%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:5c117992-ace5-4306-8fd9-4f075f03996f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:137; dti_apg=%7B%22_rt%22%3A%22DQ47TLwO8g7F8CmqyXGSnMNMA9mcxiSKkGUclQbv6aY%3D%22%2C%22c%22%3A%22NDduZk5pbG9sN08xZ1ZPWQ%3D%3D9bzr-Zc3YAn-cUqz_eLAPEpacb6gzqHZniMvs60c1NCKUJ57VhLQF9_i260lzguZXm0M_q9gUrqI3uOTsdW44OIwUlBEQQTQxqY%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtOWpxz%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C13718350586106930635192995548681066680%7CMCOPTOUT-1685711029s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=6efdfe7e-514b-4931-a849-b355be75366c; _cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 11:03:50 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=C9PmBJ8kaAXTtVDhEsS12TEpfrrSKgB11RtYsfHdAcU%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc96_kf175_11808-41911
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829645&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829645&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829645&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=; utag_main=v_id:01887bc72131000e04f6f78c007f05046003700900918$_sn:1$_se:2$_ss:0$_st:1685705629372$ses_id:1685703827762%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:5c117992-ace5-4306-8fd9-4f075f03996f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:137; dti_apg=%7B%22_rt%22%3A%22DQ47TLwO8g7F8CmqyXGSnMNMA9mcxiSKkGUclQbv6aY%3D%22%2C%22c%22%3A%22NDduZk5pbG9sN08xZ1ZPWQ%3D%3D9bzr-Zc3YAn-cUqz_eLAPEpacb6gzqHZniMvs60c1NCKUJ57VhLQF9_i260lzguZXm0M_q9gUrqI3uOTsdW44OIwUlBEQQTQxqY%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtOWpxz%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C13718350586106930635192995548681066680%7CMCOPTOUT-1685711029s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=6efdfe7e-514b-4931-a849-b355be75366c; _cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 11:03:50 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=sXqvjLD2CnIC+zNpcEAgJjgBo9Sw2s9ermahHON1t00%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc96_kf175_11914-30815
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829648&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829648&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829648&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=3 HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=; utag_main=v_id:01887bc72131000e04f6f78c007f05046003700900918$_sn:1$_se:2$_ss:0$_st:1685705629372$ses_id:1685703827762%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:5c117992-ace5-4306-8fd9-4f075f03996f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:137; dti_apg=%7B%22_rt%22%3A%22DQ47TLwO8g7F8CmqyXGSnMNMA9mcxiSKkGUclQbv6aY%3D%22%2C%22c%22%3A%22NDduZk5pbG9sN08xZ1ZPWQ%3D%3D9bzr-Zc3YAn-cUqz_eLAPEpacb6gzqHZniMvs60c1NCKUJ57VhLQF9_i260lzguZXm0M_q9gUrqI3uOTsdW44OIwUlBEQQTQxqY%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtOWpxz%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C13718350586106930635192995548681066680%7CMCOPTOUT-1685711029s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=6efdfe7e-514b-4931-a849-b355be75366c; _cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 11:03:50 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=wQvPOk9VDiCVgtD3v3E9pFbcF8BuETtKZn3u8rgHFQQ%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc96_kf175_11844-57725
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829652&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
163.171.132.220200 OK 43 B URL GET HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829652&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F&cb=1685703829652&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32 HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=; utag_main=v_id:01887bc72131000e04f6f78c007f05046003700900918$_sn:1$_se:2$_ss:0$_st:1685705629372$ses_id:1685703827762%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:5c117992-ace5-4306-8fd9-4f075f03996f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:137; dti_apg=%7B%22_rt%22%3A%22DQ47TLwO8g7F8CmqyXGSnMNMA9mcxiSKkGUclQbv6aY%3D%22%2C%22c%22%3A%22NDduZk5pbG9sN08xZ1ZPWQ%3D%3D9bzr-Zc3YAn-cUqz_eLAPEpacb6gzqHZniMvs60c1NCKUJ57VhLQF9_i260lzguZXm0M_q9gUrqI3uOTsdW44OIwUlBEQQTQxqY%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtOWpxz%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C13718350586106930635192995548681066680%7CMCOPTOUT-1685711029s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=6efdfe7e-514b-4931-a849-b355be75366c; _cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Thu, 01 Jun 2023 11:03:50 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=Ge9xLYUY1kOT0lfPy8RFfGKvtdgvGt9lQxDVTiQg4Lw%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:50 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 kf173:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc96_kf175_11844-57730
connect.secure.wellsfargo.com/jenny/nd
23.36.79.34200 OK 18 kB URL GET HTTP/1.1 connect.secure.wellsfargo.com/jenny/nd
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with very long lines (2293)
Hash 4a4ea4e3c33e5e81b23e4bd621db80b9
9daef1a8cfd2b3e555cd90c290594d4e96385e20
7917083ff742a0a16e756054a57c6d8db94938ec9ca9ead5542563b78ee0063b
GET /jenny/nd HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/javascript;charset=ISO-8859-1
Content-Length: 18028
Date: Fri, 02 Jun 2023 11:03:50 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:55|g:2fc667a1-01b3-4f56-b7a3-14b15ef96c58; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure
ADRUM_BTa=R:55|g:2fc667a1-01b3-4f56-b7a3-14b15ef96c58|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure
SameSite=None; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812|e:4; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure
ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=m8nhuSYi2ORacpFGKIeAq1+v+WEzo1J8EreIAb9wF0QMyK1U4E7NRm1c1R7mOkiI; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:50 GMT;Httponly; Secure
_abck=540D382979E902B983BAF86C81C79B35~-1~YAAQHk8kFwXuLm2IAQAAzizHewlUP0dPAXK4It12qDjxa5+z9gs3w/ZrtLNOl2GOThMREZsVlzM4lYcIFTUC9rAj1jcnmC7rRU5KF4iu4hHMNLGSV3CfprydrJIOXwtPAs5e6hqnUdArvEn9ij11fTS7DH28pjB3KWce6bwXxKkwIgNOtvSQUM6kHt5+atvxWYYVi2HwLlqkr6suNwDGD4v0ZmWr8vu6i3QWGek1HrUbjsayuaaeE+vq0WTvkvsgpi/glFPv7SvWVL20r0b2qAQubriGtrpCBXmknyJSq0C+W694aGvuyrZ94j6f9bh6MA9TqlwCnLjaJ+O5CtwMO7ZEdGyxPPnrjCKQwurD9xNEpMSf8JVS1dALv267J+Uy~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 11:03:50 GMT; Max-Age=31536000; Secure
bm_sz=08EFBDDB667E81904E2D49D9B2A96FE1~YAAQHk8kFwbuLm2IAQAAzizHexPdeGjNUkCVwWsyEGxKQUyZgRMbOGLZZaEXDqvVEizOh+CFlDi50i45+mKicPVxed8/GZEF7OigblHfuBLU5l52tHlxJR4u+XNxtXQudmo2Kg13TSm+UzK5LLjAhCxTqX1cwoUr/dHdd3Q0h8pSy3fbw3D/ToyWIF8JmPRFSnLQV9W1/7/hgDj5vF/5vKwRd6HSeh1uxogrUQArxWMMX2XKcT9VHe0PERG88h5SbGMIl+nPv/FV1TvBhq/gHBT9Zx5ZU7eYltShuU8Wl9LmyIjQACnp~3749174~3159862; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 15:03:50 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.132.220200 OK 970 B URL POST HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2439), with no line terminators
Hash b94c2e98017cfbb5e97894df23c6bae8
b32dbec0a099631a1ab5ddbbfe283366157fd435
97ee1f8f26118833bf53ae8b77abfa01caada5f397eb4b00bd66b36371284173
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 264
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=; utag_main=v_id:01887bc72131000e04f6f78c007f05046003700900918$_sn:1$_se:2$_ss:0$_st:1685705629372$ses_id:1685703827762%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:5c117992-ace5-4306-8fd9-4f075f03996f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:137; dti_apg=%7B%22_rt%22%3A%22DQ47TLwO8g7F8CmqyXGSnMNMA9mcxiSKkGUclQbv6aY%3D%22%2C%22c%22%3A%22NDduZk5pbG9sN08xZ1ZPWQ%3D%3D9bzr-Zc3YAn-cUqz_eLAPEpacb6gzqHZniMvs60c1NCKUJ57VhLQF9_i260lzguZXm0M_q9gUrqI3uOTsdW44OIwUlBEQQTQxqY%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtOWpxz%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C13718350586106930635192995548681066680%7CMCOPTOUT-1685711029s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=6efdfe7e-514b-4931-a849-b355be75366c; _cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:50 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 970
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-60167173-3c7f-4906-b5df-15c854783bfc' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:5c117992-ace5-4306-8fd9-4f075f03996f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:137; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:461d7ec2-db59-4fa1-aab5-d0a857a1c234; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:461d7ec2-db59-4fa1-aab5-d0a857a1c234|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:66; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=71932F4BA08B13564C040AA6136B0BB8; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 01 Jun 2024 11:03:50 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202306020403501991697168; domain=.wellsfargo.com; path=/; expires=30 May 2033 11:03:50 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!qr3e3JSp28Nf9tTz2xKqB3cO2dndHttAmoPvNh5ChEac9ojsrAZH7QxTaad1RGaXNWayVR1yO9gEgqY=; path=/; Httponly; Secure
DCID=Zu%2fCbAiTCtTkoO8WvgeiLkGOSAeY7QMzYCXaNbTBsTP3hIJVhtKD%2f9r8i42IVGSW; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:50 GMT;Httponly; Secure
_abck=7CF8BD6828D21AF589730D46EA269CDF~-1~YAAQ4KDVF3xBuXiIAQAA5izHewm6R23DT3OyrT7HBaTjyj61DxHzKIlpH6uPUcozwB1luknixlCpAyMLvwNVFjDKq2ppJudUy1qVq3Jr31n46YJFI5vOmVjkTYxAdPyoYiBcMsBwpI4L6Kt7K9oPtgEgNh2LXnWrxXCIIuoNnwjI4u6OupOxcyd6+iRL8FM5w4RFft1wyakyjgIQGfeBMaE5b7ulgYmfsHhvs/n0sHtHt/m5Zr15oGD0XEkSf8PgobKrAc8JD25a2V58F22y/WbxnuAm30TNf1C7Yk1iOawqyoA/2eCwLy3mmuNdr+e+WN2k689R1stAKLoCsD85ZWn09hsi5vi2TFa8e5hJHmDFwqsyv0OH1FZhaG4VxBGl~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 11:03:50 GMT; Max-Age=31536000; Secure
bm_sz=42E5369F7D108FE8DB1770F9A2168BD3~YAAQ4KDVF31BuXiIAQAA5izHexP3p6CfyNe/3CJm7qvxOnJzs/p7caZ2MLipH+vKwdXQ2Xmoc6j6wZzfFv83wBoCYE8cw3BCNXmihWlmfzd6xwvisvzdaZKRVtsC47WrbMsIsV8XDE7C4Vz5rtWEr1EIXtTNcj6t+6ic/oCJMwL8Ky4pwgC8e7Zw3WdjosHTWx2tFfrF/h4r8fLK7wjOcfOfqvopHNLPf1C81MxcSjQeefrk6Y0pLU5ymY6/5A2iaJAEx2vduXoFrWyGvaReBd52Vull9Ejp3ARTwtaK76N0jITe6meB~3163440~3293746; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 15:03:50 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc96_kf175_11874-34789
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.132.220200 OK 968 B URL POST HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2434), with no line terminators
Hash 9c0a0e6bfd87e3dabb4d76eaaa17efca
6c1110a88d56d5c8bcc28e6358d5762c4870ca4a
79e98d122ac20bbb4939b9ac0616bd710c121f2ede1855f1da725a0fcecc2892
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 262
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=; utag_main=v_id:01887bc72131000e04f6f78c007f05046003700900918$_sn:1$_se:2$_ss:0$_st:1685705629372$ses_id:1685703827762%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:5c117992-ace5-4306-8fd9-4f075f03996f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:137; dti_apg=%7B%22_rt%22%3A%22DQ47TLwO8g7F8CmqyXGSnMNMA9mcxiSKkGUclQbv6aY%3D%22%2C%22c%22%3A%22NDduZk5pbG9sN08xZ1ZPWQ%3D%3D9bzr-Zc3YAn-cUqz_eLAPEpacb6gzqHZniMvs60c1NCKUJ57VhLQF9_i260lzguZXm0M_q9gUrqI3uOTsdW44OIwUlBEQQTQxqY%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtOWpxz%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C13718350586106930635192995548681066680%7CMCOPTOUT-1685711029s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=6efdfe7e-514b-4931-a849-b355be75366c; _cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:50 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 968
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-798c09c0-d25f-473b-baa5-cee0acb2ec7a' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:5c117992-ace5-4306-8fd9-4f075f03996f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:137; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:fa41b757-9367-4607-85e2-14b4de95c393; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:fa41b757-9367-4607-85e2-14b4de95c393|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:28; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=7E98CE0FEC8B7B80872C351956D38C6B; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 01 Jun 2024 11:03:50 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120230602040350224390569; domain=.wellsfargo.com; path=/; expires=30 May 2033 11:03:50 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!80j5D/4AygQU9PYGl7IZxfIs0wroUTJr039n+lIHbfCRK2aUh6kRNkwjYAe0cPTw4FwTHd2UFn6wzBs=; path=/; Httponly; Secure
DCID=D9MHH5Dq7yYP3K3vcFuipt6K0kVfnqk94sK8bv%2fl2CI%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:50 GMT;Httponly; Secure
_abck=BC821AC284DB2E7666E41207A9539FB8~-1~YAAQ4KDVF35BuXiIAQAACy3HewmAugxqxHUt4MDkjaGqPQMIahaVz10DXAAXfYP6qxPm/9c5H5cEOsRNEkDSnUg39if7x7lsxhzuoSGtAm+WAIgKclU+tAbY5cZZ/DPKO/lEGMdvLQReHeaGy8gk6si7OG9h61A/FDw1FYmoeGTCv/3+TsWYRnU2Upfu5FPnmocnMmyw0V7122zP0yGJxAeKDnxEZviV+wepce0Tjj7BYa3wjsDE3Baw6gIIhhPiMFXn7TjmAISeTxuClnl+W8KscgVvRA64Nn6RwWjKX8rQfpehnWN+Htp2ZMQSC7jLVBQZ6STKsHF1QxsKYB+PMEntBAMxQsQANrrmy5kw5r5wnYpXO2Bs+RE78o8H4qZ7~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 11:03:50 GMT; Max-Age=31536000; Secure
bm_sz=8D11D68800CBC920C63FA64937617DCE~YAAQ4KDVF39BuXiIAQAACy3HexMlGgEM9ZGIHVkT0IQQrjlSXFCGQCKW5LcYLgFm+SCjofhwC1UbP76/qgK3S77ew8gC2N5a0IBuFYAch3AvCmK6yXOo8f3jo5rdhRWwIuydxJUf48rIX8d471wZGreY7jLhxL+HMX5bzRhG98ase9KnlQsLN1SXiRtNagZyGB22U0liLfGechM3yWHaBPT3eGZgztoptcDZTmckhmKYWo4ZTGQX1rH9dJXixaXA+RiAg7SmK67vf79SsS51qiH4jE0NssUFi09gA1THeqlQjAtCsz/r~3163440~3293746; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 15:03:50 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc96_kf175_11914-30823
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.132.220200 OK 971 B URL POST HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2440), with no line terminators
Hash 11b092fa7a408fe3522df22670531eba
ab28570dadf223db2fd1781cab3b8612fa765718
be8063e1337bcf308a0d316db2738d82fcf3c7475b308c2e30a6051abbff0ed7
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 265
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=; utag_main=v_id:01887bc72131000e04f6f78c007f05046003700900918$_sn:1$_se:2$_ss:0$_st:1685705629372$ses_id:1685703827762%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:5c117992-ace5-4306-8fd9-4f075f03996f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:137; dti_apg=%7B%22_rt%22%3A%22DQ47TLwO8g7F8CmqyXGSnMNMA9mcxiSKkGUclQbv6aY%3D%22%2C%22c%22%3A%22NDduZk5pbG9sN08xZ1ZPWQ%3D%3D9bzr-Zc3YAn-cUqz_eLAPEpacb6gzqHZniMvs60c1NCKUJ57VhLQF9_i260lzguZXm0M_q9gUrqI3uOTsdW44OIwUlBEQQTQxqY%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtOWpxz%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C13718350586106930635192995548681066680%7CMCOPTOUT-1685711029s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=6efdfe7e-514b-4931-a849-b355be75366c; _cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:50 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 971
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-b55c12f3-a6a8-42d2-9821-42c712317eb1' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:5c117992-ace5-4306-8fd9-4f075f03996f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:137; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:488f2820-0ec8-4a27-b6aa-3c31694689ad; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:488f2820-0ec8-4a27-b6aa-3c31694689ad|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:63; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=B3D353506047745CB30E45986D8C5A00; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 01 Jun 2024 11:03:50 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202306020403501222322309; domain=.wellsfargo.com; path=/; expires=30 May 2033 11:03:50 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!NCPT8iN5ob1jlIEMntjHYqEj2JIOPKuv/d25jvb9P/HAIxZeO/tlj9NiFnWQSlFw6SIwr2Baq2M+cNw=; path=/; Httponly; Secure
DCID=HSj7+cLErND%2fRuKzjnErsvHumteVmC9kIbFGxGs%2f2AGPGM1NTT7nBpMTY3MG0zdO; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:50 GMT;Httponly; Secure
_abck=D99228D5BD15D943F3898D3DE8716579~-1~YAAQ2qDVF/9tmDmIAQAAHC3HewnF6SnH9TI+2nj58pA9aysj86rBy7ymDZmYUOdZzkdSjGM04PPCBCNEb2I1XuKLnb1fC5vEwVUhKr2QqPUaMdJvuGLTe6BYp4yHMFyAXUh+kWr8kJFkhP9hvzyMrOT4xezp3RhKj5Q4sqypPiNB6P7lYxApvDhj6uCtG/4Bl5tz1i/EX7y1KRTsr0WbnU68k83EwYAnEgk5CgTFjvUlTXrHRRagz/MwmImKZG/EueAI6o6+4XzJwo93NtbG3dLGfideeDrEmCgwcVA7fo41IAjqjltPUPZ1jnfHqVWCp3KKjYqmp70iJ8izg6OmKZjh8+QE93oZNJgWfFlY9mEIIRMno9LQy1HvLBw25E8Q~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 11:03:50 GMT; Max-Age=31536000; Secure
bm_sz=A7EAD73E52768F89110D83065B2D259A~YAAQ2qDVFwBumDmIAQAAHC3HexObqzhMY+sfJpMzZww+wksJ/LpkwIjOWoC31Iu44pMDWvoJsrUsP4g4jzDD7cD+x/A44budayN+mnQ9cSLp5ZxQIjXUr7bZLD607Itgd/5nN5oeTBvrWQPUzPOe8wnRNKMUYkBEDk84Iq+X840U+/aO4sLBOOOC/+DsbR898mqk2XHzzPojHJadwOUbwxz+xNZiFzky/NdRohSxJjKF//be7O1Akn0Nppk47+SMxMuEGFtizLAHnR7Gmj88V5bfJXi08FbmTLo4vZ5hkXT5jQr0jOsq~3163440~3293746; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 15:03:50 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc96_kf175_11914-30820
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/as/target/offers/dispositions
163.171.132.220200 OK 941 B URL POST HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (2361), with no line terminators
Hash 92fca8b63f11f4e4c3488a9ff79dc7fb
dfa91e1234b515534f02a2397b9312b60dc5682b
e93166f8454b8e0efb28c167d13a42d4063b519547f0e9f694100ed289e56cf1
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Content-Type: application/json
Content-Length: 265
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=; utag_main=v_id:01887bc72131000e04f6f78c007f05046003700900918$_sn:1$_se:2$_ss:0$_st:1685705629372$ses_id:1685703827762%3Bexp-session$_pn:1%3Bexp-session; ADRUM_BTa=R:27|g:5c117992-ace5-4306-8fd9-4f075f03996f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206893|e:137; dti_apg=%7B%22_rt%22%3A%22DQ47TLwO8g7F8CmqyXGSnMNMA9mcxiSKkGUclQbv6aY%3D%22%2C%22c%22%3A%22NDduZk5pbG9sN08xZ1ZPWQ%3D%3D9bzr-Zc3YAn-cUqz_eLAPEpacb6gzqHZniMvs60c1NCKUJ57VhLQF9_i260lzguZXm0M_q9gUrqI3uOTsdW44OIwUlBEQQTQxqY%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtOWpxz%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C13718350586106930635192995548681066680%7CMCOPTOUT-1685711029s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=6efdfe7e-514b-4931-a849-b355be75366c; _cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:50 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 941
Connection: keep-alive
Content-Security-Policy: default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.tiktok.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.maxymiser.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://bat.bing.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com https://*.knotch.it https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nod-glb.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.maxymiser.net https://*.knotch.it https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://bat.bing.com https://www.knotch-cdn.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nod-glb.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com https://*.knotch.it https://www.knotch-cdn.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nod-glb.nuance.com; script-src 'nonce-74e8f3cd-53c5-4a33-be24-e3a06e3125d1' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.tiktok.com https://*.maxymiser.net https://bat.bing.com https://www.clarity.ms https://snap.licdn.com https://*.linkedin.com https://s.yimg.com https://sp.analytics.yahoo.com https://p.adsymptotic.com https://*.nod-glb.nuance.com https://www.knotch-cdn.com; media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:5c117992-ace5-4306-8fd9-4f075f03996f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:137; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:14da2131-56bd-4472-b06e-7666c6d317d6; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:14da2131-56bd-4472-b06e-7666c6d317d6|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:66; Expires=Fri, 02 Jun 2023 11:04:20 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=06F4F5288BAE58C5A0F3D5456727FAE6; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Sat, 01 Jun 2024 11:03:50 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120230602040350769644228; domain=.wellsfargo.com; path=/; expires=30 May 2033 11:03:50 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!SZq8codb/XuQc2vz2xKqB3cO2dndHjPqrShfBiDZ7qjTORFpUTSaVIxczLaqmij3/o5xwzokmWYevCU=; path=/; Httponly; Secure
DCID=HZ56CvLFt1VX4woV1ffTEwcZ+mmhVRbIW6UAOoObgmjcfl1luL3TM9eYueprWNsr; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:50 GMT;Httponly; Secure
_abck=6598C365C0BFC23743D2C10E3B18E6BA~-1~YAAQ2qDVFwFumDmIAQAAMy3HewkDjyR7GRLG8PTrkWKlMPPy++4zUEz31d6AxQXtBVhJrpIXlUuZBdgYcQUjUghidfCJ7wVstr2+Q0TWhqi40Gd/Jx0qLHQKkNnosdB0os4BDPl86x6Cti8fM/7n/9JWQ77sT9+z1ANP/h90Z8itWFEYb0LV1Dx++UnPKbmNbv7KXsrqRp1G3lI1QPsdE+x3j2CsO97cZtYu+mR5W3MI8b9UihfhWlgZSWhxO4bMvizh3CJOxMsbwn9ISbVpcSbGnsBzm10LOUlHGUGlJk+QyP/WFhTlNvqI6MW2ExEYxSPlobjCjGbCWoj6HJ3YwsuHNas8cUVOlkckyeqeZZ7Ykp3yTuRuUcO+wVQNUeen~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 11:03:50 GMT; Max-Age=31536000; Secure
bm_sz=24821E0DE892726331032E5092D2C9A7~YAAQ2qDVFwJumDmIAQAAMy3HexOC68jEmTkZCimRjEW9boqg8w7x/WJ5d6XpdqXS9Y9Aap4B9fAPtCocLzU8P/P4UZkSKRXZhhNfSjZn538rGGF6HQTmpw9RaTq7MXwMxj1/Ptgwy0+ZFnbE5K5UbjlALWbpvT7n1QuritOPQGu664WF8qfa78FBSORY6lanFVFYVYphRDxIGoHM4GFE2f+tdjdNUGVUqtCH7DJ8KljxKoE/Wj9absdbk/gpqn8xEqbERmwbExMPHZAvSSmdArwFCLIBTZ0PZzOOJzraeH1g3YNMHDgW~3163440~3293746; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 15:03:50 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc96_kf175_11808-41917
connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBBTVVsMEtuQmRNMVZ5NDFRbDhveTFkTGg4K0hwU0NlZ1dQM3NJTW82c255OUt1SDRYQXBLVWxRSWE0RWJteW4yY1FaU1RpVmFhS2YzdnQvbExvMzBCc1d1WUlWZ3N4Qm5Yb1JNK3JMSXNKR2VXMlQyRG1MNFgzdy9Yb01jY05VWkdsbkhYTis1R0JVNjRyUXFHWjYxQ1IwMFZ2MVlIRmVPblFZNjc2R2lIT3ZsaTl3K0JoNExlVVhidGIrblUzcCsxcE9HMzkySkRPZ0Frc0ZYeXBxTDVhS3g1Zml6TkRyd2FoaElGdlFkN0R6bUNuWm1CUjVxOVNxcEtMVzYwN21VcHRPWjNOaEdUTEkvRkhZR2RBV25qRFhqSnE3MHc0Q0dnZWVqV1BFPXw4MzU4YzM0NzkyZWUxMWFmMTc4ZjNjYzE4YTQxZjExZDVmMTY2ZGVhMTcwMGIyNjZkZTQ2Zjg2YWYyZDkyYjgwZDVlYTkyOTYxMWFhMDhhNDIzMGQ1ODJhMmFhOWEwZjg2ZTViYmYzY2Y3MmNmNTA3MzdlMzBjYjYxOTZkMzllNjJjZDM1NDY2MTY1ZmUwNzk4OGU0M2JjMTAyNjczODA3MzE1OWQ1NzNmYTY0OGYyOGZiZDYxMTI0YzU1ZjI1YTVjN2NiZjc0MDNlNjVjMmNhYWE0YWY5ZTY5NmRhMDFmMWMzMjk1OWFhYjE5ZDE2MzVhMGIyOWFhNDU4MmMzODY3ZDNmNzQ3ZjQzYjEwY2E0NTVhMGYzZGI4N2VhMWVkYjY1YTkxYmZkNDg0NTE3NWI5NDgwYjI3MDQ3YTI5ZmRmZTRhNGUzMjA3ZWNiZGNhYTFlNTViNTc3MGZlZjY2YzZhMTAzMDE2MjdhNmYwMDYwMTk4NjA2NmIwZGEzMmEwMzhiZDc1MzMwNTI4OTBkZDUzNjdlNzU5MGM1YmUyNzAxMWMxNWI0ZTUwMzMzN2FlYjljZWFiMWE3NTY3Yjk4MzExZTY5NDkwY2M4YjZlNTZjNWQzZWYwYmNlMDM5NDdhN2IzZDg5YWY4Yjc2MGEyYmNmMTg2MWI3MmNhM2RlMzczMnwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com&t=jsonp&c=ffgabr_hxgngms_q&eu=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F
23.36.79.34200 OK 90 B URL GET HTTP/1.1 connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBBTVVsMEtuQmRNMVZ5NDFRbDhveTFkTGg4K0hwU0NlZ1dQM3NJTW82c255OUt1SDRYQXBLVWxRSWE0RWJteW4yY1FaU1RpVmFhS2YzdnQvbExvMzBCc1d1WUlWZ3N4Qm5Yb1JNK3JMSXNKR2VXMlQyRG1MNFgzdy9Yb01jY05VWkdsbkhYTis1R0JVNjRyUXFHWjYxQ1IwMFZ2MVlIRmVPblFZNjc2R2lIT3ZsaTl3K0JoNExlVVhidGIrblUzcCsxcE9HMzkySkRPZ0Frc0ZYeXBxTDVhS3g1Zml6TkRyd2FoaElGdlFkN0R6bUNuWm1CUjVxOVNxcEtMVzYwN21VcHRPWjNOaEdUTEkvRkhZR2RBV25qRFhqSnE3MHc0Q0dnZWVqV1BFPXw4MzU4YzM0NzkyZWUxMWFmMTc4ZjNjYzE4YTQxZjExZDVmMTY2ZGVhMTcwMGIyNjZkZTQ2Zjg2YWYyZDkyYjgwZDVlYTkyOTYxMWFhMDhhNDIzMGQ1ODJhMmFhOWEwZjg2ZTViYmYzY2Y3MmNmNTA3MzdlMzBjYjYxOTZkMzllNjJjZDM1NDY2MTY1ZmUwNzk4OGU0M2JjMTAyNjczODA3MzE1OWQ1NzNmYTY0OGYyOGZiZDYxMTI0YzU1ZjI1YTVjN2NiZjc0MDNlNjVjMmNhYWE0YWY5ZTY5NmRhMDFmMWMzMjk1OWFhYjE5ZDE2MzVhMGIyOWFhNDU4MmMzODY3ZDNmNzQ3ZjQzYjEwY2E0NTVhMGYzZGI4N2VhMWVkYjY1YTkxYmZkNDg0NTE3NWI5NDgwYjI3MDQ3YTI5ZmRmZTRhNGUzMjA3ZWNiZGNhYTFlNTViNTc3MGZlZjY2YzZhMTAzMDE2MjdhNmYwMDYwMTk4NjA2NmIwZGEzMmEwMzhiZDc1MzMwNTI4OTBkZDUzNjdlNzU5MGM1YmUyNzAxMWMxNWI0ZTUwMzMzN2FlYjljZWFiMWE3NTY3Yjk4MzExZTY5NDkwY2M4YjZlNTZjNWQzZWYwYmNlMDM5NDdhN2IzZDg5YWY4Yjc2MGEyYmNmMTg2MWI3MmNhM2RlMzczMnwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com&t=jsonp&c=ffgabr_hxgngms_q&eu=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F
IP 23.36.79.34:443
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subjectconnect.secure.wellsfargo.com
Fingerprint3F:43:1B:FB:A6:51:FA:27:D5:EE:CF:C1:23:76:C7:04:BF:40:DB:BD
ValidityTue, 11 Oct 2022 00:00:00 GMT - Wed, 11 Oct 2023 23:59:59 GMT
File type ASCII text, with no line terminators
Hash a08669b81de1dec0dee388a016bd4c7a
251c4c32badc8436be05639571dbb9a57893fd63
18af34efaaf0091a586a03a36e50eb61bbb1482fc225f6a1a810f2fca4175366
GET /AIDO/vyHb?d=ZW5jZEBBTVVsMEtuQmRNMVZ5NDFRbDhveTFkTGg4K0hwU0NlZ1dQM3NJTW82c255OUt1SDRYQXBLVWxRSWE0RWJteW4yY1FaU1RpVmFhS2YzdnQvbExvMzBCc1d1WUlWZ3N4Qm5Yb1JNK3JMSXNKR2VXMlQyRG1MNFgzdy9Yb01jY05VWkdsbkhYTis1R0JVNjRyUXFHWjYxQ1IwMFZ2MVlIRmVPblFZNjc2R2lIT3ZsaTl3K0JoNExlVVhidGIrblUzcCsxcE9HMzkySkRPZ0Frc0ZYeXBxTDVhS3g1Zml6TkRyd2FoaElGdlFkN0R6bUNuWm1CUjVxOVNxcEtMVzYwN21VcHRPWjNOaEdUTEkvRkhZR2RBV25qRFhqSnE3MHc0Q0dnZWVqV1BFPXw4MzU4YzM0NzkyZWUxMWFmMTc4ZjNjYzE4YTQxZjExZDVmMTY2ZGVhMTcwMGIyNjZkZTQ2Zjg2YWYyZDkyYjgwZDVlYTkyOTYxMWFhMDhhNDIzMGQ1ODJhMmFhOWEwZjg2ZTViYmYzY2Y3MmNmNTA3MzdlMzBjYjYxOTZkMzllNjJjZDM1NDY2MTY1ZmUwNzk4OGU0M2JjMTAyNjczODA3MzE1OWQ1NzNmYTY0OGYyOGZiZDYxMTI0YzU1ZjI1YTVjN2NiZjc0MDNlNjVjMmNhYWE0YWY5ZTY5NmRhMDFmMWMzMjk1OWFhYjE5ZDE2MzVhMGIyOWFhNDU4MmMzODY3ZDNmNzQ3ZjQzYjEwY2E0NTVhMGYzZGI4N2VhMWVkYjY1YTkxYmZkNDg0NTE3NWI5NDgwYjI3MDQ3YTI5ZmRmZTRhNGUzMjA3ZWNiZGNhYTFlNTViNTc3MGZlZjY2YzZhMTAzMDE2MjdhNmYwMDYwMTk4NjA2NmIwZGEzMmEwMzhiZDc1MzMwNTI4OTBkZDUzNjdlNzU5MGM1YmUyNzAxMWMxNWI0ZTUwMzMzN2FlYjljZWFiMWE3NTY3Yjk4MzExZTY5NDkwY2M4YjZlNTZjNWQzZWYwYmNlMDM5NDdhN2IzZDg5YWY4Yjc2MGEyYmNmMTg2MWI3MmNhM2RlMzczMnwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com&t=jsonp&c=ffgabr_hxgngms_q&eu=https%3A%2F%2Fwww--wellsfargo--com--3b49329d48d6c.wsipv6.com%2F HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 90
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Fri, 02 Jun 2023 11:03:51 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=6sA30%2f+CkxQ2bc0bB%2f2aknvMoqJzmPtRPFALUlhUDx9kC84++tSgojEhay2TyBpV; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:51 GMT;Httponly; Secure
_abck=3A7FD06F848C87E59725092FA81AF11E~-1~YAAQHk8kFwnuLm2IAQAAhC7HewnNfZfhGmlyifPZpd2Y0//EBTy1sNoQeeluJ5Y/41x4IULil1wbCSamt7yNP7Mb47GdF/RekI45GwCBRkV29c0nFVON7TN5QU5q9Rdy6sR0w8xe2FdAFxJnmWjxF13/U0cOpuSI4xt3HSxG1QqOO3qvU/wOBSavixCOc6edPBXKcBOFCy+x+DvHx9IeaVVnQAMyIbqIV88YBnskKVOGpRfMKSoUJqDJ/W9b40+8ZYtsS77SAn11E5RyxeKNtqXSYki8fGNn/sWP6ojbQc5EHkZoHP9o2j9cD5s1MUjGYSdtsj9a/7wOyavLVi/AlC0E/n+3d8g1vzx9F4XUcPp4py5vlfZZ5OJ+P2QmHptH~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 11:03:51 GMT; Max-Age=31536000; Secure
bm_sz=09F1E9BA2E9322DABA3D9D2EE13FED60~YAAQHk8kFwruLm2IAQAAhC7HexMAxKQ+8xirGQ/yzDZSiUv7j+EgkPNFtPHL5sgm/mPztoUti0qy8+3M33fMRdh/7FGKvxCMNeAENsvzsa+G+CQ/8q0OKPsZP1zZurpAs9SOICrg71YowdknWdLOzrrtS0IIbKi9kZQtBp5i2YaGqseEQb92le+R2+AsLVzd+kvCPFOicWL+MyEwt6fnU1zPPXpCDX+dpc9L1+xrgeJoiBtHR+g8TEtkLL1sLVzS/PbjBqyBX4nthoP+fBqI/PuefGh7781wwJNhC9udIMz45vEUVIjm~3749174~3159862; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 15:03:50 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
163.171.132.220200 OK 134 B URL POST HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 1e55045c6bded67c53fa89bff6c24b6b
965a38eb0c62d4efeea9e566f9e28396fab08bfa
b3866e3b52f8e01c0cc183b201b97a4ebc37064dc966344f4e9791373c0edc43
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/dip/v1/dip HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
ADRUM: isAjax:true
Content-Length: 2050
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=; utag_main=v_id:01887bc72131000e04f6f78c007f05046003700900918$_sn:1$_se:2$_ss:0$_st:1685705629372$ses_id:1685703827762%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ47TLwO8g7F8CmqyXGSnMNMA9mcxiSKkGUclQbv6aY%3D%22%2C%22c%22%3A%22NDduZk5pbG9sN08xZ1ZPWQ%3D%3D9bzr-Zc3YAn-cUqz_eLAPEpacb6gzqHZniMvs60c1NCKUJ57VhLQF9_i260lzguZXm0M_q9gUrqI3uOTsdW44OIwUlBEQQTQxqY%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtOWpxz%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C13718350586106930635192995548681066680%7CMCOPTOUT-1685711029s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=6efdfe7e-514b-4931-a849-b355be75366c; _cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0; _gcl_au=1.1.788853868.1685703830; _ga=GA1.2.1684113272.1685703830; _gid=GA1.2.818515888.1685703830; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoibXdwN0VxRE43UzQ2NVpPWUxZZG9CZz09IiwiZSI6IjZtTFU1Z3A3THRva0ZlUm41NlRHWGd3ZnlnRnAxUFpOdFI1UW5kSHJ5d25pOTJIOVRsRUFabUVUcStENlIySktkdHRRbEJjeGZOMXJQcitTMnVSYTJtblFqN0tLcStySmcwR1E1TmI5dmJxYlNOblZHbjFMY3BWZkhoTkhyRUtFYW1GNmFjdGZYK2NGMVdHZ3FhMFJ3Zz09In0%3D.e73289e0d2399484.YmEzYWViNjhmZDI0YzhmMDUyNDNkOWVjNDBmZGU5ZjdjZGRhOTlkZGY4ZjFhNzkwZGZmZTA0NzFjNjBjNDMxOQ%3D%3D; ISD_WCM_COOKIE=!SZq8codb/XuQc2vz2xKqB3cO2dndHjPqrShfBiDZ7qjTORFpUTSaVIxczLaqmij3/o5xwzokmWYevCU=; ndsid=ndsaldwg1xvwc7liegjc1g; ADRUM_BTa=R:27|g:14da2131-56bd-4472-b06e-7666c6d317d6|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:66
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:51 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 134
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
X-Akamai-Transformed: 9 206 0 pmb=mTOE,1
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Pnm+a3kq94MN%2fDrzMR7VmRnenzwWm1USOAT4jC6DF2U%3d; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:51 GMT;Httponly; Secure
_abck=AE4805846E4207FF3F28D1DC7BF7E8AA~-1~YAAQ4KDVF41BuXiIAQAANDHHewld5rlKMYkdXhRKF07nnKhy9+kdK9N0pMD7JFhyTT0eYdJacSzZHhGDsfshrrOJ2y7HIMhPzRnN99j6RdVinQeHFQMNVuu6n6sro3swPXOVTxNB+My2eDbzmhbYSHJ8XsjRjQwyeKNUbFnrzMJ+yymRKaSCJrdKIsQp6YhdHn5Hsh7LKnxk16OArFvV0h2Nc5Wih5mDnhTBH51XMbztk46IomBbHHwYrIWAQxvX+qGRYcW6p/yKedDMusek6yGDG0z8/qM0jX7WNbvbZ/yjBhl8NPc8parfBeCHkPbaV5Pp4NocgPnx1R5drtTC7zfAvXisahQZ01I7l+89R5dW1lh2GF2N/YtnN2oMLjGq~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 11:03:51 GMT; Max-Age=31536000; Secure
bm_sz=8DBB3FE0A84990920C999C28FE615CA6~YAAQ4KDVF45BuXiIAQAANDHHexOqXODtCq4mmqt2rVQksdtxSRLZSmt7nnNT32umzbt0Ae0GXkZdh3XWBQwHXylv5OjURgwd3NqRBAEeAGk9zQ7j2Thh4v1OuZL21QQakfSP/z+gb++x28Zz1ZsVkG8YeAPuSDyHgVb7sq3Mu9dfRBTgBcyk715PMx4k1doW0r5AkEmLbxL10BfFFohZuBDlBLOSSZZWbzmvSgPx6BjfWlPFltPrz/MQvQYrY7L4kDB52+VsBZZwAkXNVBr3+1Z/mVP5Qbxlt5eiGNmsf+SRN3zddRFJ~4469555~4604211; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 15:03:51 GMT; Max-Age=14400
X-Via: 1.1 kf175:5 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc97_kf175_11914-30837
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
163.171.132.220200 OK 265 B URL POST HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash f0e94310ddfc334d9aed49e88a39b5a2
3aa4e5baeacf3d539f4811b207608b49cecf4e5a
c6b77382de9e2f895705ac55caac6b97ebae1e4a2476c740fbff1365eb49a07a
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/imp/v1.0/report/?m&fq=load HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
content-type: text/plain;charset=UTF-8
Content-Length: 852
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=; utag_main=v_id:01887bc72131000e04f6f78c007f05046003700900918$_sn:1$_se:2$_ss:0$_st:1685705629372$ses_id:1685703827762%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ47TLwO8g7F8CmqyXGSnMNMA9mcxiSKkGUclQbv6aY%3D%22%2C%22c%22%3A%22NDduZk5pbG9sN08xZ1ZPWQ%3D%3D9bzr-Zc3YAn-cUqz_eLAPEpacb6gzqHZniMvs60c1NCKUJ57VhLQF9_i260lzguZXm0M_q9gUrqI3uOTsdW44OIwUlBEQQTQxqY%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtOWpxz%22%2C%22diA%22%3A%22AZfMeWQAAAAAFJMUQuynjK5a8WH9uDPk%22%2C%22diB%22%3A%22AcqJRvpzfD724TiLeTUSJCk5Kh9nDZLN%22%2C%22_fr%22%3A10000%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C13718350586106930635192995548681066680%7CMCOPTOUT-1685711029s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=6efdfe7e-514b-4931-a849-b355be75366c; _cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0; _gcl_au=1.1.788853868.1685703830; _ga=GA1.2.1684113272.1685703830; _gid=GA1.2.818515888.1685703830; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoibXdwN0VxRE43UzQ2NVpPWUxZZG9CZz09IiwiZSI6IjZtTFU1Z3A3THRva0ZlUm41NlRHWGd3ZnlnRnAxUFpOdFI1UW5kSHJ5d25pOTJIOVRsRUFabUVUcStENlIySktkdHRRbEJjeGZOMXJQcitTMnVSYTJtblFqN0tLcStySmcwR1E1TmI5dmJxYlNOblZHbjFMY3BWZkhoTkhyRUtFYW1GNmFjdGZYK2NGMVdHZ3FhMFJ3Zz09In0%3D.e73289e0d2399484.YmEzYWViNjhmZDI0YzhmMDUyNDNkOWVjNDBmZGU5ZjdjZGRhOTlkZGY4ZjFhNzkwZGZmZTA0NzFjNjBjNDMxOQ%3D%3D; ISD_WCM_COOKIE=!SZq8codb/XuQc2vz2xKqB3cO2dndHjPqrShfBiDZ7qjTORFpUTSaVIxczLaqmij3/o5xwzokmWYevCU=; ndsid=ndsaldwg1xvwc7liegjc1g; ADRUM_BTa=R:27|g:14da2131-56bd-4472-b06e-7666c6d317d6|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:66; _imp_di_pc_=AZfMeWQAAAAAFJMUQuynjK5a8WH9uDPk
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:52 GMT
Content-Type: text/plain
Content-Length: 265
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=h7znByaos%2fNPDKkE5NprYgfptUUWEeb8X47MjaBdOIro%2fl9zXZ%2f2SR29QaV+0D%2fE; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:52 GMT;Httponly; Secure
_abck=3A704C2C8968E59F9693022BC0C890B2~-1~YAAQ2qDVFwhumDmIAQAALjTHewncG8ikhUeABHzKvSQc+d4kW1FA3Z0ODY5dBE2NKVizsiEphbV0zo3lKOlMn9QSRK/SWBOr/JWoze1aH8MelCOFmhnMtg7c9nNuZfYswbePnT1EdBB0iwYymBEE6cvg882zz+PZ03zcnI+lacjo00ZhhmoNk19D5252B5p0r8u/vGxKAMv0sWJJs5IfAY48m+qet+PftRDhQlVRAZHqLLIwm4HXymQkGaL6aCAeE+Nqpx6R+f6ZwuVS4Bf68Y2wzFsivBJAILyCukYA0p8WOQl8ZWjVB7nOxVPSUNn7coJd+UFLC1XN19DvdGQoAmN18F1O9j6CkcQq/FaMMIXTRs3GgmzjGYeX6NZNu1Mm~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 11:03:52 GMT; Max-Age=31536000; Secure
bm_sz=57C28294A19EBD9B4D7E2EB3AEE78CF7~YAAQ2qDVFwlumDmIAQAALjTHexOsTXunGd2PMfF836CmMRjPMuVWoQBn0qF0njQcoSzCzL1xMbpOHfVZEgQHk6rU7VN5eaJ+9jV6Fc0Zs/08d3DkIfNnLBU7jV3zYCZHbILXwjnh2uQTS0+Z2MBNJub5I39kt8XILYmbUW47kv+6Ysq4BaqeH0+h33zV9YLyAQ5xuGlN2/Au8SoMRGicqzEnAm5njxD8LK43+lUmcuZJhtzvxEs08MTS+S2fzSJmonKJtD3Vj0wjxmoNL/zEmXlc+tzSvVO8GmJsk3ank+1IFMLDp6wp~4474420~4338241; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 15:03:52 GMT; Max-Age=14400
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc98_kf175_11914-30848
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
34.209.222.85200 OK 26 B URL GET HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
IP 34.209.222.85:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.eum-appdynamics.com
FingerprintFC:48:9F:81:33:3D:2B:6F:D9:CA:C8:3B:5F:11:C2:DC:DE:71:48:F5
ValidityTue, 14 Jun 2022 00:00:00 GMT - Sat, 15 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6a43099d5c8fe991a7aa7ebaca53069d
5bce2f0d57305c58c7b05bfce29ebb39a18f5570
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 02 Jun 2023 11:03:51 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0&_cls_v=6efdfe7e-514b-4931-a849-b355be75366c&pid=45698081-2ad3-4f72-890d-bdcde02a27e7&sn=2&cfg=32a3f9ce&pv=2&aid=
23.36.79.33 164 B URL POST rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0&_cls_v=6efdfe7e-514b-4931-a849-b355be75366c&pid=45698081-2ad3-4f72-890d-bdcde02a27e7&sn=2&cfg=32a3f9ce&pv=2&aid=
IP 23.36.79.33:0
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 52cb1cce6810977ab8715f94d43c2dc2
a32ce084a3ebdba476fb77f4a5a2b6fce9019058
3f22922495fdea809fc900069d9abc27fd7afbcc076d3ab9096f7bc53d07c7bd
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0&_cls_v=6efdfe7e-514b-4931-a849-b355be75366c&pid=45698081-2ad3-4f72-890d-bdcde02a27e7&sn=2&cfg=32a3f9ce&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 34187
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=32a3f9ce; _cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0; _cls_v=6efdfe7e-514b-4931-a849-b355be75366c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 164
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Fri, 02 Jun 2023 11:04:00 GMT
Connection: keep-alive
Set-Cookie: ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!6+BQJ2F74COGMpsq/D2JHXmrrcNtC0o6eOvbZ7LMuYxQdy7FDjndtcwZ9rsxpRG34FyFP9kjDquNzg==; path=/; Httponly; Secure
DCID=SI+cefAfN3UMNuEqpNxq+4JSwZgibmjtnVcJz4fHiMGPtGcCB8igR6jz3FiplCFo; Domain=rubicon.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:19:00 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0&_cls_v=6efdfe7e-514b-4931-a849-b355be75366c&pid=45698081-2ad3-4f72-890d-bdcde02a27e7&sn=3&cfg=32a3f9ce&pv=2&aid=
23.36.79.33 164 B URL POST rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0&_cls_v=6efdfe7e-514b-4931-a849-b355be75366c&pid=45698081-2ad3-4f72-890d-bdcde02a27e7&sn=3&cfg=32a3f9ce&pv=2&aid=
IP 23.36.79.33:0
ASN #20940 Akamai International B.V.
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerWells Fargo & Company
Subjectrubicon.wellsfargo.com
FingerprintF0:DF:3B:07:70:09:2F:A0:0E:16:57:29:8D:03:C0:22:C5:63:5C:30
ValidityFri, 03 Mar 2023 00:00:00 GMT - Tue, 02 Apr 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 52cb1cce6810977ab8715f94d43c2dc2
a32ce084a3ebdba476fb77f4a5a2b6fce9019058
3f22922495fdea809fc900069d9abc27fd7afbcc076d3ab9096f7bc53d07c7bd
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.78B156&_cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0&_cls_v=6efdfe7e-514b-4931-a849-b355be75366c&pid=45698081-2ad3-4f72-890d-bdcde02a27e7&sn=3&cfg=32a3f9ce&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 51465
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Cookie: _cls_cfgver=32a3f9ce; _cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0; _cls_v=6efdfe7e-514b-4931-a849-b355be75366c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 164
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Fri, 02 Jun 2023 11:04:01 GMT
Connection: keep-alive
Set-Cookie: ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!fzwUuWO6k2AbKgMq/D2JHXmrrcNtC4Wen97p6BnssjLTUIjsvv9S/eGTW/nTnR/itQAlDo2eAlku+A==; path=/; Httponly; Secure
DCID=SsBRb6L0uH3d0ezqki7cXyAD94clhK9HzYEA0oJm1WCUws3rXqmxpxdPf+6EjFgC; Domain=rubicon.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:19:00 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
34.209.222.85200 OK 0 B URL POST HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP 34.209.222.85:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.eum-appdynamics.com
FingerprintFC:48:9F:81:33:3D:2B:6F:D9:CA:C8:3B:5F:11:C2:DC:DE:71:48:F5
ValidityTue, 14 Jun 2022 00:00:00 GMT - Sat, 15 Jul 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 1535
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 02 Jun 2023 11:03:57 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:55|g:6ef1eeb9-c139-4731-830e-638be1bd02e9; Path=/; Expires=Fri, 02-Jun-2023 11:04:27 GMT; Max-Age=30
ADRUM_BTa=R:55|g:6ef1eeb9-c139-4731-830e-638be1bd02e9|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e; Path=/; Expires=Fri, 02-Jun-2023 11:04:27 GMT; Max-Age=30
SameSite=None; Path=/; Expires=Fri, 02-Jun-2023 11:04:27 GMT; Max-Age=30; Secure
ADRUM_BT1=R:55|i:559461; Path=/; Expires=Fri, 02-Jun-2023 11:04:27 GMT; Max-Age=30
ADRUM_BT1=R:55|i:559461|e:8; Path=/; Expires=Fri, 02-Jun-2023 11:04:27 GMT; Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
34.209.222.85200 OK 0 B URL POST HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP 34.209.222.85:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.eum-appdynamics.com
FingerprintFC:48:9F:81:33:3D:2B:6F:D9:CA:C8:3B:5F:11:C2:DC:DE:71:48:F5
ValidityTue, 14 Jun 2022 00:00:00 GMT - Sat, 15 Jul 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 12104
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 02 Jun 2023 11:03:51 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:55|g:778f01ac-defd-4e00-9d72-dc63af79b7c0; Path=/; Expires=Fri, 02-Jun-2023 11:04:21 GMT; Max-Age=30
ADRUM_BTa=R:55|g:778f01ac-defd-4e00-9d72-dc63af79b7c0|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e; Path=/; Expires=Fri, 02-Jun-2023 11:04:21 GMT; Max-Age=30
SameSite=None; Path=/; Expires=Fri, 02-Jun-2023 11:04:21 GMT; Max-Age=30; Secure
ADRUM_BT1=R:55|i:559461; Path=/; Expires=Fri, 02-Jun-2023 11:04:21 GMT; Max-Age=30
ADRUM_BT1=R:55|i:559461|e:8; Path=/; Expires=Fri, 02-Jun-2023 11:04:21 GMT; Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
34.209.222.85200 OK 26 B URL GET HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
IP 34.209.222.85:443
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.eum-appdynamics.com
FingerprintFC:48:9F:81:33:3D:2B:6F:D9:CA:C8:3B:5F:11:C2:DC:DE:71:48:F5
ValidityTue, 14 Jun 2022 00:00:00 GMT - Sat, 15 Jul 2023 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6a43099d5c8fe991a7aa7ebaca53069d
5bce2f0d57305c58c7b05bfce29ebb39a18f5570
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 02 Jun 2023 11:03:51 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
www--wellsfargo--com--3b49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?x
163.171.132.220200 OK 0 B URL POST HTTP/1.1 www--wellsfargo--com--3b49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?x
IP 163.171.132.220:443
ASN #54994 QUANTILNETWORKS
Requested by https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
Certificate IssuerDigiCert Inc
Subject*.wsipv6.com
Fingerprint06:09:21:92:62:E5:64:6D:8A:00:F1:90:4C:19:0F:D5:04:4A:02:A2
ValidityWed, 29 Jun 2022 00:00:00 GMT - Sun, 30 Jul 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/imp/v1.0/report/?x HTTP/1.1
Host: www--wellsfargo--com--3b49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com/
content-type: text/plain;charset=UTF-8
Content-Length: 296
Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
DNT: 1
Connection: keep-alive
Cookie: SameSite=None; ISD_WWWAF_COOKIE=!XkYDFMVrcBNcc3dnfhFjdbQk89Ydzp25LtnYlD4KBfzkDKHPCh03QvLn2rKuEJd81u4Pyyt1sqqgEns=; utag_main=v_id:01887bc72131000e04f6f78c007f05046003700900918$_sn:1$_se:2$_ss:0$_st:1685705629372$ses_id:1685703827762%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQ47TLwO8g7F8CmqyXGSnMNMA9mcxiSKkGUclQbv6aY%3D%22%2C%22c%22%3A%22NDduZk5pbG9sN08xZ1ZPWQ%3D%3D9bzr-Zc3YAn-cUqz_eLAPEpacb6gzqHZniMvs60c1NCKUJ57VhLQF9_i260lzguZXm0M_q9gUrqI3uOTsdW44OIwUlBEQQTQxqY%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22_s%22%3A%22RhtOWpxz9SrPSnzR82gKmX7%2B%22%2C%22diA%22%3A%22AZfMeWQAAAAAFJMUQuynjK5a8WH9uDPk%22%2C%22diB%22%3A%22AcqJRvpzfD724TiLeTUSJCk5Kh9nDZLN%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22POe9cyWMgjAgt9V9VN0aHA%3D%3DlvPteesSvJapBCRq-4K77EaMKk3qKdsd6vRXpOaRyGRg5D5BDhNcSr3XEUz9srnG6opaRM8OTRDHZVWgXUj9OvBMdqQo7HorHuFEwqbhVp2_2j25OuvR772FxgCElIgiA5FPKUGrdIJhfjWqPNdIaKjNNb_82PDvza8kzJ9ECqTe0iSeeQ54O-YN%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VeAvaf7xev1XsK%2BEs%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C13718350586106930635192995548681066680%7CMCOPTOUT-1685711029s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=6efdfe7e-514b-4931-a849-b355be75366c; _cls_s=b6715ce3-4f13-4efa-9813-9e91bbda9c6f:0; _gcl_au=1.1.788853868.1685703830; _ga=GA1.2.1684113272.1685703830; _gid=GA1.2.818515888.1685703830; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoibXdwN0VxRE43UzQ2NVpPWUxZZG9CZz09IiwiZSI6IjZtTFU1Z3A3THRva0ZlUm41NlRHWGd3ZnlnRnAxUFpOdFI1UW5kSHJ5d25pOTJIOVRsRUFabUVUcStENlIySktkdHRRbEJjeGZOMXJQcitTMnVSYTJtblFqN0tLcStySmcwR1E1TmI5dmJxYlNOblZHbjFMY3BWZkhoTkhyRUtFYW1GNmFjdGZYK2NGMVdHZ3FhMFJ3Zz09In0%3D.e73289e0d2399484.YmEzYWViNjhmZDI0YzhmMDUyNDNkOWVjNDBmZGU5ZjdjZGRhOTlkZGY4ZjFhNzkwZGZmZTA0NzFjNjBjNDMxOQ%3D%3D; ISD_WCM_COOKIE=!SZq8codb/XuQc2vz2xKqB3cO2dndHjPqrShfBiDZ7qjTORFpUTSaVIxczLaqmij3/o5xwzokmWYevCU=; ndsid=ndsaldwg1xvwc7liegjc1g; ADRUM_BTa=R:27|g:14da2131-56bd-4472-b06e-7666c6d317d6|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; ADRUM_BT1=R:27|i:206917|e:66; _imp_di_pc_=AZfMeWQAAAAAFJMUQuynjK5a8WH9uDPk
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 11:03:59 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--3b49329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=RVtS+GlTn7A3gRE7cSgk8O4ZZkpGf6kWfNbwK3LHkRIezHuevTuNwNd5gwLq0m2a; Domain=www.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 11:18:59 GMT;Httponly; Secure
_abck=90A5B2D6EE9244692E8ED45A15895F24~-1~YAAQ2qDVFxZumDmIAQAA3k7HewmnBNPaOI++/snDR5/0XJAlY4IpRgSXMB9B6f5nYIU+W2p2H0OK9mSmlBzbY4rBhGw95ZSG/lh6evY2kEVzGw8PjVdAZDZz2ufKg9RAO3AB3KYdQkIn7QKIZKlrmA5xoL5R0oXvqAkosn00wwQ6yEK262fBEdTHq4RBS1HLcYlsrxjJo3TjfzFP9irPup/YRozHXI8SjCJcbiqRdH5zBwybeU6l+o3dJGW7bJkEjNdNBaaOjOe0//CrjJa6TaPPDFzXAimU1eBZMg9xmcU622qZTthgG0r0Gn0s8+srZwCkQQbvYD8jNUG+rjOEq48qHNgZFirV06iW+5c4w67PEwZ7pX7wWbT59CFDQaFk~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Sat, 01 Jun 2024 11:03:59 GMT; Max-Age=31536000; Secure
bm_sz=BD6937E2F58AF66386E7A01D0A1FAF6B~YAAQ2qDVFxdumDmIAQAA3k7HexO08rCHDL+KposnUxnjszOkNEysMcbfIjaKbxl+Bz63xvH4pech04Nh1w59BWkacCcZdQsW0nB9ExTwJ4Dm1M6zIwYs0Y/DKpaYE47U4EWoOOrEBeh9ZjwzbvRNtcNfZ+zYqMiP0pM20E1IlkufUUs/4EXUCcUB8Ai368TrDqaVgaaCnNvAcMNoVS0oYd2lrl6bu7NNF0jY68wPVHcnAiK7OVLOujjOFyITV650/4jgrT6qIl8TNbQcDGwMHD+RxNEZbFM3zxdllKlR/dFAtpNuV5yk~4277816~4535347; Domain=.wellsfargo.com; Path=/; Expires=Fri, 02 Jun 2023 15:03:59 GMT; Max-Age=14400
X-Via: 1.1 kf175:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 6479cc9f_kf175_11914-30998